I have a core 2.4.19 NAT router that creates an ARP storm whenever I receive a port scan attack from the outside world. The scan attack attempts the same IP address with different ports. For each attempt, the NAT router generates 5 ARP requests when the IP address is non-existent. When the scan attack is lanched simultaneously on multiple addresses and ports, the resulting storm really loads up my interior WAN links with broadcast noise. Short of hacking on the kernel, is there a way to add some hysterysis to ARP requests? -- Tim Gardner - timg@tpi.com 406-443-5357 TriplePoint, Inc. - http://www.tpi.com PGP: http://www.tpi.com/PGP/Tim.txt - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
