Penetration Testing mailing list archives
[PEN-TEST] Bizzare Network Errors Found During Pen Test (IP ARP Throttled)
From: Mike Ahern <mc_ahern () YAHOO COM>
Date: Wed, 21 Mar 2001 10:44:44 -0800
I have recently experienced a wierd situation when attempting to port scan and pen test a remote international location of a large corporation. I can port scan the remote router ok. I can telnet into the remote router ok. I can telnet to remote devices ok from the remote router. I can telnet from the remote devices back thru the network to my hosts. The arp cache of the far end router shows the MAC addresses of the remote devices, so there doesn't appear to be anything in between. However when I port scan the remote devices the remote router scans ok, but all other devices actually end up on the scan either not responding or are showing that my packets are hitting the firewall at the end of the default route for our network (this includes hosts that exist, that have routes, are online and able to communicate otherwise). The only exception in addition to the remote router are two HP Jet Direct print servers, which I can scan and telnet to from here. I cannot directly ping or telnet hosts on the remote network other than the remote router and these HP Jet Direct print servers from where I am. I can hit every remote host from the remote router however. Routing is ok within the network, looking at the routing tables, and the remote cisco router has a minimal config with eigrp progagated route tables. The CRUX of the ISSUE: I am getting the following error on the remote Cisco router, with the router having TCP debug enabled for each host exhibiting this problem: "IP ARP throttled out the ARP Request for 10.xxx.xxx.2" The only thing I can find on the net are a few deja news/google searchable posts for people with Token Ring to Ethernet tranlational bridging problems. The remote site does have both Ethernet and Token Ring, and does have multiple routers, switches, source route bridges, multihomed hosts, etc.. Anyone ever seen anything like this? It is pretty bizarre, and I have spent a good amount of time testing the routes, possible proxy issues (there are none), etc.. My guess is that it is either a setup problem in the remote Cisco related to translational bridging perhaps (even tho we are routing), or perhaps something on the far end network misconfigured or doing a poor job of translational bridging. That is just a guess, and I would be pleased to stand corrected by anyone who has seen this before and can explain it to me. So my questions... What does "IP ARP Throttled" mean? When does it happen and what causes it? Is there something I can do to either mitigate this problem, or identify what is generating this error? Many Thanks in advance for any help! - mike __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/
Current thread:
- [PEN-TEST] Bizzare Network Errors Found During Pen Test (IP ARP Throttled) Mike Ahern (Mar 21)
- Re: [PEN-TEST] Bizzare Network Errors Found During Pen Test (IP ARP Throttled) Jose Nazario (Mar 22)
- Re: [PEN-TEST] Bizzare Network Errors Found During Pen Test (IP ARPThrottled) Michael Thumann (Mar 22)
- Re: [PEN-TEST] Bizzare Network Errors Found During Pen Test (IP ARP Throttled) Marco (Mar 22)
- <Possible follow-ups>
- [PEN-TEST] Bizzare Network Errors Found During Pen Test (IP ARP Throttled) Mike Ahern (Mar 23)