In some mail from Lancashire, Andrew, sie said: > > This is to clarify what is being put out by Cisco and what we are being told > by Cisco. > > Two e-mails below is what Cisco is telling us and makes allot more sense > than what Cisco is telling Bugtraq. The last post to Bugtraq made mention > that the arp cache was filling up and allocating memory for both reachable > hosts and unreachable hosts (incompletes). Although what Lisa describes is > true regarding the arp cache, it would not be true for our or most other > sane persons environment. Since routers will only arp for what is local, > that would mean that for the arp cache to fill up and us all the memory all > networks in the 10.x.x.x range would need to be local. So that's not gonna > happen but if you read the e-mail below that from Kenny (also at Cisco ) his > explanation makes allot more sense considering we have hundreds of routers. This may or may not be relevant, but Cisco allow you to set up routes via interfaces and in routing packets via that interface, they ARP for the destination IP address, relying on proxy ARP to get anwers. I've not studied this in detail, but it conceivably leads to a situation where with a big scan, you can end up with a large ARP cache even on a crossover connecting a /30 subnet between two routers. Darren
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:03 PDT