From mboxrd@z Thu Jan 1 00:00:00 1970 From: Carl-Daniel Hailfinger Date: Wed, 19 Oct 2005 22:09:40 +0000 Subject: Re: [LARTC] arp flood (offtopic?) Message-Id: <4356C424.80009@gmx.net> List-Id: References: <032b01c5d4bb$a8837ed0$020c0c0a@admin> In-Reply-To: <032b01c5d4bb$a8837ed0$020c0c0a@admin> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Alex schrieb: > Now the thing is that the load average goes up to 30 and the gateway > doesn't even respond to ping after a while. > The arp-requests are not only for ips that are assigned to hosts but > even for un-allocated ips in the same subnet. Ah. Classical problem. There are only two realistic explanations for it: - the source of the arp flood is scanning the local net - the source of the arp flood has been infected with a virus. In my experience, only viruses generate real floods, scans are much more friendly to the network. So just clean the viruses from the flooding machines. > Maybe dividing into multiple vlans would be a better idea? Yes, that would somewhat help, but not solve the problem completely. Besides, I'd go for fixing the real problem instead of some symptoms. Regards, Carl-Daniel -- http://www.hailfinger.org/ _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc