On Thu, Dec 12, 2002 at 06:27:06AM -0600, Richard Rauch wrote:
> > Manuel> Was this on your private LAN, or on the ADSL side ?  Is it
> 
> My DSL modem plugs directly into my private LAN.  (I"m still considering
> going back to a firewall and private IP numbers for most of my
> machines---or maybe stringing two LAN's and running less secure mechanisms
> over the second LAN.)
> 
> So, I can't really say, just on the basis of wiring, where the packets
> came from (or could not have come from).

OK, so it can be from the "outside".


> 
> 
> > Manuel> possible that someone has stolen your IP (maybe just by
> > Manuel> misconfiguration) ?
> 
> Hm.  Well, this is ARP, so it's fairly low-level, right?

yes

> My impression is
> that it must be coming from a machine that thinks it's directly connected
> to my hub (i.e., this can't be forwarded by my ISP's TCP/IP gateway from
> some other part of the Internet).  Is that correct?

Yes.
Note that it can be from your provider, though.

It is also theorically possible to build some kind of virtual ethernet
LAN on top of ADSL, in such a way that other customers's machine would
appear on the same ethernet as you. but I don't think an ISP would go this
way; it would put extra load (broadcasts) on the customer's DSL lines, and
would have security issues.
Or maybe they filter ethernet broadcast (to only allow ARP requests, for
example, and forbid any customer to customer ethernet traffic).

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 23 ans d'experience feront toujours la difference
--