Date: Sun, 21 Aug 2005 21:23:30 +0100 From: Martin Hepworth <maxsec@gmail.com> To: durham@jcdurham.com Cc: freebsd-questions@freebsd.org Subject: Re: Network Interface 'overload' in 4.11 Message-ID: <72cf361e05082113231df06021@mail.gmail.com> In-Reply-To: <200508181627.27113.durham@jcdurham.com> References: <200508181214.30511.durham@jcdurham.com> <72cf361e05081811314a56806a@mail.gmail.com> <200508181627.27113.durham@jcdurham.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Therere's things you cvan do with reasonable low end managed switches for bandwidth thottling etc. BTW I fing symantec 'no the best' and prefer Sophos (theres a nice free trial version you can download). I'd also run some of the anti-spyware programs on the boxes (you'll need to run more than one) and sometimes the AV software can be particular about whats viral and whats spyware.. -- Martin On 8/18/05, Jim Durham <durham@jcdurham.com> wrote: > On Thursday 18 August 2005 02:31 pm, you wrote: > > Sounds like viral activity to me. I has this at work recently > > where 2 mtob infected machines where able to bring the entire > > 100mbs switched network to its needs If you run ethereal you > > may find the network is being flooded by arp lookups from the > > Windows machine in question..... >=20 > Yes. I agree. Although we've run Symantec on the silly box and > nothing is there with the latest identity files. In fact, now > you can hook it back up to the net and all is fine. Maybe it got > fixed by one of the 'anti-worm worms' ? 8-) . >=20 > What I was really wondering is if there is some way of preventing > one silly Windows box from taking the FreeBSD server into a > state where it is pretty much useless network-wise. >=20 > Setting throttling is one thing that was suggested, but as I > recall, when I tried that, it actually made no difference > because it throttled the interface and it was useless anyway. >=20 > Doesn't ethereal really just run tcpdump? Tcpdump showed very > little. I guess because it was running on the same machine and > the machine wasn't delivering packets to the internal > networking..or it was infernally slow and it didn't get much to > show. >=20 > Probably if I had a 2nd FreeBSD box monitoring the network on a > hub insdtead of a switch, that would work, but this is an "outer > office" with no on-site IT staff and that is sort of hard to > accomplish. >=20 > Thanks! >=20 > -Jim >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?72cf361e05082113231df06021>