Re: arp flood (offtopic?)

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Has anyone tried ebtables and the limit target to control the rate

On Thu, 2005-10-20 at 00:09 +0200, Carl-Daniel Hailfinger wrote:
> Alex schrieb:
> > Now the thing is that the load average goes up to 30 and the gateway 
> > doesn't even respond to ping after a while.
> > The arp-requests are not only for ips that are assigned to hosts but 
> > even for un-allocated ips in the same subnet.
> 
> Ah. Classical problem. There are only two realistic explanations for it:
> - the source of the arp flood is scanning the local net
> - the source of the arp flood has been infected with a virus.
> In my experience, only viruses generate real floods, scans are much more 
> friendly to the network. So just clean the viruses from the flooding 
> machines.
> 
> > Maybe dividing into multiple vlans would be a better idea?
> 
> Yes, that would somewhat help, but not solve the problem completely. 
> Besides, I'd go for fixing the real problem instead of some symptoms.
> 
> 
> Regards,
> Carl-Daniel

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux