I've got an interesting problem which is a little bit beyond me, and maybe
one of you can give me a few hints.
We use a wireless ISP to connect to the internet, and they way it seems to
work is that the wireless device they supply behaves pretty much like a
repeater and all packets that it sees from either side are just repeated on
the other. So far, so good, but I was watching my external interface today
with tcpdump, and I noticed a lot of activity from an IP address 10.1.9.1
which is one of the addresses in the class A reserved network, so it really
shouldn't be out in the wild.
I only see packets like this:
13:23:42.327176 arp who-has 10.1.9.70 tell 10.1.9.1
13:23:42.328039 arp who-has 10.1.9.71 tell 10.1.9.1
13:23:42.329121 arp who-has 10.1.9.72 tell 10.1.9.1
13:23:42.330081 arp who-has 10.1.9.73 tell 10.1.9.1
13:23:43.315266 arp who-has 10.1.9.134 tell 10.1.9.1
13:23:43.317814 arp who-has 10.1.9.135 tell 10.1.9.1
13:23:43.321283 arp who-has 10.1.9.136 tell 10.1.9.1
13:23:43.322147 arp who-has 10.1.9.137 tell 10.1.9.1
13:23:43.328441 arp who-has 10.1.9.138 tell 10.1.9.1
13:23:43.426728 arp who-has 10.1.9.74 tell 10.1.9.1
I never see any replies, so I guess they are going via an internal-only
connection. In my own network we are using the class C reserved subnet so I
know this has nothing to do with us. I think it's another customer of the
ISP with a config error.
So here are my questions:
1. How can I track them down and tell advise them of their problem? I've
already sent a mail to the ISP, but given their normal lack of action, I
don't expect a response.
2. Any ideas as to what kind of config error could cause this? Routing
table? IP forwarding?
All help gratefully received.
Regards,
Tony
===============================
Tony Smith
Email: [EMAIL PROTECTED]
Tel: +44 1189 893200
===============================
