On Mon, Aug 19, 2002 at 09:07:09AM -0500, Mike Burger wrote: > Good point. > > On Mon, 19 Aug 2002 [EMAIL PROTECTED] wrote: > > > On Mon, 19 Aug 2002, Patrick Hardeveld wrote: > > > > > I have asked this one before but I did not recieve 1 reaction. I thought > > > I try again. This is still the case: when I'm connected to the Internet > > > and I do an arp -a command, it gives me a couple of (different ofcourse) > > > ip-addresses with all the same mac-address. As we all know, every > > > mac-address is unique so what I am seeing is impossible. I actually > > > don't know what is causing this. Maybe a man in the middle attack?? > > > > Probably not... > > > > In addition to what Mike has told you, you probably are seeing the effects > > of a proxy arp. A router is giving you its ARP information for hosts on > > the other side of a connection. Remember, true ARP information only > > exists on the locally connect LAN. You don't get ARP information across > > links in a WAN.
I can guarantee that proxy-arp is the cause of the duplicate MAC addresses, especially if your internet connection is a DSL link which uses bridged encapsulation. Your edge router will answer all ARP requests with it's own MAC address. This is so it can L3 forward all IP packets that come from your box and not have to deal with L2 bridging or broadcast forwarding. Another name for this scheme is 'half-bridging'. Cheers. -- Steve Borho Voice: 314-439-8342 Member of Technical Staff Celox Networks Inc http://www.ietf.org/rfc/rfc1925.txt -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
