Thursday, March 25, 2021

ARP Traffic from Router on Public Net

Possible dumb question incoming.

One of my clients has an office in a small office building. The tenants share a public /24 which is advertised by a Ubiquiti EdgeRouter that is owned by the landlord, I guess.

I was doing some maintenance, and noticed continuous traffic on the WAN interface of the client firewall despite there being no devices connected. If I did a packet capture on the WAN link, the EdgeRouter is constantly sending out ARP requests for unused IPs. I'm guessing there's incoming traffic from the internet that the EdgeRouter is trying to forward to a device that doesn't exist.

Who has x.x.x.201? Tell x.x.x.1
Who has x.x.x.123? Tell x.x.x.1
Who has x.x.x.84? Tell x.x.x.1

Is this an issue? I know the firewall will just ignore them, and other than that there's no issues with the connection. I don't control the EdgeRouter, but is there a configuration that could be changed so it's not constantly broadcasting ARPs over the subnet?



No comments:

Post a Comment