out going ARP
Results 1 to 6 of 6

Thread: out going ARP

  1. #1
    Member
    Join Date
    Sep 2002
    Posts
    98

    out going ARP

    My firewall alerts every time i log on to my ISP with this message:
    Warning : outgoing ARP source:0.0.0.0
    what that suppose to mean?

  2. #2
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    Hey black, can you give some more information so we may be able to help you more. What firewall are you using and what's the configuration?

    thanks
    Opinions are like holes - everybody\'s got\'em.

    Smile

  3. #3
    Member
    Join Date
    Sep 2002
    Posts
    98

    firewall

    -----------------------------------------------------------------------------------------------------------------------
    i use macafee's firewall and a port checker that checks for any open ports on the system,the
    firewall can log any attacks on arp,icmp,rip,pptp,.... i have set it to filter all trafic,allowed all arp
    packets cause if i stop all arp packets i can not connect any where.
    i also use eeye's iris for sniffin packets(the guard thing shows arp attack)
    ------------------------------------------------------------------------------------------------------------------------

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    257
    ARP (Address Resolution Protocol) is used to map your MAC address to your IP address, an arp packet will not travel between routers. The reason you can connect to nothing if you block all ARP requests is nobody can find you to open a connection.
    -Shkuey
    Living life one line of error free code at a time.

  5. #5
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    As Shkuey has said ARP provides a method for converting or mapping IP addresses to MAC addresses (if you are not sure about why you would have to do this, read up on the OSI model and encapsulation). Whenever the IP layer figures out that it is on the destination is on the same network as the current device, it will send out a broadcast ARP request to everything on that network. If you were to look at a sniffing session of this traffic, it would essentially look like: whois <destination ip address>, ? Since it is a broadcast, all computers without that IP address would not respond to the broadcast, if the machine with the IP address is up and connected to the network, it will respond with its MAC or physical address. The two devices will then be able to communicate on the physical layer (independent of IP). Firewalls will often shorthand a broadcast (sent to everyone) as 0.0.0.0.

    What is probably happening is that your computer is trying to find the MAC address of your default router and is issuing the ARP broadcast out to the network you are on to figure this out. If everything functions normally, the router will answer with its MAC and then you will be able to get out to the internet.

    Hope this helps explain it a little better,

    Nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  6. #6
    Your system may have a firewall that prevents GRE transmission. The GRE-to-PPP gateway sends the packets, but they are dropped by the packet filter before being transferred to the interface.

    I dont know how to fix this if you are on windows


    on linux or bsd you can add the following

    You will have to check your firewall rules, remove or add replacements, and try again. The following iptables rules may be added to allow GRE through eth0. Change eth0 to the name of the interface if needed


    iptables --insert OUTPUT 1 \
    --source 0.0.0.0/0.0.0.0 \
    --destination 0.0.0.0/0.0.0.0 \
    --jump ACCEPT --protocol gre \
    --out-interface eth0

    iptables --insert INPUT 1 \
    --source 0.0.0.0/0.0.0.0 \
    --destination 0.0.0.0/0.0.0.0 \
    --jump ACCEPT --protocol gre \
    --in-interface eth0

    These rules can be refined further to constrain the GRE traffic.


    S3C
    www.sec-net.tk

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •