On Sat, 16 Oct 2004, Ben Goedeke wrote: > Should it really be possible for a single infected windows machine to dos > a linux firewall? Please tell me it's not true and there's just something > I'm overlooking. I'm at my wits end here and don't even know what to try > next. So any pointers are much appreciated.
Well, I have seen ARP overflows on very big flat networks (e.g. 172.16.0.0/16) for example. Is any of yours that big? Otherwise, why would the firewall be trying to resolve so many ARP addresses, instead of forwarding the packets to its default gateway, or rejecting the IP packets as unrouteable? Anyway, see http://www.atm.tut.fi/list-archive/linux-diffserv/msg00962.html -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
