Re: [PEN-TEST] Bizzare Network Errors Found During Pen Test (IP ARP Throttled)

[Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>]

On Wed, 21 Mar 2001, Mike Ahern wrote:

> I can port scan the remote router ok. I can telnet into the remote
> router ok. I can telnet to remote devices ok from the remote router. I
> can telnet from the remote devices back thru the network to my hosts.
> The arp cache of the far end router shows the MAC addresses of the
> remote devices, so there doesn't appear to be anything in between.

> However when I port scan the remote devices the remote router scans
> ok, but all other devices actually end up on the scan either not
> responding or are showing that my packets are hitting the firewall at
> the end of the default route for our network (this includes hosts that
> exist, that have routes, are online and able to communicate
> otherwise). The only exception in addition to the remote router are
> two HP Jet Direct print servers, which I can scan and telnet to from
> here.

> The CRUX of the ISSUE: I am getting the following error on the remote
> Cisco router, with the router having TCP debug enabled for each host
> exhibiting this problem: "IP ARP throttled out the ARP Request for
> 10.xxx.xxx.2"

i don't know what that error means, sorry ... however, let me ask a couple
of questions:

what portscanning tool? nmap? what rate of packet creation? you may be
overwhelming stuff, though i'm not sure what would be really going on
here. have you looked at a slower rate of packet creation? like nmap's
sneaky or polite modes?

good luck, i'm curious to see what's going on here.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)