kernel: Neighbour table overflow

This issues is related to a bit too many arp-entries (in ie – a router).
If you’re for instance having bittorrent traffic doing all those arp’s, you’ll end up with a lot of
entries in your logs. Also, it’s a performance issue later on, since you’ll have problem flushing
and creating new connections to ip’s not listed in the arp already.

Example log:

 kernel: Neighbour table overflow.
  kernel: printk: 100 messages suppressed.
  kernel: Neighbour table overflow.
  kernel: printk: 151 messages suppressed.
  kernel: Neighbour table overflow.

To the solution:

start with doing a couple of arp -anv, or by someother means check your concurrent connections.

Next up (example)

echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 3072 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh3 

By default, you will have (a guess) a value of 128 in gc_thresh1 and *2 for thresh2 (256) and *2 for thresh3 (512).

Set your limits with how many concurrent connections your hardware and software can handle.

Now, if you’re running something like zeroshell, add the echo-parts into your startup-scripts.
Otherwise, I’d recommend that this is added as a if-up.d script or it’s relevant counterpart.

openvas 3.1.x “bundle” on ubuntu 10.04

Two versions, one is the classic one, the other contains a bunch of ‘new stuff’.

#make me as a [] and do me a chmod +x []
#Ran on ubu 10.04
#Run as root (ie - sudo -i )

cd $HOME

gunzip -d $HOME/openvas*.gz
tar -xvvf $HOME/openvas-libraries-3.1.2.tar
tar -xvvf $HOME/openvas-scanner-3.1.0.tar
##tar -xvvf $HOME/openvas-client-3.0.1.tar

apt-get install -y build-essential libgtk2.0-dev libglib2.0-dev libssl-dev htmldoc libgnutls-dev libpcap0.8-dev bison libgpgme11-dev libsmbclient-dev snmp pnscan cmake uuid uuid-dev libgtk2.0-dev

#libraries --
$HOME/openvas-libraries-3.1.2/./make install
echo "include /usr/local/lib" >> /etc/ && ldconfig

$HOME/openvas-scanner-3.1.0/./make install

##$HOME/openvas-client-3.0.1/./make install

// second full is wip. (or, just work it out yourself…);

#manual fix


apt-get install uuid uuid-dev libgtk2.0-dev

after libs:
^? Be sure to add /usr/local/lib in /etc/ and type ‘ldconfig’
echo “include /usr/local/lib/*.conf” >> /etc/



gsa-desktop 0.2.0
apt-get install libqt4-dev


So, I keep forgetting how to rebuild my arrays with mdadm (since, it doesn’t break that often).

But, hereĀ“s some information:

mdadm -D /dev/md2
cat /proc/mdstat
#mdadm --stop /dev/md2
mdadm --assemble -v /dev/md2 /dev/sdd1 --run
fsck /dev/md2
mount /point

 mdadm /dev/md0 --add /dev/sda1 --fail /dev/sdb1 --remove /dev/sdb1

Installing metasploit + nexpose on ubuntu 10.04

Is not that fun anymore, the db isn’t autocreated as it once was, so a bit of fiddeling is needed..
Needless to say, you can get it working.
Check out for getting metasploit running again as it should.

Running it is described here:

Good Auditing!