Re: Charter ARP Leak

[Brad Hein <linuxbrad () gmail com>]

This is normal for a cable modem network. These are broadcast packets so
they get delivered to everybody on that node.

ARP uses layer-2 broadcast to ask for the owner of a given IP to respond
with its MAC so that subsequent communication with that IP can be addressed
directly.

[sent from mobile device]
On Dec 29, 2014 12:15 AM, "Stephen R. Carter" <stephen.carter () gltgc org>
wrote:

> Hello,
>
> I recently swapped out a home router for a SRX at home. Any charter techs
> able to take a look at the following? It looks like I am seeing some arp
> broadcast leaks towards my home router.
>
> Here is a small excerpt I am seeing.
>
> 06:04:04.760869  In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 97.85.59.219 tell 97.85.58.1
> 06:04:04.761950  In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 75.135.155.27 tell 75.135.152.1
> 06:04:04.765870  In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 96.36.45.180 tell 96.36.44.1
> 06:04:04.802309  In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 68.188.219.125 tell 68.188.218.1
> 06:04:04.847125  In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 71.89.171.238 tell 71.89.168.1
> 06:04:04.873828  In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 24.247.247.159 tell 24.247.247.1
> 06:04:04.879921  In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 71.89.171.68 tell 71.89.168.1
> 06:04:04.890323  In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 96.36.45.161 tell 96.36.44.1
> 06:04:04.896711  In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 66.227.246.238 tell 66.227.240.1
> 06:04:04.901874  In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 24.247.247.205 tell 24.247.247.1
> 06:04:04.938238  In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 66.227.241.137 tell 66.227.240.1
> 06:04:04.965508  In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 71.89.171.119 tell 71.89.168.1
> 06:04:04.973382  In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 66.227.247.55 tell 66.227.240.1
>
> Stephen Carter | IT Systems Administrator  | Gun Lake Tribal Gaming
> Commission
> 1123 129th Avenue, Wayland, MI 49348
> Phone 269.792.1773
> [cid:image001.png@01CF83DD.3875D090]
>
>
>
> <br><hr><font face='Arial' color='Gray' size='1'>The information contained
> in this electronic transmission (email) is confidential information and may
> be subject to attorney/client privilege. It is intended only for the use of
> the individual or entity named above. ANY DISTRIBUTION OR COPYING OF THIS
> MESSAGE IS PROHIBITED, except by the intended recipient. Attempts to
> intercept this message are in violation of 18 U.S.C. 2511(1) of the
> Electronic Communications Privacy Act (ECPA), which subjects the
> interceptor to fines, imprisonment and/or civil damages.</font>