We use a mikrotik based router. It has all the tools to do what you are
asking for.
check it out http://www.mikrotik.com
----- Original Message -----
From: "Brett Hays" <bretth@htonline.net>
To: "Karlnet Mailing List" <karlnet@WISPNotes.com>
Cc: "Scot Green" <sjgreen@htonline.net>
Sent: Tuesday, June 17, 2003 10:20 PM
Subject: Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas
> It's just a colossal pain in the a** hunting down the offender. I suppose
I
> need to find some better diagnostic tools or learn something. Does anyone
> have tips on how to hunt down this sort of traffic. All I know to do is
> watch turbocell station entries on the AP and look for traffic patterns,
but
> that's not much help. Are there any programs we can run at the noc to
watch
> for traffic anomalies like this. I am familiar with active ports and some
> other programs, but they only watch the machine they are actually
installed
> on. We run all Win2000 boxes for servers, so something that would run on
> that platform would be best.
>
> Brett Hays
> Hometown Online
> www.htonline.net
>
> ----- Original Message -----
> From: "Bob Hrbek" <bhrbek@jagwireless.com>
> To: "Karlnet Mailing List" <karlnet@WISPNotes.com>
> Sent: Tuesday, June 17, 2003 9:33 AM
> Subject: Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas
>
>
> > Brett, I think you are doing things correctly with the routing. I don't
> > believe the storm settings will help with ICMP or UDP overloading of the
> > network. These virus's have taken down the networks of some VERY large
> > companies. One thing I suppose you could do is if you determine that
the
> > traffic is coming from a particular customer, you could create a MAC
> filter
> > to deny their traffic at the AP until they got the problem resolved.
> >
> > I don't think that the alternative configurations that you suggested
would
> > be of any help in these instances.
> >
> > As any other service provider would do.....if a subscriber is taking
down
> > the providers network, you simply isolate them until they get their
stuff
> > fixed.
> >
> > -bob
> >
> >
> > ----- Original Message -----
> > From: "Brett Hays" <bretth@htonline.net>
> > To: "Karlnet Mailing List" <karlnet@WISPNotes.com>;
<RMallory@karlnet.com>
> > Cc: <kstuckwisch@htonline.net>; "Scot Green" <sjgreen@htonline.net>
> > Sent: Tuesday, June 17, 2003 9:24 AM
> > Subject: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas
> >
> >
> > > We have finally isolated a problem we have been having for over a
month
> on
> > > our wireless system with some customers falling offline, etc on mostly
> > > nights and weekends for 5-15 minute durations due to excessive icmp (I
> > > believe) traffic coming from one customer location. The customer is
> > working
> > > with us to isolate the offending machine/device and solve the problem.
> > >
> > > That said, this has been a mother to isolate and solve. Does anyone
> have
> > > any ideas on how to protect access points from one client with code
red,
> > > etc. pegging the whole network? We run AP1000 base and RG1100
clients.
> > > Currently, we are routed with real world IP's on the RG's and nat for
> the
> > > customer on the ethernet side. I noticed in the bridging setup that
> there
> > > is a section called storm protection. If we were running bridging on
> the
> > > clients and had this enabled, would it protect from this sort of
> problem?
> > >
> > > I know that some of you have said you run nat on the access point and
> then
> > > give the real world IP to the customer's computer or dsl/cable router.
> My
> > > question regarding this is how do you access the client devices (in
our
> > case
> > > RG's) to change configuration, etc. if they are behind nat on the
access
> > > point?
> > >
> > > Please excuse any stupid questions I am asking, I have very limited
> > > experience with bridging.
> > >
> > > Brett Hays
> > > Hometown Online
> > > www.htonline.net
> > >
> > >
> > > _______________________________________________
> > > Karlnet mailing list
> > > Karlnet@WISPNotes.com
> > > http://lists.wispnotes.com/mailman/listinfo/karlnet
> > >
> >
> > _______________________________________________
> > Karlnet mailing list
> > Karlnet@WISPNotes.com
> > http://lists.wispnotes.com/mailman/listinfo/karlnet
> >
>
>
> _______________________________________________
> Karlnet mailing list
> Karlnet@WISPNotes.com
> http://lists.wispnotes.com/mailman/listinfo/karlnet
>
|