Network Interface 'overload' in 4.11

[Martin Hepworth]

Therere's things you cvan do with reasonable low end managed switches
for bandwidth thottling etc. BTW I fing symantec 'no the best' and
prefer Sophos (theres a nice free trial version you can download). I'd
also run some of the anti-spyware programs on the boxes (you'll need
to run more than one) and sometimes the AV software can be particular
about whats viral and whats spyware..

--
Martin

On 8/18/05, Jim Durham <durham at jcdurham.com> wrote:
> On Thursday 18 August 2005 02:31 pm, you wrote:
> > Sounds like viral activity to me. I has this at work recently
> > where 2 mtob infected machines where able to bring the entire
> > 100mbs switched network to its needs  If you run ethereal you
> > may find the network is being flooded by arp lookups from the
> > Windows machine in question.....
> 
> Yes. I agree. Although we've run Symantec on the silly box and
> nothing is there with the latest identity files. In fact, now
> you can hook it back up to the net and all is fine. Maybe it got
> fixed by one of the 'anti-worm worms' ?  8-) .
> 
> What I was really wondering is if there is some way of preventing
> one silly Windows box from taking the FreeBSD server into a
> state where it is pretty much useless network-wise.
> 
> Setting throttling is one thing that was suggested, but as I
> recall, when I tried that, it actually made no difference
> because it throttled the interface and it was useless anyway.
> 
> Doesn't ethereal really just run tcpdump?  Tcpdump showed very
> little. I guess because it was running on the same machine and
> the machine wasn't delivering packets to the internal
> networking..or it was infernally slow and it didn't get much to
> show.
> 
> Probably if I had a 2nd FreeBSD box monitoring the network on a
> hub insdtead of a switch, that would work, but this is an "outer
> office" with no on-site IT staff and that is sort of hard to
> accomplish.
> 
> Thanks!
> 
> -Jim
>