Subject: Re: arping for 127.0.0.1
To: Wolfgang Rupprecht <firstname.lastname@example.org>
From: Ignatios Souvatzis <email@example.com>
Date: 06/15/1998 12:08:54
> I'm seeing the following disconcerting behaviour on netbsd-current:
> 08:27:54.418436 0:40:5:42:af:3b ff:ff:ff:ff:ff:ff 0806 60: arp who-has 127.0.0.1 tell 192.168.0.40
> 08:27:54.418594 0:0:c0:e2:7d:4e 0:40:5:42:af:3b 0806 60: arp reply 127.0.0.1 is-at 0:0:c0:e2:7d:4e
> It appears that netbsd is replying to an arp request for 127.0.0.1 .
> Not only is this bad for network flooding reasons (every netbsd box
> will chime in), it also will raise eyebrows in any security dept.
> "Why is that netbsd box trying to steal packets for 127.0.0.1".
> I don't quite understand the flow of packets into BSD's arp machinery.
> Could netbsd somehow be trying to proxy arp for the loopback
You should see that in the routing table / arp table. Can you look there,