[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: arp table overflow due to windows worm

On Mon, 18 Oct 2004 07:08, Rick Moen <rick@linuxmafia.com> wrote:
> Quoting Jason Lunz (lunz@falooley.org):
> > The entire neighbor cache was completely rewritten recently, and I
> > believe it was prompted by exactly this sort of situation.
>
> Just wanted to mention:  That "neigbour table overflow" error can also
> be caused by inadvertantly removing the localhost line from one's
> /etc/hosts file, with the result that an avalanche of local socket
> requests clobber the system's ARP cache.

How does that work?  Connections to 127.0.0.0/8 go to device lo unless your 
routing table is broken.

Lookups on "localhost" with gethostbyname() should be expected to fail if 
there is no entry in /etc/hosts unless your default DNS search name has a 
localhost entry (in which case you have an entirely different set of 
problems).

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
Reply to: