Date: Thu, 18 Aug 2005 16:27:26 -0400 From: Jim Durham <durham@jcdurham.com> To: Martin Hepworth <maxsec@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Network Interface 'overload' in 4.11 Message-ID: <200508181627.27113.durham@jcdurham.com> In-Reply-To: <72cf361e05081811314a56806a@mail.gmail.com> References: <200508181214.30511.durham@jcdurham.com> <72cf361e05081811314a56806a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 18 August 2005 02:31 pm, you wrote: > Sounds like viral activity to me. I has this at work recently > where 2 mtob infected machines where able to bring the entire > 100mbs switched network to its needs If you run ethereal you > may find the network is being flooded by arp lookups from the > Windows machine in question..... Yes. I agree. Although we've run Symantec on the silly box and nothing is there with the latest identity files. In fact, now you can hook it back up to the net and all is fine. Maybe it got fixed by one of the 'anti-worm worms' ? 8-) . What I was really wondering is if there is some way of preventing one silly Windows box from taking the FreeBSD server into a state where it is pretty much useless network-wise. Setting throttling is one thing that was suggested, but as I recall, when I tried that, it actually made no difference because it throttled the interface and it was useless anyway. Doesn't ethereal really just run tcpdump? Tcpdump showed very little. I guess because it was running on the same machine and the machine wasn't delivering packets to the internal networking..or it was infernally slow and it didn't get much to show. Probably if I had a 2nd FreeBSD box monitoring the network on a hub insdtead of a switch, that would work, but this is an "outer office" with no on-site IT staff and that is sort of hard to accomplish. Thanks! -Jim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508181627.27113.durham>