RE: Wireless router behaviour

["David Gillett" <gillettdavid () fhda edu>]

  Agreed, but I suspect that the key factor here is wireless.  If
two clients are associated to the same AP, they may NOT necessarily
be in range of each other -- an arp request (or its reply) may not 
be able to go direct from one to the other, even on the same subnet.
  So it makes sense, in at least some cases, for the router to do
proxy ARP on behalf of clients, and route to them any packets it
receives as a result.

Dave Gillett


> -----Original Message-----
> From: John Duksta [mailto:jduksta () gmail com]
> Sent: Sunday, September 12, 2004 12:46 PM
> To: gillettdavid () fhda edu
> Cc: incidents () securityfocus com
> Subject: Re: Wireless router behaviour
>
>
> On Fri, 10 Sep 2004 13:53:01 -0700, David Gillett 
> <gillettdavid () fhda edu> wrote:
> >   The port which was connected to the wired network was one of the
> > LAN switch ports, and not the WAN port.  So although we saw pings
> > and proxy ARP replies from the router, it seems unlikely that these
> > were NATted on behalf of some associated client.  The client whose
> > footprints led us to the router was, as you'd expect in such a
> > configuration, using an address from our DHCP pool and neither the
> > router's nor some other private address.
>
> I find it very odd that you saw proxy arps replies from the 
> router if it was
> connected to your network by one of the LAN switch ports. Proxy ARP
> usually only happens when you have a gateway device where the clients
> do not have MAC access (PPP server), but the fact that the wireless 
> client that alerted you to the presence of the router was 
> using an address 
> from your DHCP pool shows that there was in fact MAC access 
> for the client.
>
> Odd.
>
> -john
>
> -- 
> John Duksta <jduksta () gmail com>
> Can't sleep, clowns will eat me.