> Isn't there a problem when an outside attacker brute-force pings every > IP address in some order? The intent here is to overload the router > to do a lot of ARP/ND requests which result to nothing. Note that the max number of active neighbours per interface is limited. There is a natural limit on how many entries the hash tables can have. The user can increase this with sysctls, but the defaults should be safe. -Andi - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
