Just that Cisco states that the meaning of why the message appears is not clear and sometimes is acceptable. I'm not saying that Norton's message is the same as Cisco's. If the outage before performing DHCP is acceptable, then you can ignore this message. Verify that the client eventually does perform DHCP without undergoing an unacceptable outage.The client is unable to send or receive any data traffic until it performs DHCP through the controller.ĭTL-1-ARP_POISON_DETECTED: STA ARP (op 1) received with Rather, this message appears when a WLAN is configured for DHCP Required and a client (after associating to this WLAN) transmits an ARP message without first using DHCP. This message does not necessarily imply that any actual "ARP poisoning" is occurring. And even Cisco has instances where they say to ignore that warning:ĬSCsm25943-The meaning of the following error message on the controller is not clear.
No known malware like this for iOS devices (and much harder to insert one on AppleTV versus an iPhone or iPad.) There are legitimate cases where ARP spoofing is used. Realize that a report of ARP poisoning wouldn't be likely on a private LAN, unless you got infected somehow. That's just a blind guess, but seems to fit. I don't know exactly what causes it but I would guess Apple's Bonjour protocol, which is why you see something every 30 minutes. >Ībout Wake on Demand and Bonjour Sleep Proxy - Apple Support Timestamp A/R Flags if Domain Service Type Instance NameĢ1:19:51.738 Add 2 5 local. You can see Bonjour Sleep Proxies on your network by using the dns-sd command in the OS X terminal (10.10.4):
This behavior can be removed by disabling Wake on Demand on your OS X devices, under Energy Saver preferences. It's not an attack, but it is smells like one. The sleep proxy responds to ARP requests on behalf of the sleeping device, and therefore has to spoof the ARP and poison the cache of other computers on the network. If the OS X device, such as a Macbook, needs to wake up to provide service (SSH, file sharing, iTunes sharing, etc.), the sleep proxy will wake it up by sending a special packet. The sleep proxy services connection requests and Bonjour queries while your OS X device is sleeping.
The cause of it is due to the Apple TV or Airport Extreme acting as a Bonjour Sleep Proxy. and this thread came up as one of the top search results for me. This is an old post, but I wanted to provide an answer as I still see this behavior on my home network as well (I'm not using Norton, but one of my BSD servers is complaining).
0 kommentar(er)
