Well, I'm no ethernet expert, but these days aren't ethernet switches used almost exclusively, rather than the old fashioned ethernet hubs? If you're connected through a switch, you already got ip filtering for free?
I think that's true for most LAN (e.g. factory floor) installations.
Doesn't stop a flood of broadcast packets though, which at 100mbps would pretty well finish off the ISR handling ETH RX (which is not a trivial ISR) and one needs to decide whether this vulnerability is worth addressing.
In the product I am working on this was solved by polling for RX packets, at 100Hz, resulting in a 250kbyte/sec data rate cap, which is fine for the application.
I can't explain why 2500 bytes are transferred each time; it isn't a multiple of anything...If using an RX interrupt (which everybody says you must

) then this can be solved by the ISR disabling the IRQ for a bit, setting a timer, and then re-enabling the ETH IRQ from a timer ISR. Which is... hey pretty much what I am doing with polling

Well, you could make it more cunning, like run flat out for up to 100ms and then start backing off the IRQ.
something is probably wrong with “other hosts” on the net.
For sure, but that doesn't help you
