> Hi guys, Hi > > Sorry if this is a little offtopic, but I was wandering what can one > do to prevent/stop arp flooding ? You can increase arp cache table size: echo 512 > /proc/sys/net/ipv4/neigh/default/gc_thresh1 echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh1 echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh1 It'll make your box handle arpfloods more easily (at least DoS part). You can also use static arp entries (man arp). This will ensure known computers will always have access to (throu) your router (even with arpflood in progress). Two solutions mentioned above cope with "Neighbour table overflow" and problems with accessibility to other legitimate users. They don't cope however with router's cpu utilisation... Hope that helps. Marek Kierdelewicz KoBa ISP _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
