Security Incidents mailing list archives

Re: Strange traffic ....

From: Paul Gear <paulgear () bigfoot com>
Date: Sun, 23 Sep 2001 14:01:44 +1000

Elie De Brauwer wrote:


When i booted my firewall today, (OpenBSD machine hooked up using an cable
modem), i saw strange traffic on my cable modem (blinking RD lights while i
knew no traffic was coming in ....). So I logged in and ran TCPdump ... below
are the result can anyone explain these ... ? My IP is 213.224.1xx.xxx ....

11:20:54.626314 arp who-has 213.224.100.255 tell D5E06401.kabel.telenet.be


This is perfectly normal.  The router at the head of the cable segment
periodically needs to find out which cable modems are on which
addresses.  The requests seem to happen an awful lot (i can't remember
what the ARP specification mandates in terms of frequency of requests
- anyone?), but it's perfectly normal.

Paul
http://paulgear.webhop.net

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Strange traffic .... Elie De Brauwer (Sep 22)
- Re: Strange traffic .... Paul Gear (Sep 23)
- Re: Strange traffic .... John Sage (Sep 23)
  - Re: Strange traffic .... (final) Elie De Brauwer (Sep 24)