[168232] in North American Network Operators' Group
Re: Proxy ARP detection
daemon@ATHENA.MIT.EDU (Eric Rosen)
Wed Jan 15 20:30:52 2014
Date: Wed, 15 Jan 2014 19:54:14 -0500 (EST)
From: Eric Rosen <erosen@redhat.com>
To: Clay Fiske <clay@bloomcounty.org>
In-Reply-To: <52710A09-568A-4463-A0B4-871DAC7B5572@bloomcounty.org>
Cc: Niels Bakker <niels=nanog@bakker.net>, nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Cisco PIX's used to do this if the firewall had a route and saw a ARP reque=
st in that IP range it would proxy arp.
----- Original Message -----
>=20
> On Jan 15, 2014, at 4:03 PM, Niels Bakker <niels=3Dnanog@bakker.net> wrot=
e:
>=20
> > * clay@bloomcounty.org (Clay Fiske) [Thu 16 Jan 2014, 00:59 CET]:
> >> This is where theory diverges nicely from practice. In some cases the
> >> offender broadcast his reply, and guess what else? A lot of routers
> >> listen to unsolicited ARP replies.
> >=20
> > I've never seen this. Please name vendor and product, if only so other
> > subscribers to this list can avoid doing business with them.
>=20
> This was some time ago, but the two I was able to dig up from that case w=
ere
> both Junipers. Perhaps it=E2=80=99s something that only happens when prox=
y ARP is
> enabled?
>=20
>=20
> -c
>=20
>=20
>=20
--=20
Eric Rosen
CCIE Security #17821
Information Security Analyst
Red Hat, Inc
erosen@redhat.com
919.890.8555 x48555
IRC erosen
