We're mucking about with openwrt routers and we stumbled across this curious scenario...
We couldn't ping the router yet we could see the ethernet mac address in the arp cache. Clear the address out of the cache, check it's not there, ping, the ping fails, check the arp cache, and lo, the mac address is there again! The critical clue was the router could ping the PC. Solution? The router has a fairly fancy firewall thingy that was rejecting the incoming ICMP ip packet, but the arp is handled at the ethernet MAC layer _below_ the ip layer. Hence the subject line... subtle info leak of the year. Firewalls leak tiny bits of info at the mac level, even if they reject everything at the IP level. John Carter Phone : (64)(3) 358 6639 Tait Electronics Fax : (64)(3) 359 4632 PO Box 1645 Christchurch Email : [email protected] New Zealand
