Re: arp table overflow due to windows worm

To: "Benjamin Goedeke" <b.goedeke@gmx.de>
Cc: debian-security@lists.debian.org
Subject: Re: arp table overflow due to windows worm
From: "Christian Storch" <storch@infra.net>
Date: Sat, 16 Oct 2004 16:20:41 +0200 (CEST)
Message-id: <[🔎] 2028.212.89.97.147.1097936441.squirrel@212.89.97.147>
In-reply-to: <[🔎] 41710871.9080100@gmx.de>
References: <[🔎] 41705DE8.1010400@gmx.net> <[🔎] 20041016055821.GB30479@khazad-dum.debian.net> <[🔎] 41710871.9080100@gmx.de>

On Sa, 16.10.2004, 13:39, Benjamin Goedeke wrote:
...
> ethernet address, namely the one of the upstream router.) So it seems
> arp resolution occurs even though the packets are being dropped. That's
> why I thought the bridge before the firewall could be a good idea. But
> I guess the net gets clogged even before it reaches the bridge.

Yes! That resolution is independend from chain FORWARD.
It look's into the routing table for the next hop of a packet
before using netfilter with FORWARD chain.
And then that could happen I wrote in my message some hours before!

Christian

Reply to:

Follow-Ups:
- Re: arp table overflow due to windows worm
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: arp table overflow due to windows worm
  - From: Benjamin Goedeke <b.goedeke@gmx.de>

References:
- arp table overflow due to windows worm
  - From: Ben Goedeke <goedeke-deb-sec@gmx.net>
- Re: arp table overflow due to windows worm
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: arp table overflow due to windows worm
  - From: Benjamin Goedeke <b.goedeke@gmx.de>

Prev by Date: Re: arp table overflow due to windows worm
Next by Date: Re: arp table overflow due to windows worm
Previous by thread: Re: arp table overflow due to windows worm
Next by thread: Re: arp table overflow due to windows worm
Index(es):
- Date
- Thread