North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: cisco IOS bug/exploit?

  • From: Mark Mentovai
  • Date: Mon Aug 20 11:26:46 2001

Barton F Bruce wrote:
>There is a chance that you have a static for to eth0 or
>something like that even though the other end may be the only thing on the
>ethernet. DON'T do that!
>The router will arp for every address it needs to get to.
>With codered around, that can be bad.
>Use a static default to a real ip address.

Use "no ip proxy-arp" (you should all be doing this anyway).  With proxy ARP
disabled, a default route to an ethernet interface won't work unless really is connected at layer 2.

>There is somthing on CCO about this.