From mboxrd@z Thu Jan  1 00:00:00 1970
From: Szymon Miotk <spam@crocom.com.pl>
Date: Fri, 18 Mar 2005 08:39:27 +0000
Subject: [LARTC] ARP queries generating entries in routing cache
Message-Id: <423A93BF.8070908@crocom.com.pl>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hello!

I've noticed a strange thing: when a client system generates an arp 
query for an unexistent host, the routing cache entry is being made.

My system is Fedora 2 with vanilla 2.6.11.
the client is 10.1.1.2 with mask 255.255.0.0
the router/firewall is 10.1.1.1 with mask 255.255.255.0
Yes, the masks are different and this cannot be fixed easily.

So, when the client generates ARP query for an unexistent host in 
10.1.1.0/24 network everything is fine - query is dropped.
But when it asks for something like 10.1.44.4, then the router drops the 
query, but an entry in routing cache is being made.

This is a serious problem, because when someone has a virus which tries 
to spread itself, it generates thousands ARP queries per second and my 
routing cache overflows and the traffic crawls.

did anybody meet such a problem?

Szymon Miotk

PS. The routing is configured ok. No <incompletes> are in arp cache, 
only routing cache is being affected.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc