Re: arp table overflow due to windows worm

To: debian-security@lists.debian.org
Subject: Re: arp table overflow due to windows worm
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sat, 16 Oct 2004 02:58:21 -0300
Message-id: <[🔎] 20041016055821.GB30479@khazad-dum.debian.net>
In-reply-to: <[🔎] 41705DE8.1010400@gmx.net>
References: <[🔎] 41705DE8.1010400@gmx.net>

On Sat, 16 Oct 2004, Ben Goedeke wrote:
> Should it really be possible for a single infected windows machine to dos
> a linux firewall? Please tell me it's not true and there's just something
> I'm overlooking. I'm at my wits end here and don't even know what to try
> next. So any pointers are much appreciated.

Well, I have seen ARP overflows on very big flat networks (e.g.
172.16.0.0/16) for example.  Is any of yours that big?  Otherwise, why would
the firewall be trying to resolve so many ARP addresses, instead of
forwarding the packets to its default gateway, or rejecting the IP packets
as unrouteable?

Anyway, see 
http://www.atm.tut.fi/list-archive/linux-diffserv/msg00962.html

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: arp table overflow due to windows worm
  - From: "Christian Storch" <storch@infra.net>
- Re: arp table overflow due to windows worm
  - From: Benjamin Goedeke <b.goedeke@gmx.de>

References:
- arp table overflow due to windows worm
  - From: Ben Goedeke <goedeke-deb-sec@gmx.net>

Prev by Date: arp table overflow due to windows worm
Next by Date: Re: arp table overflow due to windows worm
Previous by thread: arp table overflow due to windows worm
Next by thread: Re: arp table overflow due to windows worm
Index(es):
- Date
- Thread