ARP Spoofing

getonlove2 · March 15, 2012, 5:31am

there are so many arp entries that is not from my network. all the ips are from the isp from where i have internet.

my internet ip is 172.19.50.55/24
gateway is 172.19.50.1

my lan is 192.168.0.0/24

i get arp entries from 172.19.50.0/24 network.

is this spoofing? how can i control it so that there won’t be any entries from that network except the gateway?

sup5 · March 15, 2012, 7:12am

Your ISP does this:

you don’t get a public IP adress. Instead you are given a private one, which is being masqueraded (NAT)
the ISP doesn’t properly implement user isolation, this mean that all customers within your subnet can easily abuse the providers network for direct communication.

getonlove2 · March 15, 2012, 11:41am

no no i got public ip. that private ip was just an example.

i have a public ip of 117.2.56.8/24 with gateway 117.2.56.1.

and there are entries in arp like 117.2.56.5, 117.2.56.227 etc. sometimes there are 4,5 entries and sometimes there are 10-15 entries.

What measures can be taken?

sup5 · March 15, 2012, 12:25pm

you cannot take measures against this.

if you block such arp entries you won’t be able to communicate with the other customers of you ISP.