ARP question

Rick Sewill rsewill at cableone.net
Thu Jun 21 01:34:58 UTC 2007


On Wed, 2007-06-20 at 21:26 -0300, bdk at unb.ca wrote:
> Do you have a default route?
> 
> 
> 
> On Wed, 20 Jun 2007, Steve Reid wrote:
> 
> > Date: Wed, 20 Jun 2007 17:43:23 -0500
> > From: Steve Reid <steve at net-wolf.net>
> > Reply-To: For users of Fedora <fedora-list at redhat.com>
> > To: fedora-list at redhat.com
> > Subject: ARP question
> > 
> > I installed wireshark and noticed that I am broadcasting ARP "who has"
> > requests to the world. (about 1000 a minute) I've googled all day don't
> > have any good answers.
> >
> > Any help on where to start to fix this would be appreciated.
> >
> > I'm Running FC5 and FC6 as a mailserver/ftp/mailman and they both seem
> > to be doing the same thing.
> >
> 

What IP addresses are the ARP "who has" looking for?

It would seem strange for a box to send a 1000 ARPs for the same IP
address, each minute.  I would assume the ARPs are for a 1000 different
IP addresses.

Do you have some sort of network scanning tool running?

Are you certain you are originating the ARP requests?
My ISP is a cable company.  They broadcast ARP requests looking for
connected devices on their cable network.  

My box, and every box that is connected via a cable modem, is bombarded
by this steady stream of ARP requests.

I suspect these ARP requests are caused by botnets, on the Internet,
scanning IP address ranges for PCs to compromise.  There is a steady
bombardment of Microsoft Messenger Service, NetrSendMessage requests to
UDP port 1026, coming to my IP address.  Lucky for me, Fedora discards
the message and no response is generated.  The botnets do not give up.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070620/a06bdb71/attachment-0001.sig>


More information about the fedora-list mailing list