[Cerowrt-devel] arp for 0.0.0.0

Michael Richardson mcr at sandelman.ca
Fri Jan 25 11:22:11 EST 2013


So, I was tcpdump'ing on my ge00 to try and see where my bandwidth had
gone, and if there was some unresolved bloat.  I can tell because I
stream my music from my home to my office, and it will skip if my home
is screwed up.

I was seeing all sorts of arp requests... basically for everything on
the Internet.   Weirdly, my ISP seems to proxy-arp for
EVERYTHING.... what was wrong?   why was I doing this.  I've seen this
on windows boxes when they have a network route pointing 0.0.0.0/0
to the "LAN".... but I don't have that:

root at bud:~# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
0.0.0.0         209.87.254.158  0.0.0.0         UG        0 0     0   ge00

oops, wait... did I type my gateway wrong??? yes. I've pointed my
gateway at myself. DAMN.  that shouldn't have worked at all!!!

I'm just posting this as a huh.
It also seems that there is no control to keep dnsmasq from answering
on my ge00.    I guess some trojans try to use me for DOS amplication by
asking for isc.org continuously?






More information about the Cerowrt-devel mailing list