[c-nsp] Arp flood?

Cameron.Dry at didata.com.au Cameron.Dry at didata.com.au
Fri Nov 5 03:14:28 EST 2004 

Make sure that you don't have any routes pointing to interfaces - they
should all be pointing to next-hop addresses (where possible).

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of FXCM - Brandon
Palmer
Sent: Thursday, 4 November 2004 10:20 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Arp flood?


I'm seeing some rather devastating traffic on my network at the moment.
The symptoms are that my ARP cache keeps getting filled with
"Incomplete" entries (even for IP addresses that are up).  In debug
mode,  the ARP requests are coming from the switch itself (6506,  sup2,
12.1.22 native).  Goggling for it suggest that maybe this is a nmap
flood somehow?  If that were the case, I could understand my ARP table
filling w/ Inc entries for IPs that are not up,  but what about the ones
that are?  Memory use is normal,  CPU use is normal.  I've tried to
tcpdump on a span port for my uplinks and don't see traffic destin for
the empty IP addresses so i'm not sure where the requests are coming
from.  Network is clean of all other devices that could be conflicting
IP.

Any suggestions?

Thanks folks.

- Brandon

________________________________________________________________________
_____________________________________________________
FXCM, L.L.C.R assumes no responsibility for errors, inaccuracies or
omissions in these materials. FXCM, L.L.C.R does not warrant the
accuracy or completeness of the information, text, graphics, links or
other items contained within these materials. FXCM, L.L.C.R shall not be
liable for any special, indirect, incidental, or consequential damages,
including without limitation losses, lost revenues, or lost profits that
may result from these materials. All information contained in this
e-mail is strictly confidential and is only intended for use by the
recipient.


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


******************************************************************************
 - NOTICE FROM DIMENSION DATA AUSTRALIA
This message is confidential, and may contain proprietary or legally privileged information.  If you have received this email in error, please notify the sender and delete it immediately.

Internet communications are not secure. You should scan this message and any attachments for viruses.  Under no circumstances do we accept liability for any loss or damage which may result from your receipt of this message or any attachments.
******************************************************************************

More information about the cisco-nsp mailing list