[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
arplookup - OpenBSD 2.9-stable
- To: tech_(_at_)_openbsd_(_dot_)_org
- Subject: arplookup - OpenBSD 2.9-stable
- From: "John R. Shannon" <john_(_at_)_johnrshannon_(_dot_)_com>
- Date: Thu, 26 Jul 2001 06:46:23 -0600
- Organization: johnrshannon.com
- Reply-to: john_(_at_)_johnrshannon_(_dot_)_com
I've received a few unusual log entries that I'm trying to understand:
Jul 25 10:47:05 router /bsd: arplookup: unable to enter address
for 207.46.106.84
Jul 25 10:47:06 router /bsd: arplookup: unable to enter address
for 207.46.106.84
Jul 25 22:05:25 router /bsd: arplookup: unable to enter address
for 192.20.225.49
Jul 25 22:05:30 router /bsd: arplookup: unable to enter address
for 192.20.225.49
The IP addresses are not on any attached network, so I don't understand why I
should receive an ARP request from them. They resolve to
sjwu3dns1.windowsupdate.com and cditestbed.research.att.com.
Checking other log entries with a simular timestamp, I have noted blocked UDP
packets sent to port 53 (I don't run a public DNS server) from the IP
addresses involved in the ARP requests:
Jul 25 10:47:06 router ipmon[21729]: 10:47:05.265854 2xfxp0 @200:13 b
207.46.106.84,3146 -> 208.141.183.125,53 PR udp len 20 74 IN
Jul 25 10:47:07 router ipmon[21729]: 10:47:06.789902 fxp0 @200:13 b
207.46.106.84,3146 -> 208.141.183.125,53 PR udp len 20 74 IN
Jul 25 22:05:25 router ipmon[21729]: 22:05:24.987567 fxp0 @200:13 b
192.20.225.49,3512 -> 208.141.183.125,53 PR udp len 20 72 IN
Jul 25 22:05:30 router ipmon[21729]: 22:05:29.990764 fxp0 @200:13 b
192.20.225.49,3512 -> 208.141.183.125,53 PR udp len 20 72 IN
Any assistance in understanding what is going on would be appreciated.
--
John R. Shannon
john_(_at_)_johnrshannon_(_dot_)_com
Visit your host, monkey.org