Package: arpwatch
Version: 2.1a13-2
Arpwatch package comes with "-N" as a default option, which prevents reporting
of bogons. The ps output verifies that option is passwd to arpwatch, but
arpwatch still reports ip addresses outside the defined network's range.
I examined the code and found out that, it does not send "bogon" warning but it
still sends "new station" alerts for bogons.
I think proper solution would be to return from process_fddi and process_ether
if the packet is bogon, without calling ent_add. Then isbogon should return 1
regardless of value of nobogon.
I can prepare a patch implementing this if it will get accepted.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]