From owner-freebsd-questions@FreeBSD.ORG Sun Aug 21 21:05:31 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2AAD416A420 for ; Sun, 21 Aug 2005 21:05:31 +0000 (GMT) (envelope-from danial_thom@yahoo.com) Received: from web33315.mail.mud.yahoo.com (web33315.mail.mud.yahoo.com [68.142.206.130]) by mx1.FreeBSD.org (Postfix) with SMTP id 7603C43D49 for ; Sun, 21 Aug 2005 21:05:28 +0000 (GMT) (envelope-from danial_thom@yahoo.com) Received: (qmail 1461 invoked by uid 60001); 21 Aug 2005 21:05:27 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=n89CIlq++u0q6aAddJhIkiXsrSbemLlW09A9izK/Rsw9FZmI+lGVAp3oIKspomi9xoqlEoqj+dpboXqUwdJf96EfDo1yC86YG5JbDP3FFKsBQVulerlsXU4VeQIfRXv+kJJTi4hulWRsPbWPhmmMjBUGFfF1IpDKDeRWbURl3y0= ; Message-ID: <20050821210527.1459.qmail@web33315.mail.mud.yahoo.com> Received: from [69.114.187.133] by web33315.mail.mud.yahoo.com via HTTP; Sun, 21 Aug 2005 14:05:27 PDT Date: Sun, 21 Aug 2005 14:05:27 -0700 (PDT) From: Danial Thom To: Martin Hepworth , durham@jcdurham.com, freebsd-questions@freebsd.org In-Reply-To: <72cf361e05082113231df06021@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-questions@freebsd.org Subject: Re: Network Interface 'overload' in 4.11 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: danial_thom@yahoo.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Aug 2005 21:05:31 -0000 --- Martin Hepworth wrote: > Therere's things you cvan do with reasonable > low end managed switches > for bandwidth thottling etc. BTW I fing > symantec 'no the best' and > prefer Sophos (theres a nice free trial version > you can download). I'd > also run some of the anti-spyware programs on > the boxes (you'll need > to run more than one) and sometimes the AV > software can be particular > about whats viral and whats spyware.. > > -- > Martin > > On 8/18/05, Jim Durham > wrote: > > On Thursday 18 August 2005 02:31 pm, you > wrote: > > > Sounds like viral activity to me. I has > this at work recently > > > where 2 mtob infected machines where able > to bring the entire > > > 100mbs switched network to its needs If > you run ethereal you > > > may find the network is being flooded by > arp lookups from the > > > Windows machine in question..... > > > > Yes. I agree. Although we've run Symantec on > the silly box and > > nothing is there with the latest identity > files. In fact, now > > you can hook it back up to the net and all is > fine. Maybe it got > > fixed by one of the 'anti-worm worms' ? 8-) > . > > > > What I was really wondering is if there is > some way of preventing > > one silly Windows box from taking the FreeBSD > server into a > > state where it is pretty much useless > network-wise. > > > > Setting throttling is one thing that was > suggested, but as I > > recall, when I tried that, it actually made > no difference > > because it throttled the interface and it was > useless anyway. > > > > Doesn't ethereal really just run tcpdump? > Tcpdump showed very > > little. I guess because it was running on the > same machine and > > the machine wasn't delivering packets to the > internal > > networking..or it was infernally slow and it > didn't get much to > > show. > > > > Probably if I had a 2nd FreeBSD box > monitoring the network on a > > hub insdtead of a switch, that would work, > but this is an "outer > > office" with no on-site IT staff and that is > sort of hard to > > accomplish. > > > > Thanks! > > > > -Jim The obvious thing to do is don't connect everyone to the gig backbone at a gigabit. It doesn't sound like the 4.11 box was the problem; it sounds like there was no bandwidth for any other traffic on the wire because the haywire box was filling it with garbage. So it needs to be fixed at the source. DT __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com