Security Incidents mailing list archives
Re: Wireless router behaviour
From: John Duksta <jduksta () gmail com>
Date: Sun, 12 Sep 2004 15:46:07 -0400
On Fri, 10 Sep 2004 13:53:01 -0700, David Gillett <gillettdavid () fhda edu> wrote:
The port which was connected to the wired network was one of the LAN switch ports, and not the WAN port. So although we saw pings and proxy ARP replies from the router, it seems unlikely that these were NATted on behalf of some associated client. The client whose footprints led us to the router was, as you'd expect in such a configuration, using an address from our DHCP pool and neither the router's nor some other private address.
I find it very odd that you saw proxy arps replies from the router if it was connected to your network by one of the LAN switch ports. Proxy ARP usually only happens when you have a gateway device where the clients do not have MAC access (PPP server), but the fact that the wireless client that alerted you to the presence of the router was using an address from your DHCP pool shows that there was in fact MAC access for the client. Odd. -john -- John Duksta <jduksta () gmail com> Can't sleep, clowns will eat me.
Current thread:
- RE: Wireless router behaviour Mike (Sep 10)
- <Possible follow-ups>
- RE: Wireless router behaviour Welsh, Armand (Sep 10)
- RE: Wireless router behaviour David Gillett (Sep 11)
- Re: Wireless router behaviour John Duksta (Sep 13)
- RE: Wireless router behaviour David Gillett (Sep 13)
- RE: Wireless router behaviour David Gillett (Sep 11)
- RE: Wireless router behaviour Christopher Adickes (Sep 11)