IP address impersonation
Robin Becker
robin at reportlab.com
Thu Sep 28 15:53:35 PDT 2006
We have a remotely hosted 6.0 server that has apparently been
impersonated by a colocated server. The provider allows root access and
we have set up our server from a base 6.0 installation. We were
allocated an ip address and mostly we have had a good experience with
this setup. However, twice in three weeks we have had difficulty in
logging in and have had to crash boot the server. Analysis of the logs
revealed that another machine on the hoster's network had assigned
itself our ip address. Even when we provided the suspect mac address it
seemed the hoster had trouble in finding out/appreciating what the
problem was.
I have little experience of this sort of thing, but can anyone else
offer some advice on
1) is this a recognized form of attack? I can see that it could be used
for password harvesting and traffic interception, but are there other
implications.
2) Are there ways to mitigate this kind of problem? We have other hosted
servers on machines with similar (root) access. They presumably could
also be impersonated. We found this out by inspection of our own log
files; could the provider be doing something more to prevent this?
--
Robin Becker
More information about the freebsd-questions
mailing list