On Sa, 16.10.2004, 07:58, Henrique de Moraes Holschuh wrote: > On Sat, 16 Oct 2004, Ben Goedeke wrote: >> Should it really be possible for a single infected windows machine to >> dos >> a linux firewall? Please tell me it's not true and there's just >> something >> I'm overlooking. I'm at my wits end here and don't even know what to try >> next. So any pointers are much appreciated. > > Well, I have seen ARP overflows on very big flat networks (e.g. > 172.16.0.0/16) for example. Is any of yours that big? Otherwise, why > would > the firewall be trying to resolve so many ARP addresses, instead of > forwarding the packets to its default gateway, or rejecting the IP packets > as unrouteable? >
Do you have a route entry like 0.0.0.0 0.0.0.0 0.0.0.0 UG 0 0 0 eth0 instead of 0.0.0.0 1.2.3.4 0.0.0.0 UG 0 0 0 eth0 with 1.2.3.4 as the next hop to your isp? That would generate an arp overflow very fast if you try sending to permanently changing ip adresses outside your network as typical worms would do! Christian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
