[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: arp table overflow due to windows worm

On Mon, 18 Oct 2004 07:08, Rick Moen <rick@linuxmafia.com> wrote:
> Quoting Jason Lunz (lunz@falooley.org):
> > The entire neighbor cache was completely rewritten recently, and I
> > believe it was prompted by exactly this sort of situation.
> Just wanted to mention:  That "neigbour table overflow" error can also
> be caused by inadvertantly removing the localhost line from one's
> /etc/hosts file, with the result that an avalanche of local socket
> requests clobber the system's ARP cache.

How does that work?  Connections to go to device lo unless your 
routing table is broken.

Lookups on "localhost" with gethostbyname() should be expected to fail if 
there is no entry in /etc/hosts unless your default DNS search name has a 
localhost entry (in which case you have an entirely different set of 

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: