Craig Van Ham wrote:
It's multiple IPs of clients on the network.
Can you look at the ARP table in your router? In your pervious note you only had one client address, but I believe you in your statement about multiple addresses. If the ARP requests match what is in the ARP table then perhaps:
We are seeing keep-alives. Do you see any traffic to the addresses from outside after an ARP response? This COULD be Bell Canada (I did a look up on your address range at dnsstuff.com) checking out what your addresses are being used for.
If the addresses being ARPed are NOT in the ARP cache (and not addresses of clients systems) then perhaps:
Your router is being hit with attacks across your allocation range, and it is doing nothing more than trying to forward those attack packets inward.
So you want some information from your router. Is this just something your router is doing on its own, or is this due to an external event.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Robert Moskowitz Sent: Tuesday, June 12, 2007 8:19 AM To: CentOS mailing list Subject: Re: [CentOS] ARP Problem ???
Bob Chiodini wrote:
Robert Moskowitz wrote:
Craig Van Ham wrote:
Does any one know if this is normal operating of ARP. Or where to start looking.
I am seeing a lot of ARP requests for my router IP from the same IP within seconds.
21:04:41.112929 arp who-has IP tell MY ROUTERS IP
Get us the MAC address that is asking. This will give us the card manufacturer, which will then, perhaps tell you which system on your network is the culprit.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
It looks like it's his router that is asking and the requested device is not responding. Is the "who-has IP" address up and valid?
It would be interesting to know what IP address is being asked for.
For example, this is the router asking, and of course the router's interface is statically configured, and the address it is looking for is either its:
The DNS server The NTP server The SYSLOG server The COPS policy server (yeah, like anyone has implemented COPS and if they did, this would be an anycast)
The SYSLOG server has my bet, as a router, configured for remote syslogging will always have something to send to its syslog...
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos