[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: arp table overflow due to windows worm

On Sat, 16 Oct 2004, Ben Goedeke wrote:
> Should it really be possible for a single infected windows machine to dos
> a linux firewall? Please tell me it's not true and there's just something
> I'm overlooking. I'm at my wits end here and don't even know what to try
> next. So any pointers are much appreciated.

Well, I have seen ARP overflows on very big flat networks (e.g. for example.  Is any of yours that big?  Otherwise, why would
the firewall be trying to resolve so many ARP addresses, instead of
forwarding the packets to its default gateway, or rejecting the IP packets
as unrouteable?

Anyway, see 

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: