[Top] [All Lists]

Re: [PATCH} ARP auto-sizing for 2.4.24 - 2.4.26-pre3

To: Pekka Savola <pekkas@xxxxxxxxxx>
Subject: Re: [PATCH} ARP auto-sizing for 2.4.24 - 2.4.26-pre3
From: "David S. Miller" <davem@xxxxxxxxxx>
Date: Mon, 15 Mar 2004 13:57:53 -0800
Cc: timg@xxxxxxx, anton@xxxxxxxxx, netdev@xxxxxxxxxxx, linux-net@xxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.44.0403152350260.6903-100000@xxxxxxxxxx>
References: <20040315134412.314b5e23.davem@xxxxxxxxxx> <Pine.LNX.4.44.0403152350260.6903-100000@xxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
On Mon, 15 Mar 2004 23:55:04 +0200 (EET)
Pekka Savola <pekkas@xxxxxxxxxx> wrote:

> Isn't there a problem when an outside attacker brute-force pings every 
> IP address in some order?  The intent here is to overload the router 
> to do a lot of ARP/ND requests which result to nothing.

Since another request for the same IP won't spam out another ARP
request whilst we have an existing entry in state "resolve in progress",
the damage is quite limited I'd say.

Sounds to me like the backlog of packets we keep around for each
"resolve in progress" neighbour cache entry is more interesting
for DoS purposes :-)

<Prev in Thread] Current Thread [Next in Thread>