[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: arp table overflow due to windows worm

goedeke-deb-sec@gmx.net said:
> 135 is closed in both directions. However, I get the message "Neighbour
> table overflow" on the firewall (debian stable w/ kernel 2.4.27) and the
> entire network comes to a standstill. The cpu load isn't even close to a
> Should it really be possible for a single infected windows machine to dos
> a linux firewall? Please tell me it's not true and there's just something
> I'm overlooking. I'm at my wits end here and don't even know what to try
> next. So any pointers are much appreciated.

The entire neighbor cache was completely rewritten recently, and I
believe it was prompted by exactly this sort of situation.  That work
will be released as part of linux 2.6.9, iirc. There's also a backport
pending for 2.4, though probably not 2.4.28. Check out this thread:



Reply to: