mcmahill@mtl.mit.edu writes:
> and see if someone on the cable modem side tried to use 10.0.0.1
> and if so who they really are?

This is par for the course.  Some twit on my cable modem segment is
sending out arps for 127.0.0.1 hundreds of times a day.

Jun  7 13:08:00 capsicum /netbsd: duplicate IP address 127.0.0.1 sent from link address 00:40:10:0c:00:79
Jun  7 17:37:12 capsicum /netbsd: duplicate IP address 127.0.0.1 sent from link address 00:40:10:0c:00:79

Whats interesting is this could be a penetration attempt against
machines that aren't filtering packets from "localhost" that just
happen to meander in via an ethernet interface.

Running a machine on an untrusted ethernet is certainly an interesting
security exercise.  Eg. How do you prevent someone from arping for the
main gateway?  How do you prevent someone from running a DHCP server
handing out phony leases?  How about mrouted?  The list goes on and
on.

-wolfgang
-- 
Wolfgang Rupprecht  		<wolfgang+gnus@spam.free.or.die.wsrcc.com>  
http://www.wsrcc.com/wolfgang/