[nsp] ARP storm
hackerwacker at cybermesa.com
Thu Sep 4 10:20:09 EDT 2003
James, is the problem coming from the Internet or from his users?
Users. He is dropping 92 Byte pings at the edge on both his connections.
His TCP Dumps support this finding.
He has subnetted the /22 into a /24 and /23 and it seem the wireless nodes
are most effected. Hundreds of hosts on this network. They are experienced
*nix admins, they are using Linux TC to control and shape client traffic, so a box
to do Proxy ARP could be a solution. What do y'all think ? He could rate limit
the arps with TC, but both he and I this this will make things worse. They need
to be answered.
More information about the cisco-nsp