SRX Services Gateway
Reply
New User
NixTro
Posts: 3
Registered: ‎11-02-2011
0

Juniper IDS reporting 'ARP HW Changed For IP'

Juniper IDS reports the below message ....What does this message mean

"No Alert","Unflagged","","0.0.0.0","","0.0.0.0","Accepted","IP","0","","0.0.0.0","0.0.0.0","","Traffic","ARP HW Changed For IP","Info","MYDNSSERVER",""
"No Alert","Unflagged","","0.0.0.0","","mydnsserver","Accepted","IP","0","","0.0.0.0","0.0.0.0","","Traffic","ARP HW Changed For IP","Info","MYDNSSERVER","

Note:IP address for the DNS servers is static.MYDNSSERVER is a DNS server on the Network

Distinguished Expert
Distinguished Expert
pk
Posts: 816
Registered: ‎10-09-2008
0

Re: Juniper IDS reporting 'ARP HW Changed For IP'

Hi

 

In the case of the standalone IDP sensor in transparent mode, I seen this message

when arp requests/replies were seen for the known IP on a different interface.

In our case this was caused by a bit lame lab design. To understand what causes

the messages in your case, I think config and a network schema is needed.

Best Regards,
Petr (PK)

Juniper Ambassador, Juniper Networks Certified Instructor,
JNCIE-SEC #98, JNCIE-ENT #393, JNCIE-SP #2253
[Juniper Authorized Education & Support in Russia]
New User
NixTro
Posts: 3
Registered: ‎11-02-2011
0

Re: Juniper IDS reporting 'ARP HW Changed For IP'

Hi Peter,

 

Thank you for the reply Not sure whether standalone IDP sensor in transparent mode. I will verify this.

 

This IP is configured only on one interface of the DNS server. Is this a GARP message??

 

Thank you

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.