routing problem

Charles Steinkuehler charles at steinkuehler.net
Wed Aug 31 17:23:04 CDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kelsay, Brian - Kansas City, MO wrote:

| The arp cache doesn't stay very long.  Maybe a minute at most. IIRC
| DNS cache maybe, that lasts longer.  Is your router doing DNS as well as
| DHCP?  I ask because this is not default.  You have to set both up
| separately or create a hosts file on each box.

You've not messed much with proxy-arp, then, which has the effect of
swapping the MAC address that's attached to a particular IP address.

It can take *HOURS* to get arp caches updated (speaking as one who has had
to wait those frustrating hours after swapping out transparent proxy-arp
based firewall boxes).

Fortunately, most IP stacks are dumb enough (or smart enough, depening on
your perspective) to recognize unsolicited arp packets, and will then
happily update their arp-cache.  I now use the send_arp 'utility' (found at:
http://www.insecure.org/sploits/arp.games.html ) to inform my upstream
proivder whenever I swap firewalls or NICs, as it's much faster than calling
their tech support and requesting they flush the arp-cache on their router
(in fact, it's even a lot faster than getting someone on the phone who even
understands what an arp-cache *IS* :).

If you really want to have fun, compile send_arp, and send an ARP packet
with the IP of your system and a bogus MAC address to your gateway (use ip
neigh show to find the proper MAC addy for your gateway)...you'll find out
exactly how "short" arp cache timeouts can be, and what kind of mess you can
get into when (really) low-level things get broken.

!!! - WARNING - !!!
Like a lot of other low-level network tools, using send_arp incorrectly can
result in VERY SERIOUS AND NASTY side effects.  USE AT YOUR OWN RISK, AND
WITH YOUR BRAIN ENGAGED!  I do *NOT* recommend writing a script to send
random MAC addresses paired with IPs on your subnet to the office
firewall/gateway!  Even if you *REALLY* don't like your sysadmin or the
'owner; of a particular IP!

- --
Charles Steinkuehler
charles at steinkuehler.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFDFi3ILywbqEHdNFwRAt03AKD5K7I7Ktm83jZ2zCUrV7ecB3SRowCeOXwG
2kx8PXxRu3QD8qbRLx+wbfY=
=44jv
-----END PGP SIGNATURE-----

More information about the Kclug mailing list