Yeah, but you can't deny 1 customer w/o explicitly allowing all
others....unless I'm missing something on the mac list setup.
-Bob
----- Original Message -----
From: "Brett Hays" <bretth@htonline.net>
To: <isp-wireless@isp-wireless.com>
Cc: <EL_Conquistador@htonline.net>; "Karlnet Mailing List"
<karlnet@WISPNotes.com>
Sent: Thursday, February 03, 2005 10:10 PM
Subject: [Karlnet] virus at customer site hoses entire AP, any ideas?
We have had a couple of situations now where a customer machine will get a
Trojan that sends out massive amounts of traffic and bring down every other
customer on the same AP. Most recently, it was one called multidr.bk/Troj
which opened up damn near every port in the 3000 range.
All of our wireless network is routed and customers are behind
dlink/netgear/linksys/etc routers on the other side of our cpe. However,
this traffic makes it past the router and our cpe and ends up dominating the
polling cycles on the ap they are connected to and causing massive packet
loss for everyone else on that ap, ultimately basically locking up the ap.
Other than turning off the customer in the maclist until the problem is
resolved, has anyone found a way to safeguard against this sort of thing?
Brett Hays
Hometown Online
_______________________________________________
Karlnet mailing list
Karlnet@WISPNotes.com
http://lists.wispnotes.com/mailman/listinfo/karlnet
_______________________________________________
Karlnet mailing list
Karlnet@WISPNotes.com
http://lists.wispnotes.com/mailman/listinfo/karlnet
|