Alan Cox wrote: > > I was asking because I had this problem before (router with two cards > > against one physical subnet) and arpwatch complained that the router kept > > switching MACaddresses all the time. > That sounds like a bug in arpwatch. A box can have multiple mac > addresses. Its probably a tricky one to handle but arpwatch I guess > should spot and cope with repeated transitions between the same set > of addresses as one warning Well, two. Or three. - Hey, IP x changed from mac X to mac Y. - Hey, IP x changed back again to X. - Hmm. IP X seems to be using both Mac X and and Mac Y. No further warnings will be issued about this. If someone is taking over an IP address (which is especially what arpwatch should be looking for), this is exactly what you'll see. Having the issue be ignored after one warning is bad. Oh, and I know people who swear that this would be an invalid configuration, so that it is good for arpwatch to should loud and clear about it... Roger. -- ** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 ** *-- BitWizard writes Linux device drivers for any device you may have! --* * There are old pilots, and there are bold pilots. * There are also old, bald pilots. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
