[168236] in North American Network Operators' Group
Re: Proxy ARP detection
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Wed Jan 15 23:21:28 2014
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <1755866067.1304337.1389833654129.JavaMail.root@redhat.com>
Date: Wed, 15 Jan 2014 23:21:00 -0500
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Excellent. So all everyone has to do is not buy cisco _or_ juniper.
Wait a minute....
--=20
TTFN,
patrick
On Jan 15, 2014, at 19:54 , Eric Rosen <erosen@redhat.com> wrote:
> Cisco PIX's used to do this if the firewall had a route and saw a ARP =
request in that IP range it would proxy arp.
>=20
> ----- Original Message -----
>>=20
>> On Jan 15, 2014, at 4:03 PM, Niels Bakker <niels=3Dnanog@bakker.net> =
wrote:
>>=20
>>> * clay@bloomcounty.org (Clay Fiske) [Thu 16 Jan 2014, 00:59 CET]:
>>>> This is where theory diverges nicely from practice. In some cases =
the
>>>> offender broadcast his reply, and guess what else? A lot of routers
>>>> listen to unsolicited ARP replies.
>>>=20
>>> I've never seen this. Please name vendor and product, if only so =
other
>>> subscribers to this list can avoid doing business with them.
>>=20
>> This was some time ago, but the two I was able to dig up from that =
case were
>> both Junipers. Perhaps it=92s something that only happens when proxy =
ARP is
>> enabled?
>>=20
>>=20
>> -c
>>=20
>>=20
>>=20
>=20
> --=20
> Eric Rosen
> CCIE Security #17821
> Information Security Analyst
> Red Hat, Inc
> erosen@redhat.com
> 919.890.8555 x48555
> IRC erosen
>=20
>=20
>=20
