[c-nsp] How they do that?
sthaug at nethelp.no
sthaug at nethelp.no
Tue Sep 2 10:20:14 EDT 2008
> So how is this possible? Is there a protocol or something I
> haven't heard of? How would it know where my default gateway is?
> (Maybe just reply to every ARP with the 192.168.50.1 address? Sorta
> looks it.. I just ping'd something that doesn't exist, and got :
>
> ? (192.168.3.23) at 00:08:02:3e:b3:0f on xl0 [ethernet]
>
> Oddly an entry for 192.168.3.1 exists, which I would never
> ping for. Guess it tried to force a gateway on me. :)
It's called proxy ARP, and is on by default on Cisco routers (and switches
with routing functionality). It's a horrible default, and leads to all
sorts of "interesting" problems.
Proxy ARP: Just say no.
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the cisco-nsp
mailing list