different network IDs visible to each other in home network?

[chemoul]

Potentially silly question, but I just did arp -a from my laptop and noticed that I can see devices with different network IDs.

My laptop is 192.168.x.x, but it can also ping devices in 169.254.x.x (devices that aren't set up for networking yet).

My question is, should my laptop be able to devices in other network IDs not starting with 192.168.x.x? Is it a security concern and if so, how can I stop them from being accessible through my Asus router?

 

[Tech9]

169.254.x.x

This IP address comes from automatic private IP addressing when DHCP server is not available. What else you can do except ping?

 

[chemoul]

Thanks for your reply. I can access the device's web interface to configure it, but that wasn't my question .
Should I be able to see a device with a 169.254 IP from a devices that's in the 192.168 range, or should they be segregated?

 

[tgl]

Should I be able to see a device with a 169.254 IP from a devices that's in the 192.168 range, or should they be segregated?

I wouldn't sweat about it. The official description of that address range (from 'whois'):

Computers use addresses starting with "169.254." when they do not have a manually configured address or when they are not told which address to use by a service on the network. They are commonly called the "link local" addresses.
Routers are not allowed to forward packets sent from an IPv4 "link local" address, so they are always used by a directly connected device.

The key point there is that a router can't forward such packets (that is, they can't pass into a different addressing domain); but a switch can. So such traffic can probably traverse your LAN without difficulty, and the clear implication of what IANA wrote above is that the possibility of local access is intentional.

Whether you can actually "see" such addresses from other machines on your LAN seems to be OS-dependent. I have an old Apple Airport laying about that appears to be advertising such an address (alongside its regular address), and I can see that address in my MacBook's "arp -a" display and ping it from that machine; but a nearby Linux machine doesn't see it or ping it. This is likely related to the fact that the MacBook's routing table will route that address range to the local net:

$ netstat -r -n Destination Gateway Flags Netif Expire 169.254 link#15 UCS en0 !

but there's no such entry in the Linux machine's routing table.

 

[chemoul]

thank you!