From owner-freebsd-questions@FreeBSD.ORG Sun Aug 21 20:23:36 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6994816A41F for ; Sun, 21 Aug 2005 20:23:36 +0000 (GMT) (envelope-from maxsec@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4EB3D43D46 for ; Sun, 21 Aug 2005 20:23:31 +0000 (GMT) (envelope-from maxsec@gmail.com) Received: by wproxy.gmail.com with SMTP id i4so877509wra for ; Sun, 21 Aug 2005 13:23:30 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ZvAyY9X/NQp2qGc5fuQ+ofRGAQUUYZMCG2Z9Y6AQmN/G5ZNGQ2+DMLMTpePOkjrf4KhVjNyqoxwhw8A8FeCwgT3Pwvd9HeRj+WiJLhLHjB41vtBSAOSCk4wRZBmml8X5KPaFfqk6e0F4ttmhSTcMoLaUTpiNOIW15ZrPfb14cME= Received: by 10.54.57.10 with SMTP id f10mr3482069wra; Sun, 21 Aug 2005 13:23:30 -0700 (PDT) Received: by 10.54.4.22 with HTTP; Sun, 21 Aug 2005 13:23:30 -0700 (PDT) Message-ID: <72cf361e05082113231df06021@mail.gmail.com> Date: Sun, 21 Aug 2005 21:23:30 +0100 From: Martin Hepworth To: durham@jcdurham.com In-Reply-To: <200508181627.27113.durham@jcdurham.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <200508181214.30511.durham@jcdurham.com> <72cf361e05081811314a56806a@mail.gmail.com> <200508181627.27113.durham@jcdurham.com> Cc: freebsd-questions@freebsd.org Subject: Re: Network Interface 'overload' in 4.11 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Aug 2005 20:23:36 -0000 Therere's things you cvan do with reasonable low end managed switches for bandwidth thottling etc. BTW I fing symantec 'no the best' and prefer Sophos (theres a nice free trial version you can download). I'd also run some of the anti-spyware programs on the boxes (you'll need to run more than one) and sometimes the AV software can be particular about whats viral and whats spyware.. -- Martin On 8/18/05, Jim Durham wrote: > On Thursday 18 August 2005 02:31 pm, you wrote: > > Sounds like viral activity to me. I has this at work recently > > where 2 mtob infected machines where able to bring the entire > > 100mbs switched network to its needs If you run ethereal you > > may find the network is being flooded by arp lookups from the > > Windows machine in question..... >=20 > Yes. I agree. Although we've run Symantec on the silly box and > nothing is there with the latest identity files. In fact, now > you can hook it back up to the net and all is fine. Maybe it got > fixed by one of the 'anti-worm worms' ? 8-) . >=20 > What I was really wondering is if there is some way of preventing > one silly Windows box from taking the FreeBSD server into a > state where it is pretty much useless network-wise. >=20 > Setting throttling is one thing that was suggested, but as I > recall, when I tried that, it actually made no difference > because it throttled the interface and it was useless anyway. >=20 > Doesn't ethereal really just run tcpdump? Tcpdump showed very > little. I guess because it was running on the same machine and > the machine wasn't delivering packets to the internal > networking..or it was infernally slow and it didn't get much to > show. >=20 > Probably if I had a 2nd FreeBSD box monitoring the network on a > hub insdtead of a switch, that would work, but this is an "outer > office" with no on-site IT staff and that is sort of hard to > accomplish. >=20 > Thanks! >=20 > -Jim >