Tcpdump reveals the following every second or so. A continual outflow of packets. Anybody have any ideas? Am I part of a dos attack or something? How can I stop it?

18:46:21.611553 eth0 B arp who-has 65.4.140.159 tell 65.4.140.1

Damn....

RH7.1 if it makes any diffs.

[ 17 June 2001: Message edited by: VRay ]

I doubt it.

Is there any reason that you're running arp? arp is a dynamic routing protocol meant for real Internet routers (routers with three or more real network interfaces, not NAT boxes on a local network or anything like that). Probably, arp got started on your system somehow (Redhat loves to start services you don't know about), and now your system thinks it's part of the global Internet router network. It broadcasted to nearby routers over your network connection announcing its presence, and now those routers are talking to it as a peer.

That message you posted was (as near as I can tell) a broadcast from another router asking "Does anybody know how to get to 65.4.140.159? If you do, call me at 65.4.140.1 and let me know!"

IANARD (I Am Not A Router Dood), but that's what it seems like to me.