Karlnet
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Karlnet] virus at customer site hoses entire AP, any ideas?

from [Brett Hays] [Permanent Link][Original]
To: "Karlnet Mailing List" <karlnet@WISPNotes.com>
Subject: Re: [Karlnet] virus at customer site hoses entire AP, any ideas?
From: "Brett Hays" <bretth@htonline.net>
Reply-to: Brett Hays <bretth@htonline.net>,Karlnet Mailing List <karlnet@WISPNotes.com>
Date: Fri, 4 Feb 2005 00:07:24 -0500
List-post: <mailto:karlnet@WISPNotes.com>
I think you're right...we use radius for authentication, so the only thing I would be putting on the ap would be the one entry to deny the one customer...probably should have been more descriptive..sorry

----- Original Message ----- From: "Bob Hrbek" <bhrbek@jagwireless.net>
To: "Brett Hays" <bretth@htonline.net>; "Karlnet Mailing List" <karlnet@WISPNotes.com>
Sent: Friday, February 04, 2005 12:05 AM
Subject: Re: [Karlnet] virus at customer site hoses entire AP, any ideas?


Yeah, but you can't deny 1 customer w/o explicitly allowing all
others....unless I'm missing something on the mac list setup.

-Bob
----- Original Message ----- From: "Brett Hays" <bretth@htonline.net>
To: <isp-wireless@isp-wireless.com>
Cc: <EL_Conquistador@htonline.net>; "Karlnet Mailing List"
<karlnet@WISPNotes.com>
Sent: Thursday, February 03, 2005 10:10 PM
Subject: [Karlnet] virus at customer site hoses entire AP, any ideas?


We have had a couple of situations now where a customer machine will get a
Trojan that sends out massive amounts of traffic and bring down every other
customer on the same AP. Most recently, it was one called multidr.bk/Troj
which opened up damn near every port in the 3000 range.

All of our wireless network is routed and customers are behind
dlink/netgear/linksys/etc routers on the other side of our cpe. However,
this traffic makes it past the router and our cpe and ends up dominating the
polling cycles on the ap they are connected to and causing massive packet
loss for everyone else on that ap, ultimately basically locking up the ap.

Other than turning off the customer in the maclist until the problem is
resolved, has anyone found a way to safeguard against this sort of thing?

Brett Hays
Hometown Online
_______________________________________________
Karlnet mailing list
Karlnet@WISPNotes.com
http://lists.wispnotes.com/mailman/listinfo/karlnet



_______________________________________________
Karlnet mailing list
Karlnet@WISPNotes.com
http://lists.wispnotes.com/mailman/listinfo/karlnet

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Karlnet] virus at customer site hoses entire AP, any ideas?, Brett Hays
Next by Date:  RE: Re[2]: [Karlnet] Where did all the posts go???? or arethe'retrying', tonylist
Previous by Thread:  Re: [Karlnet] virus at customer site hoses entire AP, any ideas?, Bob Hrbek
Next by Thread:  [Karlnet] Re: virus at customer site hoses entire AP, any ideas?, Evgeny N. Ananyev
Indexes:  [Date] [Thread] [Top] [All Lists]