nanog mailing list archives

Re: Proxy ARP detection

From: Niels Bakker <niels=nanog () bakker net>
Date: Thu, 16 Jan 2014 01:03:31 +0100

* clay () bloomcounty org (Clay Fiske) [Thu 16 Jan 2014, 00:59 CET]:

This is where theory diverges nicely from practice. In some casesthe offender broadcast his reply, and guess what else? A lot ofrouters listen to unsolicited ARP replies.

I've never seen this. Please name vendor and product, if only soother subscribers to this list can avoid doing business with them.

So no, even though I consider it someone else’s bad behavior tobroadcast an ARP reply, I’m not willing to take the chance with anIP that doesn’t belong to me.

So do an ARP request for www.equinix.com, or (and!) for an unusedaddress on your Peering LAN. Standard tools like arpwatch shouldalert you to fishy things going on, loudly.



        -- Niels.

--

"It's amazing what people will do to get their name on the internet,which is odd, because all you really need is a Blogspot account."

                        -- roy edroso, alicublog.blogspot.com

Current thread:

Re: best practice for advertising peering fabric routes, (continued)
- - - Re: best practice for advertising peering fabric routes Joe Abley (Jan 15)
    - Re: best practice for advertising peering fabric routes Niels Bakker (Jan 15)
    - Re: best practice for advertising peering fabric routes Christopher Morrow (Jan 15)
    - Re: best practice for advertising peering fabric routes William Herrin (Jan 15)
    - Re: best practice for advertising peering fabric routes Michael Still (Jan 15)
    - Re: best practice for advertising peering fabric routes Clay Fiske (Jan 15)
    - Re: best practice for advertising peering fabric routes Niels Bakker (Jan 15)
    - Proxy ARP detection (was re: best practice for advertising peering fabric routes) Clay Fiske (Jan 15)
    - Re: Proxy ARP detection Niels Bakker (Jan 15)
    - Re: Proxy ARP detection Clay Fiske (Jan 15)
    - Re: Proxy ARP detection Niels Bakker (Jan 15)
    - Re: Proxy ARP detection Clay Fiske (Jan 15)
    - Re: Proxy ARP detection Eric Rosen (Jan 15)
    - Re: Proxy ARP detection Patrick W. Gilmore (Jan 15)
    - Re: Proxy ARP detection Jimmy Hess (Jan 15)
    - Re: Proxy ARP detection Vlade Ristevski (Jan 16)
    - Re: Proxy ARP detection Niels Bakker (Jan 16)
    - Re: Proxy ARP detection Warren Bailey (Jan 16)
    - Re: Proxy ARP detection Jimmy Hess (Jan 16)
    - Re: Proxy ARP detection Niels Bakker (Jan 16)
    - Re: Proxy ARP detection (was re: best practice for advertising peering fabric routes) ML (Jan 15)

(Thread continues...)