[nSLUG] Getting CPU cycles during an ARP storm

Jason Kenney jason at ohm.ath.cx
Sun Sep 18 16:35:32 ADT 2005


The only type of attacks I am familiar with involving lots of arp packets 
are arp cache poisoning ones. I would be much more concerned about that, 
then a performance hit, but I think they only send arp packets about 
1/second anyway, so maybe it is something else entirely.


On Sun, 18 Sep 2005, Donald Teed wrote:

> I recently saw a network hit by some sort of arp flood. It was noticeable
> on both Windows and Linux desktop machines running local firewalls,
> as the CPU cycles were hit moderately hard and it made
> the Windowing and I/O interface less responsive. I suspect it was
> software firewalls that which made the system load rise.
> I'd like to consider the various ways of making a system less
> vulnerable to a performance hit like this.
> Some options are to replace the software firewall with a hardware one,
> or to run a multiple CPU system so that one CPU takes on the firewalling
> tasks. Does anyone have additional suggestions on how to allow
> a system to remain useable throughout an ARP storm while
> retaining a firewall?


More information about the nSLUG mailing list