Negative ARP protocol

[aniket lele <aniketlele@yahoo.com>]

Dear Sir,

I am Aniket Lele and working with TATA ISP (Turbhe),
Mumbai in India. 

I have observed a problem in my our network. I see lot
of ARP Request traffic in the network which is for IP
address which no longer exist. These IP addresses have
been used earlier but now are not on the network.
Still some requests come for these IP address. This
might be due to some previous hacking or some other
reason.

I have found out that this ARP traffic comes out to be
around 70% of the broadcast traffic on our network.

My suggestion for this problem which will be existing
throughout the Internet LAN's is

1. Could we have a negative ARP protocol where in the
ARP requests packets could be rejected on basis of
 a. Number of ARP requests for the particular IP
address which is no longer existing. Hence there is no
ARP reply.
 b. The rate of ARP requests per minute for which
there is no ARP reply.

For example : If there is a ARP request coming from a
Router A for an IP address 192.168.1.1 which does not
exist anywhere in the Network. So there will be no ARP
reply packet generated. So the condition could be if
the Router A sends 10 ARP Request packet for IP
address 192.168.1.1 in One minute without any ARP
Reply then it will not generate further ARP Requests
for the IP address 192.168.1.1 for next Three minutes.

This will reduce unnecessary Network traffic. 

It will also be helpfull during DoS attacks wherein
the targeted IP address if removed from LAN, then the
routers/switches will not send ARP Requests for the
targeted IP address.

Thank you and Regards,
Aniket Lele.

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree