Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOne New Zealand (including Vodafone, WxC, Farmside)[TelstraClear] the ARP leaking problem
barf

643 posts

Ultimate Geek


#11890 16-Feb-2007 12:06

it won't be news to most of you techies that ARP data from 172.16.0.0/12 leaks out of the Motorola cable modems on Telstra's network. I've always been happy to ignore this but a friend of mine told me an interesting story last night.

He recently replaced a dying linksys router with a 3com Office Connect one, very nice router. A couple of days later Telstra shut down his modem and refused to start his service again until he changed his local area network's IP addresses and subnet. He was using the RFC1918-defined private network address space of 172.16.0.0/12 also. So it would seem that the 3com router was smarter than the Linksys and seeing ARP data on it's external/WAN interface decided to proxy ARP between networks.

Spurious ARP data being allowed to enter private networks is a slight concern but the fact that his ARP data was allowed to enter and cause problems in the TCL network is a major concern. People could be poisioning Telstra's cache's and potentially sniffing other people's Internet connections, switched ethernet networks still are vulnerable and I'd like to know what Telstra's excuse for this huge vulnerability is.




Sniffing the glue holding the Internet together

Create new topic
sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #61010 16-Feb-2007 12:45
Send private message

This issue has been debated many times over the years and never seems to reach a resolution. I was one of a handful of people who got to trial the cable modem network around 10yrs ago now and it was something that the guys were talking about (not that I actually understood what they were really talking about back then!) because the cable modem is really just a ethernet bridge and you can snoop on all ARP traffic on the network.

Is this issue in particular only affecting 172.16.0.0/12?



barf

643 posts

Ultimate Geek


  #61011 16-Feb-2007 12:55

yes AFAIK it's the 172.16.0.0/12 traffic eminating from the modem causing the problem. the 3com isn't doing anything particularly wrong by proxying ARP it sees on both interfaces.

But surely they could VLAN the customer traffic seperately to the network/management traffic?




Sniffing the glue holding the Internet together

davidcole
6041 posts

Uber Geek

Trusted

  #61015 16-Feb-2007 13:49
Send private message

The amount of ARP traffic is fairly large as well.  I switched to a WRT54G router running DD-WRT to get some SNMP monitoring and while I use most of my 20 Gb cap, the amount of extra traffic seen by my router is well into 10 gb.




Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 



Fraktul
836 posts

Ultimate Geek

Trusted

  #61048 16-Feb-2007 20:17
Send private message

barf:  the 3com isn't doing anything particularly wrong by proxying ARP it sees on both interfaces.


What, sounds like a gaping security hole if that default behaviour.

I agree VLAN'ing off of management traffic is a sensible idea, I assume there is some technical reason for this not being implemented however as it seems blindingly obvious :)

Endymion
1 post

Wannabe Geek


  #61085 17-Feb-2007 14:46
Send private message

Fraktul:
barf: the 3com isn't doing anything particularly wrong by proxying ARP it sees on both interfaces.


What, sounds like a gaping security hole if that default behaviour.


The router has a selectable option for 'Proxy ARP' that is not on by default, and I have never had it on.

Create new topic





News and reviews »

Gen Threat Report Reveals Rise in Crypto, Sextortion and Tech Support Scams
Posted 7-Aug-2025 13:09

Logitech G and McLaren Racing Sign New, Expanded Multi-Year Partnership
Posted 7-Aug-2025 13:00

A Third of New Zealanders Fall for Online Scams Says Trend Micro
Posted 7-Aug-2025 12:43

OPPO Releases Its Most Stylish and Compact Smartwatch Yet, the Watch X2 Mini.
Posted 7-Aug-2025 12:37

Epson Launches New High-End EH-LS9000B Home Theatre Laser Projector
Posted 7-Aug-2025 12:34

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright