Re: arp table overflow due to windows worm

To: debian-security@lists.debian.org
Subject: Re: arp table overflow due to windows worm
From: Rick Moen <rick@linuxmafia.com>
Date: Sun, 17 Oct 2004 14:08:56 -0700
Message-id: <[🔎] 20041017210856.GN29810@linuxmafia.com>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] ckubbo$k6c$1@sea.gmane.org>
References: <[🔎] 41705DE8.1010400@gmx.net> <[🔎] ckubbo$k6c$1@sea.gmane.org>

Quoting Jason Lunz (lunz@falooley.org):

> The entire neighbor cache was completely rewritten recently, and I
> believe it was prompted by exactly this sort of situation.  

Just wanted to mention:  That "neigbour table overflow" error can also
be caused by inadvertantly removing the localhost line from one's
/etc/hosts file, with the result that an avalanche of local socket
requests clobber the system's ARP cache.

So, don't rush to the conclusion that your system is under attack, just
because you see that error.  You might be shooting at your own feet.

-- 
Cheers,                        
Rick Moen                         This .signature intentionally left blank.
rick@linuxmafia.com

Reply to:

Follow-Ups:
- Re: arp table overflow due to windows worm
  - From: Russell Coker <russell@coker.com.au>

References:
- arp table overflow due to windows worm
  - From: Ben Goedeke <goedeke-deb-sec@gmx.net>
- Re: arp table overflow due to windows worm
  - From: Jason Lunz <lunz@falooley.org>

Prev by Date: Re: arp table overflow due to windows worm
Next by Date: Re: arp table overflow due to windows worm
Previous by thread: Re: arp table overflow due to windows worm
Next by thread: Re: arp table overflow due to windows worm
Index(es):
- Date
- Thread