[LARTC] Neighbour table overflow
Alex
alex@hostingcenter.ro
Tue, 24 Feb 2004 23:51:32 +0200
I'm doing NAT for 200 workstations and 2 gre tunels with 4 users each. I
also have in mangle table in PRETOURING chain, DROP rules for ports commonly
used by blaster, welchia and other worms. I have never seen this problem
until now and I did not get the chance to verify it under kernel 2.4.X.
I use one class C private with private ips + another 2 class C for tunels.
Maybe this message is because my users frequently scan the network with
WS_PING to see what users are online (this produces arp-requests for each ip
in that ip class)?
Alex Iruc
----- Original Message -----
From: "Damjan" <gdamjan@mail.net.mk>
To: <lartc@mailman.ds9a.nl>
Cc: "Alex" <alex@hostingcenter.ro>
Sent: Tuesday, February 24, 2004 11:12 PM
Subject: Re: [LARTC] Neighbour table overflow
> > What is the cause for such a message while running kernel 2.6.1 on RH9 ?
> >
> > Neighbour table overflow.
> > NET: 282 messages suppressed.
> > Neighbour table overflow.
>
> ARP table overflow,
> do you have an interface on your router with a too wide netmask?
> /16 (255.255.0.0) maybe?
> Do you have a lot of "(incomplete)" entries in "arp -n"?
>
> Check that interface with "tcpdump -i eth? -n arp".
>
> Probably some virus or port sniffer tries to scan your network.
>
> --
> Damjan Georgievski
> jabberID: damjan@bagra.net.mk
>
>