Date: Mon, 7 May 2001 10:37:02 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: mistwolf@mushhaven.net (Jamie Norwood) Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Arplookup Message-ID: <200105071737.KAA18255@gndrsh.dnsmgr.net> In-Reply-To: <20010507094641.A86895@mushhaven.net> from Jamie Norwood at "May 7, 2001 09:46:41 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, May 03, 2001 at 04:25:25AM -0700, Rodney W. Grimes wrote: > > Run a tcpdump on your fxp0 interface, looking for any and > > all packets from 209.16.96.1: > > tcpdump -n -i fxp0 host 209.16.96.1 > > > > You'll probably see a bunch of link level broadcast packets, > > probably even arp whohas or arp iam.Capture this and send > > it to your co-location ISP and ask them why your seeing traffic > > from this box on your port, you should not be, they have a > > missconfigured switch or router more than likely.Or they > > are trying to run multiple subnets on one physical network > > segment. > > This is what they are doing, I am pretty sure. :/ Then be aware that your packets on this wire are suseptable to sniffing and such by all these other hosts. > > You could also do a funky route command: > > route add 209.16.96.1 -interface fxp0 > > then see if you get an arp entry and the messages go away. > > If that works your ISP is sharing physical network segments, > > which in todays world is a really bad idea. > > Didn't work, when I do this it then floods the logs of a message about the > IP in question trying to modify the permanant arp entry. *sigh* Oh, yea, that would be a side effect of this. > This is driving me bonkers. It is making my logs less than useless. > This is what they say to me: > > > >This is normal traffic caused by our network configuration.We do not have > >an internal network router that would filter these requests for you, rather > >you have a direct connection to the router which controls the bandwidth to > >your server. That can not be the truth, if you had a direct connection to a router port you would not see these packets, as the router would not send them to this port. There is a hub or switch between you and the router port. > This removes one point of failure in the network but it does > >mean that the arp traffic from the network will appear on your server.It > >is not counted against your bandwidth allotment as that monitoring takes > >place at the network point of entry and this traffic is generated after > >that point. > > While I am relieved to know I don't have to PAY for this crap, it doesn't > help me. I am getting this message every 30 seconds or so, on the average. > If I type dmesg, all it is is the error. Does anyone have any suggestions > at all on how I can suppress this? Add ipfw or ipfilter functionality to your box and filter them? Nope, that won't work, arp packets are not ip packets so they don't hit the filter. Tell the damn ISP to fix there broken network design is about all I can say... -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105071737.KAA18255>