[Cerowrt-devel] arp for 0.0.0.0
mcr at sandelman.ca
Fri Jan 25 11:22:11 EST 2013
So, I was tcpdump'ing on my ge00 to try and see where my bandwidth had
gone, and if there was some unresolved bloat. I can tell because I
stream my music from my home to my office, and it will skip if my home
is screwed up.
I was seeing all sorts of arp requests... basically for everything on
the Internet. Weirdly, my ISP seems to proxy-arp for
EVERYTHING.... what was wrong? why was I doing this. I've seen this
on windows boxes when they have a network route pointing 0.0.0.0/0
to the "LAN".... but I don't have that:
root at bud:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
0.0.0.0 126.96.36.199 0.0.0.0 UG 0 0 0 ge00
oops, wait... did I type my gateway wrong??? yes. I've pointed my
gateway at myself. DAMN. that shouldn't have worked at all!!!
I'm just posting this as a huh.
It also seems that there is no control to keep dnsmasq from answering
on my ge00. I guess some trojans try to use me for DOS amplication by
asking for isc.org continuously?
More information about the Cerowrt-devel