[c-nsp] Nmap(way ot)

nevot r.nevot at gmail.com
Thu May 5 14:35:08 EDT 2005 

I didn't know this *awful* behaviour, but, if i'm right, an ARP
request will only be made if the destination IP is covered by the mask
of the sender's IP configuration.
That is, if client PC is 172.16.1.1/16, it will only send ARP request
if destination IP is in 172.16.0.0/16 network, but not sent if
destination is, for example, 66.11.66.101
So if the client machine has no default gateway, this won't work.

(correct me if i'm not right).



2005/5/5, Gert Doering <gert at greenie.muc.de>:
> Hi,
> 
> On Wed, May 04, 2005 at 11:07:54PM +0200, nevot wrote:
> > What do you mean when you say 'most cisco routers do proxy arp by
> > default'? in what cases do you mean?
> 
> proxy arp on cisco is enabled by default.  It will answer ARP requests
> for anything that it hears, assumes to be non-local (due to local routing
> entries), and that it has a routing table entry for.
> 
> While this is useful at times, over the last years I've come to the
> conclusion that this is a VERY STUPID idea to have "enabled by default".
> 
> Why?  Because it means that people can get away with doing very stupid
> things (like "ip route 0.0.0.0 0.0.0.0 eth0") that would normally just
> *not* work (and then you need to find the problem and fix it immediately).
> 
> With "helpful things" like proxy arp, stupid configurations quite often
> happen to "sort of" work - it looks like everything is set up perfectly,
> but you run into problems later on, like "ARP table on router or hosts
> overflowing", or "packet loss" (due to excessive ARPing), etc.
> 
> (But of course this has nothing to do whatsoever with nmap results, it
> just was a nice opportunity to rant a bit - having spent half a day
> recently looking for a really weird problem that in the end boiled
> down due to combinations of "funny ARP cache on AIX" and "proxy arp on
> Cisco" - the underlying cause was a wrong netmask on the AIX system,
> but due to the wonders of proxy ARP, nobody noticed *that* in the first
> place)
> 
> gert
> --
> Gert Doering
> Mobile communications ... right now writing from * RIPE 50 @ Stockholm *
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list