From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Alex" Date: Tue, 24 Feb 2004 21:51:32 +0000 Subject: Re: [LARTC] Neighbour table overflow Message-Id: <001a01c3fb20$5d924c60$05fea8c0@admin> List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org I'm doing NAT for 200 workstations and 2 gre tunels with 4 users each. I also have in mangle table in PRETOURING chain, DROP rules for ports commonly used by blaster, welchia and other worms. I have never seen this problem until now and I did not get the chance to verify it under kernel 2.4.X. I use one class C private with private ips + another 2 class C for tunels. Maybe this message is because my users frequently scan the network with WS_PING to see what users are online (this produces arp-requests for each ip in that ip class)? Alex Iruc ----- Original Message ----- From: "Damjan" To: Cc: "Alex" Sent: Tuesday, February 24, 2004 11:12 PM Subject: Re: [LARTC] Neighbour table overflow > > What is the cause for such a message while running kernel 2.6.1 on RH9 ? > > > > Neighbour table overflow. > > NET: 282 messages suppressed. > > Neighbour table overflow. > > ARP table overflow, > do you have an interface on your router with a too wide netmask? > /16 (255.255.0.0) maybe? > Do you have a lot of "(incomplete)" entries in "arp -n"? > > Check that interface with "tcpdump -i eth? -n arp". > > Probably some virus or port sniffer tries to scan your network. > > -- > Damjan Georgievski > jabberID: damjan@bagra.net.mk > > _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/