Charter ARP Leak
Brad Hein
linuxbrad at gmail.com
Mon Dec 29 11:53:12 UTC 2014
This is normal for a cable modem network. These are broadcast packets so
they get delivered to everybody on that node.
ARP uses layer-2 broadcast to ask for the owner of a given IP to respond
with its MAC so that subsequent communication with that IP can be addressed
directly.
[sent from mobile device]
On Dec 29, 2014 12:15 AM, "Stephen R. Carter" <stephen.carter at gltgc.org>
wrote:
> Hello,
>
> I recently swapped out a home router for a SRX at home. Any charter techs
> able to take a look at the following? It looks like I am seeing some arp
> broadcast leaks towards my home router.
>
> Here is a small excerpt I am seeing.
>
> 06:04:04.760869 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 97.85.59.219 tell 97.85.58.1
> 06:04:04.761950 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 75.135.155.27 tell 75.135.152.1
> 06:04:04.765870 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 96.36.45.180 tell 96.36.44.1
> 06:04:04.802309 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 68.188.219.125 tell 68.188.218.1
> 06:04:04.847125 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 71.89.171.238 tell 71.89.168.1
> 06:04:04.873828 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 24.247.247.159 tell 24.247.247.1
> 06:04:04.879921 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 71.89.171.68 tell 71.89.168.1
> 06:04:04.890323 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 96.36.45.161 tell 96.36.44.1
> 06:04:04.896711 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 66.227.246.238 tell 66.227.240.1
> 06:04:04.901874 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 24.247.247.205 tell 24.247.247.1
> 06:04:04.938238 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 66.227.241.137 tell 66.227.240.1
> 06:04:04.965508 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 71.89.171.119 tell 71.89.168.1
> 06:04:04.973382 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 60: arp who-has 66.227.247.55 tell 66.227.240.1
>
> Stephen Carter | IT Systems Administrator | Gun Lake Tribal Gaming
> Commission
> 1123 129th Avenue, Wayland, MI 49348
> Phone 269.792.1773
> [cid:image001.png at 01CF83DD.3875D090]
>
>
>
> <br><hr><font face='Arial' color='Gray' size='1'>The information contained
> in this electronic transmission (email) is confidential information and may
> be subject to attorney/client privilege. It is intended only for the use of
> the individual or entity named above. ANY DISTRIBUTION OR COPYING OF THIS
> MESSAGE IS PROHIBITED, except by the intended recipient. Attempts to
> intercept this message are in violation of 18 U.S.C. 2511(1) of the
> Electronic Communications Privacy Act (ECPA), which subjects the
> interceptor to fines, imprisonment and/or civil damages.</font>
>
>
More information about the NANOG
mailing list