Hey there,
I noticed a consistent flood of ARP requests (300 - 400 per second) on a remote hosted server's network interface.
It appears that the server is actually responding to all of these (and seemingly answering requests outside the machine's subnet ...)
Some of these requests are for machines within the network gateway Class C ( 32.50.106.0/24, which I would understand), but most of these ARP requests are for other subnets hosted at this ISP.
I'm not really sure what to make of this. Is this normal?
ARP, Request who-has 32-50-97-226.static.hvvc.us tell 32-50-97-1.static.hvvc.us, length 46 IP 32-50-106-121.static.hvvc.us.49032 > 66-96-80-43.static.hvvc.us.domain: 56797+ PTR? 226.97.50.32.in-addr.arpa. (43) IP 66-96-80-43.static.hvvc.us.domain > 32-50-106-121.static.hvvc.us.49032: 56797 1/0/0 PTR 32-50-97-226.static.hvvc.us. (84) // NOT IN LOCAL SUBNET ARP, Request who-has 96-31-94-105.static.hvvc.us tell 96-31-94-1.static.hvvc.us, length 46 IP 32-50-106-121.static.hvvc.us.48571 > 66-96-80-43.static.hvvc.us.domain: 38283+ PTR? 105.94.31.96.in-addr.arpa. (43) IP 66-96-80-43.static.hvvc.us.domain > 32-50-106-121.static.hvvc.us.48571: 38283 1/0/0 PTR 96-31-94-105.static.hvvc.us. (84) 
No comments:
Post a Comment