RE: Odd addresses on my wireless network

From: James C Slora Jr (Jim.Slora_at_phra.com)
Date: 11/25/04

  • Next message: GuidoZ: "Re: New/old Trojan?"
    To: "'Michael Acosta'" <mike.acosta@gmail.com>, <incidents@securityfocus.com>
    Date: Wed, 24 Nov 2004 18:10:05 -0500
    
    

    Michael Acosta wrote Tuesday, November 23, 2004 22:45

    > $ arp -a
    > ? (10.0.1.1) at 0:3:93:e7:36:da on en1 [ethernet]
    > ? (10.0.1.250) at 0:11:24:3:77:c4 on en1 [ethernet]
    > ? (169.254.61.156) at 0:11:24:3:77:c4 on en1 [ethernet]
    > ? (169.254.255.255) at (incomplete) on en1 [ethernet]
    > ? (224.0.0.2) at 1:0:5e:0:0:2 on en1 permanent [ethernet]
    > ? (224.0.0.251) at 1:0:5e:0:0:fb on en1 permanent [ethernet]
    > ? (239.255.255.253) at 1:0:5e:7f:ff:fd on en1 permanent [ethernet]

    Nothing in your arp list appears to indicate that you had involvement from
    any device other than the two you own. Of course and arp list is far from a
    complete record of activity.

    239.255.255.253 = uPnP (disable on router if not needed)
    224.0.0.x = Multicast IP addresses (router autodiscovery, etc)
    1:0:5e:x:x:x = Multicast MAC addresses (separate from hardware MAC
    addresses)
    169.254.x.x = Automatic private addressing (no DHCP server available for
    devices configured as DHCP clients)
    169.254.255.255 = Broadcast address for automatic private addressing space

    Airport Express Firmware 6.1 automatically checks for other WDS nodes - new
    autodiscovery feature, introduced 2004-11-15 per Apple's site. This sounds
    relevant to your issues. Did they occur after a firmware update?


  • Next message: GuidoZ: "Re: New/old Trojan?"