[LARTC] ARP queries generating entries in routing cache
Szymon Miotk
spam at crocom.com.pl
Fri Mar 18 09:39:27 CET 2005
Hello!
I've noticed a strange thing: when a client system generates an arp
query for an unexistent host, the routing cache entry is being made.
My system is Fedora 2 with vanilla 2.6.11.
the client is 10.1.1.2 with mask 255.255.0.0
the router/firewall is 10.1.1.1 with mask 255.255.255.0
Yes, the masks are different and this cannot be fixed easily.
So, when the client generates ARP query for an unexistent host in
10.1.1.0/24 network everything is fine - query is dropped.
But when it asks for something like 10.1.44.4, then the router drops the
query, but an entry in routing cache is being made.
This is a serious problem, because when someone has a virus which tries
to spread itself, it generates thousands ARP queries per second and my
routing cache overflows and the traffic crawls.
did anybody meet such a problem?
Szymon Miotk
PS. The routing is configured ok. No <incompletes> are in arp cache,
only routing cache is being affected.
More information about the LARTC
mailing list