[LARTC] arp flood (offtopic?)
Carl-Daniel Hailfinger
c-d.hailfinger.devel.2005 at gmx.net
Thu Oct 20 00:09:40 CEST 2005
Alex schrieb:
> Now the thing is that the load average goes up to 30 and the gateway
> doesn't even respond to ping after a while.
> The arp-requests are not only for ips that are assigned to hosts but
> even for un-allocated ips in the same subnet.
Ah. Classical problem. There are only two realistic explanations for it:
- the source of the arp flood is scanning the local net
- the source of the arp flood has been infected with a virus.
In my experience, only viruses generate real floods, scans are much more
friendly to the network. So just clean the viruses from the flooding
machines.
> Maybe dividing into multiple vlans would be a better idea?
Yes, that would somewhat help, but not solve the problem completely.
Besides, I'd go for fixing the real problem instead of some symptoms.
Regards,
Carl-Daniel
--
http://www.hailfinger.org/
More information about the LARTC
mailing list