Re: Neighbor table overflow. Virus?

From: Tauno Voipio <tauno.voipio@xxxxxxxxxxxxx>
Date: Wed, 25 Jan 2006 20:52:31 GMT

Moe Trin wrote:

On Tue, 24 Jan 2006, in the Usenet newsgroup comp.os.linux.networking, in
article <iwwBf.379$K27.54@xxxxxxxxxxxxx>, Tauno Voipio wrote:

The PPP client can imagine being a part of the local Ethernet
subnet, if the PPP router is using proxy ARP.

I'm really not sure what you are trying to say here. For a dialup, the
peer that is dialing in has no concept of ARP - it's not even part of
the protocol. The function of the 'proxyarp' option to ANU ppp is to
add the "remote" IP address to the arp cache along with the MAC address
of "local" system.  As ppp is a peer to peer protocol, there can be a
maximum number of such addresses - the O/P stated this server had ten
dialin lines, which adds just ten IP addresses. For an ISP type of
operation (clients on dialin accessing the Internet), proxyarp would
be a normal mode unless the server is masquerading.


There is the possibility to run the peer at the
remote end of a PPP link as a virtual member of the
backbone Ethernet connecting the PPP-to-Ethernet
router to the rest of the Net. It is set up so
that the PPP link gets an IP address of the backbone
local network and the router performs proxy ARP in
behalf of the remote PPP end.

In the configuration above, the peer at the remote
end of PPP will trigger ARP requests to the backbone
addressed to other hosts in the local net. If the
PPP user performs a local network scan, it will
fill the ARP table at the router.

--

Tauno Voipio
tauno voipio (at) iki fi

References:
- Neighbor table overflow. Virus?
  - From: nsa.usa@xxxxxxxxx
- Re: Neighbor table overflow. Virus?
  - From: Rick Moen
- Re: Neighbor table overflow. Virus?
  - From: nsa.usa@xxxxxxxxx
- Re: Neighbor table overflow. Virus?
  - From: Rick Moen
- Re: Neighbor table overflow. Virus?
  - From: nsa.usa@xxxxxxxxx
- Re: Neighbor table overflow. Virus?
  - From: Moe Trin
- Re: Neighbor table overflow. Virus?
  - From: Tauno Voipio
- Re: Neighbor table overflow. Virus?
  - From: Moe Trin

Prev by Date: Re: Desktop Firewall or Application-Packetfilter
Next by Date: Re: Update DNS server via client?
Previous by thread: Re: Neighbor table overflow. Virus?
Next by thread: problem/misunderstanding concerning a virtual bridge
Index(es):
- Date
- Thread

Relevant Pages

Re: [kde] kde] Kmail
... The captures then just show the arp transmission. ... the router still exists on the network. ... Regarding Kmail, there should be nothing showing in the Ethereal capture, ... KDE 3.4.2 B ...
(KDE)
Re: ARP requests on my net?
... My router is the one which needs to know ... AFAIK, TCP/IP uses IP, not ARP. ... ARP should be in Level 2, the P2P LAN layer. ... layer 4, two levels above MACs. ...
(Fedora)
Re: vlan and arp cache
... Router A is the default ... time a packet is received from client, the CAM table is updated. ... if the client's MAC address is not in the ARP ... The reason setting the ARP cache timeout and the CAM timeout to the same ...
(comp.dcom.sys.cisco)
Re: netcut
... users use it on windows systems to prevent the other users on the same ... No, I do not know netcut, however: ... it seems to work by ARP poisoning. ... affecting your pc only but also the router it self by many ways like ...
(comp.os.linux.security)
Re: Remote telnet through firewall failing - SOLVED
... An ARP broadcast would make sense when the router is ... The SCO server should respond to the request, ... > Thank you Mike, for your winning suggestion. ...
(comp.unix.sco.misc)