On 1/15/2014 6:31 PM, Clay Fiske wrote:
Yes, yes, I expected a smug reply like this. I just didn’t expect it to take so
long.
But how can I detect proxy ARP when detecting proxy ARP was patented in 1996?
http://www.google.com/patents/US5708654
Seriously though, it’s not so simple. You only get replies if the IP you ARP
for is in the offender’s route table (or they have a default route). I’ve seen
different routers respond depending on which non-local IP was ARPed for. And
while using something like 8.8.8.8 might be an obvious choice, I don’t care to
hose up everyone’s connectivity to it just to find local proxy ARP offenders on
my network.
-c
Shouldn't ARP inspection be a common feature?
