[c-nsp] Unknown unicast only occuring when a host is under attack...

Dobbins, Roland rdobbins at arbor.net
Sat Mar 26 09:48:51 EDT 2011


On Mar 25, 2011, at 2:11 AM, Drew Weaver wrote:

> Basically what is happening is a host in a VLAN is getting flooded with http requests and when this happens the http requests are being unicast to all ports in this VLAN.

How was this diagnosed?

Are you sure that the /32 of the individual host is all that's being attacked, or are the attackers perhaps going after more than one host on the same VLAN/subnet?

Are directed broadcasts disabled?

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

		The basis of optimism is sheer terror.

			  -- Oscar Wilde




More information about the cisco-nsp mailing list