[c-nsp] Rate-limiting ARPs
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Wed Sep 13 07:11:50 EDT 2006
cisco-nsp-bounces at puck.nether.net <> wrote on Wednesday, September 13,
2006 12:57 PM:
> Oliver,
>
> I am not sure a "debug arp" would be particularly helpful at
> this point, because the problem is not happening at the moment.
>
> The problem manifested itself last night when a server on a /24 subnet
> was subject to a DDOS of 300kpps. The server crashed, for whatever
> reason, and once the ARP entry had timed out all of the
> servers on that
> /24 were bombarded with traffic until we filtered the DDOS at
> the border routers.
Hmm, and you were sure those were arp requests for the victim's IP
address sent at a high rate? Did you capture some of this traffic?
oli
More information about the cisco-nsp
mailing list