Whats this ARP (Address Resolution Protocol) daemon spoofing?
http://thespamdiaries.blogspot.com/2006/02/new-host-cloaking-technique-used-by.html It’s a tricky way for a spammer to make their spam appear to come from a different IP than their dedicated server, but still on the same VLAN subnet. To avoid the problem, design your VLAN so that: – customers can’t snoop on each other, even at broadcast level such as arp traffic; – no customer can send out packets with any source IP other than their assigned one; – no customer can generate ARP traffic for any IPs other than their own. As for identifying what server it really is, can you put a port monitor on the switch port of your router and sniff its packets? You should be able to see the MAC address of anything returned from those IP addresses, even if they were injecting forged packets from somewhere else on the Internet. And you should be able to see the gratuitous ARPs. This technique is in use in the wild. If you detect this on your network, Spamhaus would very much appreciate any details you ca
