[c-nsp] unwanted "arp reply" traffic at IX

Tom Storey tom at snnap.net
Sat Nov 17 19:04:41 EST 2007


>From what I gather, the customers PPP sessions are landing on the same box
that connects to the IX.

Tom

> Hi,
>
> On Sat, Nov 17, 2007 at 10:33:43PM +0100, Daniel Roesen wrote:
>> On Fri, Nov 16, 2007 at 04:50:00PM +0100, Gert Doering wrote:
>> > Hooray for Cisco default "features".  This is one of the more stupid
>> > ones, especially as it's enabled by default.
>> >
>> > Have them configure "no ip gratuitous-arps".
>>
>> At least it's configurable on global level, unlike "no ip proxy-arp"
>> and "no ip redirects" (and others). :-(
>
> hmm... I've always been of the (possibly wrong) opinion that "no ip
> gratuitous-arps" was only relevant in PPP scenarios and subsequently has
> no effect in (most) ethernet environments (which is the reason why I took
> it off my L2 hardening templates).
>
> can anybody shed light on this?
>
> thanks,
>
> Enno
>
>
> --
> Enno Rey
>
> ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de
> Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902
> PGP FP 055F B3F3 FE9D 71DD C0D5  444E C611 033E 3296 1CC1
>
> Handelsregister Heidelberg: HRB 7135
> Geschaeftsfuehrer: Roland Fiege, Enno Rey
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list