-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 14 Sep 2005 lst_hoe01@xxxxxxxxx wrote:
Zitat von venkata subramanian <venkatasubramanian@xxxxxxxxx>:
Hi,
1. Switch Flooding
We have a nice problem in our organisation. Due to viruses,
some windows machine or the other starts flooding the network with
packets. And, in the end, one of our switches comes down making us to
manually restart the switch.
I don't (intuitively) see how iptables can help in this
scenario.... But, I want to know whether any solution exists to this?
If I make all the machine's gateway as a linux system, and rate limit
the packets there will it help?
Use a better switch. We once had a cheap 3Com (4300-48 Ports) which had the
same
behavior with ping-flood to many invalid IP-Adresses. I guess it was a error
with the ARP handling. Once the switch was replaced by a 4400-48 (which is
really 3Com not re-branded crap) the problem was gone.
Best solution is of course to fix the virus-machines in your network.
Interesting, all sorts of advice and suggestions, except the real answer,
which would entertain the idea of finding the affending, perhaps infected
system<s> and fixing or taking them off the network till fixed.
In seeking other solutions to this problem I get the impression there are
other problems in the institution itself that need to be rectified.
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDKH0sst+vzJSwZikRAi3xAKDQhQCFWNVdY0evvMK0fQbXfKaDZgCeLixk
cOVGYPLTVPR4y5G29PqfoME=
=zDJJ
-----END PGP SIGNATURE-----
