[nsp] ARP storm
james
hackerwacker at cybermesa.com
Wed Sep 3 11:34:47 EDT 2003
I have a customer we do transit for that has a /22 from us. The worm is causing a huge amount of ARP traffic on his
network.
He has a 7206 which is the ARP cache for his whole network, i.e. no other routers. He is using the ip policy route map
to drop incoming 92 byte worm pings (incoming on his connections to the internet)
and is starting to control ICMP closer to his end users. The problem at this point is excessive
ARP traffic:
" but asking for 200+ MAC addresses in 4 or 5 seconds is just not friendly "
Are there any commands for the Cisco to control this, such as negative ARP caching ?
James Edwards
Routing and Security Administrator
jamesh at cybermesa.com
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
Phone support 365 days till 10 pm via the Santa Fe office:
505-988-9200 or Toll Free: 888-988-2700
More information about the cisco-nsp
mailing list