15 Jan
2014
15 Jan
'14
11:49 p.m.
On 1/15/2014 6:31 PM, Clay Fiske wrote:
Yes, yes, I expected a smug reply like this. I just didn’t expect it to take so long.
But how can I detect proxy ARP when detecting proxy ARP was patented in 1996?
http://www.google.com/patents/US5708654
Seriously though, it’s not so simple. You only get replies if the IP you ARP for is in the offender’s route table (or they have a default route). I’ve seen different routers respond depending on which non-local IP was ARPed for. And while using something like 8.8.8.8 might be an obvious choice, I don’t care to hose up everyone’s connectivity to it just to find local proxy ARP offenders on my network.
-c
Shouldn't ARP inspection be a common feature?