Date: Sat, 27 Apr 2002 18:04:06 +0600 From: Mojahedul Hoque Abul Hasanat <mojahed@agni.com> To: freebsd-security@FreeBSD.ORG Subject: ARP queries with target hardware address set Message-ID: <20020427180406.A91046@venus.agni.com>
next in thread | raw e-mail | index | archive | help
Please excuse me if this is a naive question. When running tcpdump I see that some of the arp queries have their target hardware addresses set to random MACs. AFAIK an arp query should have its target hardware address set to all zeros. Here is an example from the output of "tcpdump -e ...": 0:e0:7d:a1:8:75 Broadcast arp 60: arp who-has 202.168.255.85 (68:74:2e:4d:20:74) tell a.host.ip.address The MAC inside the parenthesis was never in my LAN. Almost all the boxes in the LAN are 4.5-STABLE. The box making these queries runs bind 8.3.1-REL. Suspiciously, this box also makes a lot of arp queries for IPs not in its LAN. Any ideas on the source of these arps? -- Mojahed To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020427180406.A91046>