Zitat von "R. DuFresne" <dufresne@xxxxxxxxxxx>:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 14 Sep 2005 lst_hoe01@xxxxxxxxx wrote:
Zitat von venkata subramanian <venkatasubramanian@xxxxxxxxx>:
Hi,
1. Switch Flooding
We have a nice problem in our organisation. Due to viruses,
some windows machine or the other starts flooding the network with
packets. And, in the end, one of our switches comes down making us to
manually restart the switch.
I don't (intuitively) see how iptables can help in this
scenario.... But, I want to know whether any solution exists to this?
If I make all the machine's gateway as a linux system, and rate limit
the packets there will it help?
Use a better switch. We once had a cheap 3Com (4300-48 Ports) which
had the same
behavior with ping-flood to many invalid IP-Adresses. I guess it was a error
with the ARP handling. Once the switch was replaced by a 4400-48 (which is
really 3Com not re-branded crap) the problem was gone.
Best solution is of course to fix the virus-machines in your network.
Interesting, all sorts of advice and suggestions, except the real
answer, which would entertain the idea of finding the affending,
perhaps infected system<s> and fixing or taking them off the network
till fixed.
You have not read my posting until the end ...
"Best solution is of course to fix the virus-machines in your network"
Regards
Andreas
