On Wed, 2007-06-20 at 21:26 -0300, bdk@xxxxxx wrote: > Do you have a default route? > > > > On Wed, 20 Jun 2007, Steve Reid wrote: > > > Date: Wed, 20 Jun 2007 17:43:23 -0500 > > From: Steve Reid <steve@xxxxxxxxxxxx> > > Reply-To: For users of Fedora <fedora-list@xxxxxxxxxx> > > To: fedora-list@xxxxxxxxxx > > Subject: ARP question > > > > I installed wireshark and noticed that I am broadcasting ARP "who has" > > requests to the world. (about 1000 a minute) I've googled all day don't > > have any good answers. > > > > Any help on where to start to fix this would be appreciated. > > > > I'm Running FC5 and FC6 as a mailserver/ftp/mailman and they both seem > > to be doing the same thing. > > > What IP addresses are the ARP "who has" looking for? It would seem strange for a box to send a 1000 ARPs for the same IP address, each minute. I would assume the ARPs are for a 1000 different IP addresses. Do you have some sort of network scanning tool running? Are you certain you are originating the ARP requests? My ISP is a cable company. They broadcast ARP requests looking for connected devices on their cable network. My box, and every box that is connected via a cable modem, is bombarded by this steady stream of ARP requests. I suspect these ARP requests are caused by botnets, on the Internet, scanning IP address ranges for PCs to compromise. There is a steady bombardment of Microsoft Messenger Service, NetrSendMessage requests to UDP port 1026, coming to my IP address. Lucky for me, Fedora discards the message and no response is generated. The botnets do not give up.
Attachment:
signature.asc
Description: This is a digitally signed message part
