A consumer grade router has been added to provide an internet connection to a professional network of equipment mainly using static IPs. I had been doing some remote checks with that router connected beside 2 other gear on a switch. Ping would sometimes work, sometimes not. I found out that the router replies to any ARP request sent on the network with a fixed MAC, probably to all ARP requests for IPs outside its DHCP range.
root@device:~# arping -c 1 10.192.20.1 ARPING 10.192.20.1 from 10.192.18.46 eth0 Unicast reply from 10.192.20.1 [C4:AD:34:B2:1D:71] 13.591ms Unicast reply from 10.192.20.1 [3C:37:86:AB:A2:BF] 691.303ms Sent 1 probes (1 broadcast(s)) Received 2 response(s) root@device:~# arping 10.192.20.5 ARPING 10.192.20.5 from 10.192.18.46 eth0 Unicast reply from 10.192.20.5 [C4:AD:34:B2:1D:7E] 4.303ms Unicast reply from 10.192.20.5 [3C:37:86:AB:A2:BF] 609.816ms Unicast reply from 10.192.20.5 [3C:37:86:AB:A2:BF] 4.173ms Unicast reply from 10.192.20.5 [3C:37:86:AB:A2:BF] 2.492ms Unicast reply from 10.192.20.5 [3C:37:86:AB:A2:BF] 1.141ms I can't find what this "feature" is really for, is it Dynamic ARP Inspection or poisoning to prevent spoofing? I have seen this behaviour already on a very tightly managed network but on there it the gateway would only reply if there's no other reply. Here I don't see how the network could reliably work with 2 replies to every ARP requests.
Thanks
No comments:
Post a Comment