From mboxrd@z Thu Jan  1 00:00:00 1970
From: Oscar Mechanic <oscar@ufomechanic.net>
Date: Thu, 20 Oct 2005 08:33:08 +0000
Subject: Re: [LARTC] arp flood (offtopic?)
Message-Id: <1129797188.14822.187.camel@OSCARLAPLIN>
List-Id: <lartc.vger.kernel.org>
References: <032b01c5d4bb$a8837ed0$020c0c0a@admin>
In-Reply-To: <032b01c5d4bb$a8837ed0$020c0c0a@admin>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Has anyone tried ebtables and the limit target to control the rate

On Thu, 2005-10-20 at 00:09 +0200, Carl-Daniel Hailfinger wrote:
> Alex schrieb:
> > Now the thing is that the load average goes up to 30 and the gateway 
> > doesn't even respond to ping after a while.
> > The arp-requests are not only for ips that are assigned to hosts but 
> > even for un-allocated ips in the same subnet.
> 
> Ah. Classical problem. There are only two realistic explanations for it:
> - the source of the arp flood is scanning the local net
> - the source of the arp flood has been infected with a virus.
> In my experience, only viruses generate real floods, scans are much more 
> friendly to the network. So just clean the viruses from the flooding 
> machines.
> 
> > Maybe dividing into multiple vlans would be a better idea?
> 
> Yes, that would somewhat help, but not solve the problem completely. 
> Besides, I'd go for fixing the real problem instead of some symptoms.
> 
> 
> Regards,
> Carl-Daniel

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc