From owner-freebsd-security Mon Mar 8 16:53:47 1999 Delivered-To: freebsd-security@freebsd.org Received: from sdcc10.ucsd.edu (sdcc10.ucsd.edu [132.239.50.10]) by hub.freebsd.org (Postfix) with ESMTP id 4188F14EDD for ; Mon, 8 Mar 1999 16:52:52 -0800 (PST) (envelope-from tshansen@sdcc10.ucsd.edu) Received: from localhost (tshansen@localhost) by sdcc10.ucsd.edu (8.8.3/8.8.3) with SMTP id QAA15225; Mon, 8 Mar 1999 16:52:31 -0800 (PST) Date: Mon, 8 Mar 1999 16:52:31 -0800 (PST) From: Todd Hansen Reply-To: tshansen@ucsd.edu To: Paul MacKenzie Cc: freebsd-security@FreeBSD.ORG Subject: Re: Quick question about arp error In-Reply-To: <4.1.19990308175812.009d0310@mail.elehost.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org why are your hosts doing a arp lookup for these hosts in the first place? Do they fit within your netmask (as if they are on the local network). If so then the netmask should be modified so that they will send the info to their default route before sending out an arp request. -todd On Mon, 8 Mar 1999, Paul MacKenzie wrote: > Hello, > > I have a question about ARP based security. With a packet firewall enabled > and verbose settings, I get a million of the following messages > > Mar 2 10:59:24 server /kernel: arplookup xx.xx.xx.xx failed: host is not > on local network > > I know that the host is not on the local network, that is not a problem > because it isn't... > > But, what I do not understand is why is this happening? Is this a security > risk? What if anything can be done to fix it? What causes it? > > Any help would be really appreciated! > > Thanks... > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message