I am running tcpdump right now , but I have a
question :
Why do the logs show arp replys to ip numbers that are not
currently working . I mean , I have a class C network address , and I
have configured my domain with all the numbers and everything , but by
looking at the logs , I discovered arp replys to machines that are not
working ,and also arp replys to every single machine within my domain .
Is this normal? or is someone getting information about my network, (
that is what I think ,) and if that is the case , how do I know who is
doing this requests ?
Here is a little sample of my logs :
this one is ok .
22:21:24.219666 arp who-has dial-up7.compu-redes.net.mx tell kraken2.compu-redes.net.mx
this one is an ip number not in use.
22:21:46.409666 arp who-has compu143.compu-redes.net.mx tell kraken2.compu-redes.net.mx
22:21:52.409666 arp who-has compu143.compu-redes.net.mx tell kraken2.compu-redes.net.mx
22:22:04.409666 arp who-has compu143.compu-redes.net.mx tell kraken2.compu-redes.net.mx
22:23:16.759666 arp who-has compu143.compu-redes.net.mx tell kraken2.compu-redes.net.mx
this one is ok .
22:23:17.519666 arp who-has dial-up4.compu-redes.net.mx tell compu-redes.net.mx
22:23:17.519666 arp reply dial-up4.compu-redes.net.mx is-at 0:e0:1e:5d:89:38
Like I said this is not in use
22:25:38.259666 arp who-has compu144.compu-redes.net.mx tell kraken2.compu-redes.net.mx
This one is ok.
22:25:53.009666 arp who-has dial-up2.compu-redes.net.mx tell compu-redes.net.mx
And so on .....
Hope you can Help me
Best Regards !!!!!
Gerardo
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
