>Why do the logs show arp replys to ip numbers that are not
>currently working . I mean , I have a class C network address , and I
>have configured my domain with all the numbers and everything , but by
>looking at the logs , I discovered arp replys to machines that are not
>working ,and also arp replys to every single machine within my domain .
You're seeing ARP requests, not replies. At least, for the logs you
sent.
>Is this normal?
Well... that's how a router tries to determine if the machine is there..
it doesn't know otherwise.
>or is someone getting information about my network, (
>that is what I think ,) and if that is the case , how do I know who is
>doing this requests ?
Quite possibly. Someone may be doing a ping sweep, or some
sort of port scan. If it's a dumb one, it's just going to try every address.
To determine who is doing it, you'll have to do some debugging or
accounting on the router. You could also write an access-list to
trap access to non-existant IP addresses, and log it. Such an
access-list goes on the far side of the router from the subnet you
mentioned. Yet another choice is to configure a machine to answer ARP
for non-existant addresses, and do some sniffing to see what comes through.
The last option is useful if you don't control the router.
Ryan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
