[c-nsp] unwanted "arp reply" traffic at IX
Enno Rey
erey at ernw.de
Sat Nov 17 16:52:34 EST 2007
Hi,
On Sat, Nov 17, 2007 at 10:33:43PM +0100, Daniel Roesen wrote:
> On Fri, Nov 16, 2007 at 04:50:00PM +0100, Gert Doering wrote:
> > Hooray for Cisco default "features". This is one of the more stupid
> > ones, especially as it's enabled by default.
> >
> > Have them configure "no ip gratuitous-arps".
>
> At least it's configurable on global level, unlike "no ip proxy-arp"
> and "no ip redirects" (and others). :-(
hmm... I've always been of the (possibly wrong) opinion that "no ip gratuitous-arps" was only relevant in PPP scenarios and subsequently has no effect in (most) ethernet environments (which is the reason why I took it off my L2 hardening templates).
can anybody shed light on this?
thanks,
Enno
--
Enno Rey
ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902
PGP FP 055F B3F3 FE9D 71DD C0D5 444E C611 033E 3296 1CC1
Handelsregister Heidelberg: HRB 7135
Geschaeftsfuehrer: Roland Fiege, Enno Rey
More information about the cisco-nsp
mailing list