On 10/20/06, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> wrote:
On Thu, Oct 19, 2006 at 11:01:39AM +0800, Lestat V wrote: > On 10/19/06, Lestat V <[EMAIL PROTECTED]> wrote: > >On 10/19/06, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> wrote: > >> On Wed, Oct 18, 2006 at 11:09:35AM +0800, Lestat V wrote: Can you 'arping' 00:e0:4c:8c:a2:d1 ?
No, I can't.
Can you 'arping' 00:07:84:52:55:3c ?
No, either.
Have you tried to use 'arptables' to filter out 00:00:0c:07:ac:00 so that you don't listen to its ARP replies? Also, did you try any of the tools to *detect* arp poisoning I pointed out in my first e-mail?
Not yet till receipt of your this letter. Then I try arptables, and block 00:00:0c:07:ac:00. After that, however, I got disconnected to network, which I think should be due my gateway previously set to 10.100.105.250 whoes MAC is 00:00:0c:07:ac:00. So I change my gateway to 10.100.105.252, then I got reconnected, and everything seems normal except that I cannot connect to .14 and .1 any more. The ARP cache now reads: ? (10.100.105.251) at 00:07:84:52:55:3C [ether] on eth0 ? (10.100.105.252) at 00:07:84:52:55:3D [ether] on eth0 ? (10.100.105.250) at <incomplete> on eth0 ? (10.100.105.14) at <incomplete> on eth0 ? (10.100.105.15) at <incomplete> on eth0 ? (10.100.105.13) at 00:E0:4C:8C:A2:D1 [ether] on eth0 ? (10.100.105.1) at <incomplete> on eth0
BTW, that MAC address seems to be a multicast address used by HSRP routers. Do you have any Cisco HSRP routers in your network?
I know that the switching devices are from CIsco.
