[c-nsp] Rate-limiting ARPs
Ed Butler
ed.butler at rapidswitch.com
Wed Sep 13 05:56:23 EDT 2006
I am trying to find out how to rate limit the generation of ARPs by a
gateway.
Example scenario:
==================================================
123.234.123.1/24 is a Cisco gateway connected to the Internet
An Internet host sends a UDP packet to 123.234.123.99
123.234.123.1 generates an ARP for the .99 IP address, but no one
answers it so it is down as "Incomplete"
An Internet host sends another UDP packet to 123.234.123.99
123.234.123.1 generates another ARP request
==================================================
>From what I can see, there is nothing that prevents this behaviour from
causing a DOS by flooding a subnet with ARP requests. What I'd like to
do is for the Cisco gateway (a 3750 in this instance) to remember it
sent an ARP request for the .99 IP address, and rate limit itself to
sending 1 every second or similar.
Is there any way of achieving this? Any fault with what I am suggesting?
Regards,
Ed Butler
RapidSwitch Ltd
DDI: 020 7106 0731
RapidSwitch Ltd, 5th Floor, Sovereign House, 227 Marsh Wall, London, E14
9SD
This email message is intended only for the addressee(s) and contains
information that may be confidential and/or copyright. If you are not
the intended recipient please notify the sender by reply email and
immediately delete this email. Use, disclosure or reproduction of this
email by anyone other than the intended recipient(s) is strictly
prohibited. No representation is made that this email or any attachments
are free of viruses. Virus scanning is recommended and is the
responsibility of the recipient.
More information about the cisco-nsp
mailing list