Re: Charter ARP Leak

[Jay Ashworth <jra () baylink com>]

----- Original Message -----
> From: "Rampley Jr, Jim F" <jim.rampley () charter com>

> On 12/29/14, 10:49 AM, "Valdis.Kletnieks () vt edu"
> <Valdis.Kletnieks () vt edu>
> wrote:
>
> > On Mon, 29 Dec 2014 03:44:48 +0000, "Stephen R. Carter" said:
> > > Here is a small excerpt I am seeing.
> > >
> > > 06:04:04.760869 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype
> > > ARP (0x0806), length 60: arp who-has 97.85.59.219 tell 97.85.58.1
> > > 06:04:04.761950 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype
> > > ARP (0x0806), length 60: arp who-has 75.135.155.27 tell 75.135.152.1
> >
> > The interesting thing is that they're all .1 addresses. It's almost
> > as if
> > the one broadcast domain has at least 7 different address spaces on
> > it.
>
> Valdis, you are correct. What your seeing is caused by multiple IP
> blocks being assigned to the same CMTS interface.

Am I incorrect, though, in believing that ARP packets should only be visible
within a broadcast domain, and that because of that, they should not be
being passed through a cablemodem attached to such a CMTS interface unless
they're within the IP network in which that interface lives (which is
probably not 0/0)? 

This sounds like a firmware bug in either the CMTS or the cablemodem.

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274