Cisco PIX's used to do this if the firewall had a route and saw a ARP request in that IP range it would proxy arp. ----- Original Message -----
On Jan 15, 2014, at 4:03 PM, Niels Bakker <niels=nanog@bakker.net> wrote:
* clay@bloomcounty.org (Clay Fiske) [Thu 16 Jan 2014, 00:59 CET]:
This is where theory diverges nicely from practice. In some cases the offender broadcast his reply, and guess what else? A lot of routers listen to unsolicited ARP replies.
I've never seen this. Please name vendor and product, if only so other subscribers to this list can avoid doing business with them.
This was some time ago, but the two I was able to dig up from that case were both Junipers. Perhaps it’s something that only happens when proxy ARP is enabled?
-c
-- Eric Rosen CCIE Security #17821 Information Security Analyst Red Hat, Inc erosen@redhat.com 919.890.8555 x48555 IRC erosen