Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ARP Spoofing

Hello All-

     I am including the output from our companies ASA 5520.  I am wondering if this strange output could be due to ARP Spoofing, and if so what should be my next step?

WRMC-ASA# show arp
        outside 24.XXX.XX.XX 0002.fc67.8166 64 - (This entry appears to be fine)
        outside 24.XXX.XX.XX 0002.fc67.8166 777 - (This entry appears to be fine)
        outside 172.16.15.1 0002.fc67.8166 1553 - (**This is the entry that I am concerned about)
        inside 172.16.15.1 0011.bcc7.9440 1636 - (This entry appears to be correct)
        dmz-1 192.168.101.11 000e.0c6e.a0f4 219 - (This entry appears to be correct)

Thanks All.

1 REPLY
Cisco Employee

Re: ARP Spoofing

It could be due to proxy-arping, or Gratuitous arping on the outside.

I don't think the ASA is arping for that ip address on the outside.

So it is probably a grat arp from someone on the outside. Maybe a bad guy grat arping.

Or even a packet that was misouted/mis-switched to the outside.

I hope it helps.

PK

388
Views
0
Helpful
1
Replies