Re: 1. Switch Flooding 2. Chains traversal

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 14 Sep 2005 lst_hoe01@xxxxxxxxx wrote:

Zitat von venkata subramanian <venkatasubramanian@xxxxxxxxx>:

Hi,
1. Switch Flooding
      We have a nice problem in our organisation. Due to viruses,
some windows machine or the other starts flooding the network with
packets. And, in the end, one of our switches comes down making us to
manually restart the switch.
      I don't (intuitively) see how iptables can help in this
scenario.... But, I want to know whether any solution exists to this?
If I make all the machine's gateway as a linux system, and rate limit
the packets there will it help?

Use a better switch. We once had a cheap 3Com (4300-48 Ports) which had the same
behavior with ping-flood to many invalid IP-Adresses. I guess it was a error
with the ARP handling. Once the switch was replaced by a 4400-48 (which is
really 3Com not re-branded crap) the problem was gone.
Best solution is of course to fix the virus-machines in your network.



Interesting, all sorts of advice and suggestions, except the real answer, which would entertain the idea of finding the affending, perhaps infected system<s> and fixing or taking them off the network till fixed.

In seeking other solutions to this problem I get the impression there are other problems in the institution itself that need to be rectified.

Thanks,

Ron DuFresne
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDKH0sst+vzJSwZikRAi3xAKDQhQCFWNVdY0evvMK0fQbXfKaDZgCeLixk
cOVGYPLTVPR4y5G29PqfoME=
=zDJJ
-----END PGP SIGNATURE-----


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux