Re: arp table overflow due to windows worm
On Sat, 16 Oct 2004, Ben Goedeke wrote:
> Should it really be possible for a single infected windows machine to dos
> a linux firewall? Please tell me it's not true and there's just something
> I'm overlooking. I'm at my wits end here and don't even know what to try
> next. So any pointers are much appreciated.
Well, I have seen ARP overflows on very big flat networks (e.g.
172.16.0.0/16) for example. Is any of yours that big? Otherwise, why would
the firewall be trying to resolve so many ARP addresses, instead of
forwarding the packets to its default gateway, or rejecting the IP packets
as unrouteable?
Anyway, see
http://www.atm.tut.fi/list-archive/linux-diffserv/msg00962.html
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Reply to: