Subject: arping for 127.0.0.1
To: None <tech-net@NetBSD.ORG>
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
List: tech-net
Date: 06/12/1998 10:33:41
I'm seeing the following disconcerting behaviour on netbsd-current:
08:27:54.418436 0:40:5:42:af:3b ff:ff:ff:ff:ff:ff 0806 60: arp who-has 127.0.0.1 tell 192.168.0.40
08:27:54.418594 0:0:c0:e2:7d:4e 0:40:5:42:af:3b 0806 60: arp reply 127.0.0.1 is-at 0:0:c0:e2:7d:4e
It appears that netbsd is replying to an arp request for 127.0.0.1 .
Not only is this bad for network flooding reasons (every netbsd box
will chime in), it also will raise eyebrows in any security dept.
"Why is that netbsd box trying to steal packets for 127.0.0.1".
I don't quite understand the flow of packets into BSD's arp machinery.
Could netbsd somehow be trying to proxy arp for the loopback
interface???
-wolfgang
--
Wolfgang Rupprecht <wolfgang+gnus@spam.free.or.die.wsrcc.com>
http://www.wsrcc.com/wolfgang/