Seems to me that the real problem here is why the host at
00:40:05:42:af:3b would even bother to ARP for 127.0.0.1...
After all, _every_ host on the network is supposed to be
able to reach itself at that address, so why would it need
to ARP?  Unless, of course, the device is misconfigured and
thinks that 127.0.0.1 is the IP address assigned to its 
Ethernet interface, rather than to its loop-back!


On 12 Jun 1998, Wolfgang Rupprecht wrote:

> 
> I'm seeing the following disconcerting behaviour on netbsd-current:
> 
> 08:27:54.418436 0:40:5:42:af:3b ff:ff:ff:ff:ff:ff 0806 60: arp who-has 127.0.0.1 tell 192.168.0.40
> 08:27:54.418594 0:0:c0:e2:7d:4e 0:40:5:42:af:3b 0806 60: arp reply 127.0.0.1 is-at 0:0:c0:e2:7d:4e
> 
> It appears that netbsd is replying to an arp request for 127.0.0.1 .
> Not only is this bad for network flooding reasons (every netbsd box
> will chime in), it also will raise eyebrows in any security dept.
> "Why is that netbsd box trying to steal packets for 127.0.0.1".
> 
> I don't quite understand the flow of packets into BSD's arp machinery.
> Could netbsd somehow be trying to proxy arp for the loopback
> interface???
> 
> -wolfgang
> -- 
> Wolfgang Rupprecht  		<wolfgang+gnus@spam.free.or.die.wsrcc.com>  
> http://www.wsrcc.com/wolfgang/
> 

-----------------------------------------------------------------------------
| Paul Goyette      | Public Key fingerprint:    | E-mail addresses:        |
| Network Engineer  |   0E 40 D2 FC 2A 13 74 A0  |  paul@whooppee.com       |
| and kernel hacker |   E4 69 D5 BE 65 E4 56 C6  |  paul.goyette@ascend.com |
-----------------------------------------------------------------------------