Paul Goyette writes:
> Seems to me that the real problem here is why the host at
> 00:40:05:42:af:3b would even bother to ARP for 127.0.0.1...
> After all, _every_ host on the network is supposed to be
> able to reach itself at that address, so why would it need
> to ARP?  Unless, of course, the device is misconfigured and
> thinks that 127.0.0.1 is the IP address assigned to its 
> Ethernet interface, rather than to its loop-back!

No you are missing the problem.  The arping could well be part of a
denial of service attack.  Right now, the ethernet this is happening
on is the @HOME wide-area lan.  It has 4k active hosts on it and one
has to treat this as an unsecure ethernet. (If that is even possible.)

I've been watching someone arp-reply for 127.0.0.1 for a few weeks now
and though he was trying to pull some sort of man-in-the-middle
attack.  It was only when my machine started to arp-reply for
127.0.0.1 that I started to worry what others would report *me* as
doing.

One thing that doesnt' seem to work is to "ifconfig lo0 -arp".  I'm
surprised that the arp machinery doesn't either shutdown in the
presense of the LOOPBACK flag or the NOARP flag.

I can't think of any reason why we'd want the netbsd code to arp for a
loopback local-address.  Is there a hidden gotcha???

In any case I would have thought that the netbsd would only arp-reply
for the interface address that corresponed to the interface that the
arp request came in on.  Its not clear why my de0 is proxy arping for
lo0.

-wolfgang
-- 
Wolfgang Rupprecht    <wolfgang@wsrcc.com>     http://www.wsrcc.com/wolfgang/
	  Never trust a program you don't have sources for.