[c-nsp] C2950G sh arp
Gert Doering
gert at greenie.muc.de
Thu Jun 8 18:04:31 EDT 2006
Hi,
On Thu, Jun 08, 2006 at 01:15:17PM -0700, Shaun wrote:
> edge-138.12#sh arp | exc 204.10 | exc 204.15 | exc 208.67
> Protocol Address Age (min) Hardware Addr Type Interface
> Internet 222.171.23.98 125 0012.dada.0f42 ARPA Vlan2
> Internet 202.65.141.6 115 0012.dada.0f42 ARPA Vlan2
> Internet 62.166.210.74 70 0012.dada.0f42 ARPA Vlan2
> Internet 204.10.115.181 222 0012.dada.0f42 ARPA Vlan2
The fact that all of them point to the *same* MAC address suggests that
this device indeed has turned on proxy-arp.
As for why ARP requests for these addresses are seen? I'd guess that
the netmask on your switch is set wrongly, and thus the switch isn't
sending packets to its default gateway, but ARPing for the destinations
(assuming on-lan connectivity) - and the reason for the switch sending
packets at all is "portscans coming from those IPs, reply packets being
sent".
You really want to make sure that no packets "from the Internet" can ever
reach your switches management IP addresses.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list