Karlnet
[Top] [All Lists]

RE: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas

To: "Brett Hays" <bretth@htonline.net>, "Karlnet Mailing List" <karlnet@WISPNotes.com>
Subject: RE: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas
From: "Don Starnes" <dons@wavemasters.com>
Reply-to: Karlnet Mailing List <karlnet@WISPNotes.com>
Date: Tue, 17 Jun 2003 09:52:38 -0500
List-post: <mailto:karlnet@WISPNotes.com>
Brett,

We have had some of the same problems.  We had a customer that is running a
VPN over our network and his router went beserk and shut down our network.
We are in the process of converting our system to routed from bridged.  It
is my understanding that this will greatly reduce the traffic on our system.
Correct me if I am wrong, but doesn't every radio on a bridged system see
all the traffic and not just the traffic designated for it's IP?  Anyone's
comments who is currently routing would be welcome.

Don Starnes
Wave Masters, Inc.
www.wavemasters.com

-----Original Message-----
From: karlnet-bounces@WISPNotes.com
[mailto:karlnet-bounces@WISPNotes.com]On Behalf Of Brett Hays
Sent: Tuesday, June 17, 2003 9:25 AM
To: Karlnet Mailing List; RMallory@karlnet.com
Cc: kstuckwisch@htonline.net; Scot Green
Subject: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas


We have finally isolated a problem we have been having for over a month on
our wireless system with some customers falling offline, etc on mostly
nights and weekends for 5-15 minute durations due to excessive icmp (I
believe) traffic coming from one customer location.  The customer is working
with us to isolate the offending machine/device and solve the problem.

That said, this has been a mother to isolate and solve.  Does anyone have
any ideas on how to protect access points from one client with code red,
etc. pegging the whole network?  We run AP1000 base and RG1100 clients.
Currently, we are routed with real world IP's on the RG's and nat for the
customer on the ethernet side.  I noticed in the bridging setup that there
is a section called storm protection.  If we were running bridging on the
clients and had this enabled, would it protect from this sort of problem?

I know that some of you have said you run nat on the access point and then
give the real world IP to the customer's computer or dsl/cable router.  My
question regarding this is how do you access the client devices (in our case
RG's) to change configuration, etc. if they are behind nat on the access
point?

Please excuse any stupid questions I am asking, I have very limited
experience with bridging.

Brett Hays
Hometown Online
www.htonline.net


_______________________________________________
Karlnet mailing list
Karlnet@WISPNotes.com
http://lists.wispnotes.com/mailman/listinfo/karlnet


<Prev in Thread] Current Thread [Next in Thread>