nanog mailing list archives
Re: Charter ARP Leak
From: Brad Hein <linuxbrad () gmail com>
Date: Mon, 29 Dec 2014 06:53:12 -0500
This is normal for a cable modem network. These are broadcast packets so they get delivered to everybody on that node. ARP uses layer-2 broadcast to ask for the owner of a given IP to respond with its MAC so that subsequent communication with that IP can be addressed directly. [sent from mobile device] On Dec 29, 2014 12:15 AM, "Stephen R. Carter" <stephen.carter () gltgc org> wrote:
Hello, I recently swapped out a home router for a SRX at home. Any charter techs able to take a look at the following? It looks like I am seeing some arp broadcast leaks towards my home router. Here is a small excerpt I am seeing. 06:04:04.760869 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 97.85.59.219 tell 97.85.58.1 06:04:04.761950 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 75.135.155.27 tell 75.135.152.1 06:04:04.765870 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 96.36.45.180 tell 96.36.44.1 06:04:04.802309 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 68.188.219.125 tell 68.188.218.1 06:04:04.847125 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 71.89.171.238 tell 71.89.168.1 06:04:04.873828 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 24.247.247.159 tell 24.247.247.1 06:04:04.879921 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 71.89.171.68 tell 71.89.168.1 06:04:04.890323 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 96.36.45.161 tell 96.36.44.1 06:04:04.896711 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 66.227.246.238 tell 66.227.240.1 06:04:04.901874 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 24.247.247.205 tell 24.247.247.1 06:04:04.938238 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 66.227.241.137 tell 66.227.240.1 06:04:04.965508 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 71.89.171.119 tell 71.89.168.1 06:04:04.973382 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 66.227.247.55 tell 66.227.240.1 Stephen Carter | IT Systems Administrator | Gun Lake Tribal Gaming Commission 1123 129th Avenue, Wayland, MI 49348 Phone 269.792.1773 [cid:image001.png@01CF83DD.3875D090] <br><hr><font face='Arial' color='Gray' size='1'>The information contained in this electronic transmission (email) is confidential information and may be subject to attorney/client privilege. It is intended only for the use of the individual or entity named above. ANY DISTRIBUTION OR COPYING OF THIS MESSAGE IS PROHIBITED, except by the intended recipient. Attempts to intercept this message are in violation of 18 U.S.C. 2511(1) of the Electronic Communications Privacy Act (ECPA), which subjects the interceptor to fines, imprisonment and/or civil damages.</font>
Current thread:
- Re: Charter ARP Leak, (continued)
- Re: Charter ARP Leak Jay Ashworth (Dec 29)
- RE: Charter ARP Leak Corey Touchet (Dec 29)
- Re: Charter ARP Leak Ricky Beam (Dec 29)
- RE: Charter ARP Leak Phil Bedard (Dec 29)
- Message not available
- Re: Charter ARP Leak Larry Sheldon (Dec 29)
- Re: Charter ARP Leak Chris Boyd (Dec 29)
- RE: Charter ARP Leak Phil Bedard (Dec 29)
- Message not available
- Re: Charter ARP Leak Larry Sheldon (Dec 29)
- Re: Charter ARP Leak Jason Hellenthal (Dec 29)
- Re: Charter ARP Leak Jared Mauch (Dec 29)