[c-nsp] ARP/MAC spoofing protection from a bad nic
Robert E. Seastrom
rs at seastrom.com
Sat Jan 6 20:33:14 EST 2007
"Joseph Jackson" <JJackson at aninetworks.com> writes:
> Earlier today we had what seems to be a NIC in a server go
> bad and started answering with its mac address for every IP within its
> subnet. Of course this caused a massive LAN meltdown which wasn't all
> that fun. We'd like to never have that happen again so I am wondering
> what you guys do out there to prevent this type of issue happening or at
> least make trouble shooting the problem and finding the offending device
> faster. Thanks!
my take on this is it doesn't sound like the nic going bad so much as
upper layer stack meltdown (in particular the arp responder, which
doesn't live on the card unless you've got some kind of super smart
card with ip offloading on board). did you try just rebooting the box
without swapping the card? what os/platform?
just curious,
---rob
More information about the cisco-nsp
mailing list