Subject: Re: arping for 127.0.0.1
To: Wolfgang Rupprecht <wolfgang@wsrcc.com>
From: Ignatios Souvatzis <ignatios@theory.cs.uni-bonn.de>
List: tech-net
Date: 06/15/1998 12:08:54
>
> I'm seeing the following disconcerting behaviour on netbsd-current:
>
> 08:27:54.418436 0:40:5:42:af:3b ff:ff:ff:ff:ff:ff 0806 60: arp who-has 127.0.0.1 tell 192.168.0.40
> 08:27:54.418594 0:0:c0:e2:7d:4e 0:40:5:42:af:3b 0806 60: arp reply 127.0.0.1 is-at 0:0:c0:e2:7d:4e
>
> It appears that netbsd is replying to an arp request for 127.0.0.1 .
> Not only is this bad for network flooding reasons (every netbsd box
> will chime in), it also will raise eyebrows in any security dept.
> "Why is that netbsd box trying to steal packets for 127.0.0.1".
>
> I don't quite understand the flow of packets into BSD's arp machinery.
> Could netbsd somehow be trying to proxy arp for the loopback
> interface???
You should see that in the routing table / arp table. Can you look there,
please?
Regards,
-is