From owner-freebsd-net@FreeBSD.ORG Fri Sep 30 13:35:23 2005 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9632916A47C for ; Fri, 30 Sep 2005 13:35:23 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2921943D5C for ; Fri, 30 Sep 2005 13:35:17 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.3/8.13.3) with ESMTP id j8UDY1t2046554 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 30 Sep 2005 17:34:01 +0400 (MSD) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.3/8.13.1/Submit) id j8UDY0E3046553; Fri, 30 Sep 2005 17:34:01 +0400 (MSD) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Fri, 30 Sep 2005 17:34:00 +0400 From: Gleb Smirnoff To: Daemon Message-ID: <20050930133400.GF45345@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Daemon , freebsd-net@freebsd.org References: <4338EA66.6010906@foxchat.net> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <4338EA66.6010906@foxchat.net> User-Agent: Mutt/1.5.6i Cc: freebsd-net@FreeBSD.org Subject: Re: arplookup problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Sep 2005 13:35:24 -0000 On Tue, Sep 27, 2005 at 02:44:54AM -0400, Daemon wrote: D> I hope this is the correct list to post to, if not, I apologize. I've D> had an ongoing problem with arplookup for some months now and as of yet, D> haven't been able to find anything on the web concerning my particular D> problem. Every 24 hours, almost to the minute, I get the following errors; D> D> *Note This proceeds each arplookup failure D> em0: Link is Down D> em0: Link is up 100 Mbps Full Duplex D> D> Sep 25 01:32:49 thisbox kernel: arplookup 169.0.0.1 failed: host is not D> on local network D> Sep 25 01:33:05 thisbox kernel: arplookup 10.32.240.171 failed: host is D> not on local network D> Sep 26 01:23:37 thisbox kernel: arplookup 169.0.0.1 failed: host is not D> on local network D> Sep 26 01:23:49 thisbox kernel: arplookup 10.32.240.171 failed: host is D> not on local network D> Sep 27 01:23:35 thisbox kernel: arplookup 169.0.0.1 failed: host is not D> on local network D> Sep 27 01:23:48 thisbox kernel: arplookup 10.32.240.171 failed: host is D> not on local network In most cases this means that system have received ARP reply for a host, that doesn't belong to an attached network. D> When this happens, one by one, each of my (ssh, gaim, irc, etc.) D> connections time out until every connection is dead. It looks like some "Ethernet cool hacker" does ARP spoofing in your network. May be he spoofs your ARP cache or cache of your gateway. You can solve the problem by finding him, or by setting static ARP entries on your box and on gateway. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE