[LARTC] arp flood (offtopic?)
Oscar Mechanic
oscar at ufomechanic.net
Thu Oct 20 10:33:08 CEST 2005
Has anyone tried ebtables and the limit target to control the rate
On Thu, 2005-10-20 at 00:09 +0200, Carl-Daniel Hailfinger wrote:
> Alex schrieb:
> > Now the thing is that the load average goes up to 30 and the gateway
> > doesn't even respond to ping after a while.
> > The arp-requests are not only for ips that are assigned to hosts but
> > even for un-allocated ips in the same subnet.
>
> Ah. Classical problem. There are only two realistic explanations for it:
> - the source of the arp flood is scanning the local net
> - the source of the arp flood has been infected with a virus.
> In my experience, only viruses generate real floods, scans are much more
> friendly to the network. So just clean the viruses from the flooding
> machines.
>
> > Maybe dividing into multiple vlans would be a better idea?
>
> Yes, that would somewhat help, but not solve the problem completely.
> Besides, I'd go for fixing the real problem instead of some symptoms.
>
>
> Regards,
> Carl-Daniel
More information about the LARTC
mailing list