From owner-freebsd-questions@FreeBSD.ORG Thu Aug 18 20:27:38 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3216816A41F for ; Thu, 18 Aug 2005 20:27:38 +0000 (GMT) (envelope-from durham@jcdurham.com) Received: from smtp03.nauticom.net (smtp03-pix.nauticom.net [209.195.133.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8E8A43D46 for ; Thu, 18 Aug 2005 20:27:37 +0000 (GMT) (envelope-from durham@jcdurham.com) Received: from 18.gibs5.xdsl.nauticom.net (18.gibs5.xdsl.nauticom.net [209.195.184.19]) by smtp03.nauticom.net (8.13.1/8.13.1) with ESMTP id j7IKRa2U098109; Thu, 18 Aug 2005 16:27:36 -0400 (EDT) Received: from dhcp18.eng.nepinc.com (pgh.nepinc.com [66.207.129.50]) by 18.gibs5.xdsl.nauticom.net (8.13.1/8.12.11) with ESMTP id j7IKRt2C043607; Thu, 18 Aug 2005 16:27:55 -0400 (EDT) (envelope-from durham@jcdurham.com) From: Jim Durham To: Martin Hepworth Date: Thu, 18 Aug 2005 16:27:26 -0400 User-Agent: KMail/1.8 References: <200508181214.30511.durham@jcdurham.com> <72cf361e05081811314a56806a@mail.gmail.com> In-Reply-To: <72cf361e05081811314a56806a@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200508181627.27113.durham@jcdurham.com> Cc: freebsd-questions@freebsd.org Subject: Re: Network Interface 'overload' in 4.11 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: durham@jcdurham.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Aug 2005 20:27:38 -0000 On Thursday 18 August 2005 02:31 pm, you wrote: > Sounds like viral activity to me. I has this at work recently > where 2 mtob infected machines where able to bring the entire > 100mbs switched network to its needs If you run ethereal you > may find the network is being flooded by arp lookups from the > Windows machine in question..... Yes. I agree. Although we've run Symantec on the silly box and nothing is there with the latest identity files. In fact, now you can hook it back up to the net and all is fine. Maybe it got fixed by one of the 'anti-worm worms' ? 8-) . What I was really wondering is if there is some way of preventing one silly Windows box from taking the FreeBSD server into a state where it is pretty much useless network-wise. Setting throttling is one thing that was suggested, but as I recall, when I tried that, it actually made no difference because it throttled the interface and it was useless anyway. Doesn't ethereal really just run tcpdump? Tcpdump showed very little. I guess because it was running on the same machine and the machine wasn't delivering packets to the internal networking..or it was infernally slow and it didn't get much to show. Probably if I had a 2nd FreeBSD box monitoring the network on a hub insdtead of a switch, that would work, but this is an "outer office" with no on-site IT staff and that is sort of hard to accomplish. Thanks! -Jim