Proxy ARP detection
Patrick W. Gilmore
patrick at ianai.net
Thu Jan 16 04:21:00 UTC 2014
Excellent. So all everyone has to do is not buy cisco _or_ juniper.
Wait a minute....
On Jan 15, 2014, at 19:54 , Eric Rosen <erosen at redhat.com> wrote:
> Cisco PIX's used to do this if the firewall had a route and saw a ARP request in that IP range it would proxy arp.
> ----- Original Message -----
>> On Jan 15, 2014, at 4:03 PM, Niels Bakker <niels=nanog at bakker.net> wrote:
>>> * clay at bloomcounty.org (Clay Fiske) [Thu 16 Jan 2014, 00:59 CET]:
>>>> This is where theory diverges nicely from practice. In some cases the
>>>> offender broadcast his reply, and guess what else? A lot of routers
>>>> listen to unsolicited ARP replies.
>>> I've never seen this. Please name vendor and product, if only so other
>>> subscribers to this list can avoid doing business with them.
>> This was some time ago, but the two I was able to dig up from that case were
>> both Junipers. Perhaps it’s something that only happens when proxy ARP is
> Eric Rosen
> CCIE Security #17821
> Information Security Analyst
> Red Hat, Inc
> erosen at redhat.com
> 919.890.8555 x48555
> IRC erosen
More information about the NANOG