02-19-2004 10:58 AM - edited 03-02-2019 01:43 PM
Hi,
I have a cisco 4500 with IOS 11.2. Two out of five ethernet interfaces are putting out constant and sequential ARP requests for every address on their subnet. The other three interfaces don't do this. ANy idea what's going on? Thanks.
02-19-2004 11:15 AM
Have you checked the timing on when they flush their arp cache?
02-19-2004 11:29 AM
arp timeout is 4 hours, same as the others.
02-19-2004 03:50 PM
This is commonly the result of hosts on the network being infected with worms which scan the local subnet for other hosts to infect.
02-19-2004 04:43 PM
Yes, I have seen that. According to etherpeek, though, these requests are originating at the router interface, not at any host.
02-19-2004 06:10 PM
It could be a remote host (i.e., on another subnet) scanning the subnets in question then. In this case it's the router itself that would ARP for the destination addresses.
02-19-2004 05:48 PM
Apply the access-list to check to see if you are hit by blaster virus
http://www.cisco.com/warp/public/707/cisco-sn-20030814-blaster.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide