Good day!
My ClearOS 6.9.0-Final shutdown on June 5 at about 10PM. I traveled 3 hours expecting to find a bad HDD or power supply but the system was off and the system came back up with a simply push of the Power button.
In searching files for any possible reason this system shutdown, I see in my messages log (var/log/messages) hundred if not more of:
You will note the dates are today's after the reboot and I still seeing these bogons. Same bogus IP, but these go on for weeks! I have added the -N switch to my arpwatch configurationfile to atleast keep my logs a reasonable size.
What in the world is going on here? Could such a flood cause ClearOS to shutdown? I did find the culprit on my LAN and now I have to figure out why my FreePBX is sending these ARP requests... but still, can this cause this failure?
Thanks for any thoughts.
John
My ClearOS 6.9.0-Final shutdown on June 5 at about 10PM. I traveled 3 hours expecting to find a bad HDD or power supply but the system was off and the system came back up with a simply push of the Power button.
In searching files for any possible reason this system shutdown, I see in my messages log (var/log/messages) hundred if not more of:
Jun 6 15:44:17 jcits arpwatch: bogon 0.0.0.0 0:b:82:81:d9:4e
Jun 6 15:44:19 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:21 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:23 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:25 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:27 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:29 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:31 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:33 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:35 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:37 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:37 jcits arpwatch: bogon 0.0.0.0 0:b:82:81:d9:4e
Jun 6 15:44:39 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:41 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:43 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:45 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:47 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:49 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:51 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:53 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:55 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:57 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:44:57 jcits arpwatch: bogon 0.0.0.0 0:b:82:81:d9:4e
Jun 6 15:44:59 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:45:01 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:45:03 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:45:05 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:45:07 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:45:09 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:45:11 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:45:13 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:45:15 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
Jun 6 15:45:17 jcits arpwatch: bogon 10.92.3.176 0:1f:16:f7:5b:6b
You will note the dates are today's after the reboot and I still seeing these bogons. Same bogus IP, but these go on for weeks! I have added the -N switch to my arpwatch configurationfile to atleast keep my logs a reasonable size.
What in the world is going on here? Could such a flood cause ClearOS to shutdown? I did find the culprit on my LAN and now I have to figure out why my FreePBX is sending these ARP requests... but still, can this cause this failure?
Thanks for any thoughts.
John
Share this post:
Responses (5)
-
Accepted Answer
-
Accepted Answer
Thanks again Nick!
10.92.3.176 is not on my LAN! And I have no idea why phone system is using it or where in that system that IP might be configured. I've checked all network scripts and at a loss. I have turned off logging using the -N switch but I din't specify the IP. I will add that.
If you can think of anywhere I might look, please let me know!!
John -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »