Re: [Karlnet] Ping Floods, DoS Attacks, etc.

To:	"Karlnet Mailing List" <karlnet@WISPNotes.com>
Subject:	Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas
From:	"Bob Hrbek" <bhrbek@jagwireless.com>
Reply-to:	Karlnet Mailing List <karlnet@WISPNotes.com>
Date:	Tue, 17 Jun 2003 09:33:28 -0500
List-post:	<mailto:karlnet@WISPNotes.com>

Brett, I think you are doing things correctly with the routing.  I don't
believe the storm settings will help with ICMP or UDP overloading of the
network.  These virus's have taken down the networks of some VERY large
companies.  One thing I suppose you could do is if you determine that the
traffic is coming from a particular customer, you could create a MAC filter
to deny their traffic at the AP until they got the problem resolved.

I don't think that the alternative configurations that you suggested would
be of any help in these instances.

As any other service provider would do.....if a subscriber is taking down
the providers network, you simply isolate them until they get their stuff
fixed.

-bob


----- Original Message -----
From: "Brett Hays" <bretth@htonline.net>
To: "Karlnet Mailing List" <karlnet@WISPNotes.com>; <RMallory@karlnet.com>
Cc: <kstuckwisch@htonline.net>; "Scot Green" <sjgreen@htonline.net>
Sent: Tuesday, June 17, 2003 9:24 AM
Subject: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas


> We have finally isolated a problem we have been having for over a month on
> our wireless system with some customers falling offline, etc on mostly
> nights and weekends for 5-15 minute durations due to excessive icmp (I
> believe) traffic coming from one customer location.  The customer is
working
> with us to isolate the offending machine/device and solve the problem.
>
> That said, this has been a mother to isolate and solve.  Does anyone have
> any ideas on how to protect access points from one client with code red,
> etc. pegging the whole network?  We run AP1000 base and RG1100 clients.
> Currently, we are routed with real world IP's on the RG's and nat for the
> customer on the ethernet side.  I noticed in the bridging setup that there
> is a section called storm protection.  If we were running bridging on the
> clients and had this enabled, would it protect from this sort of problem?
>
> I know that some of you have said you run nat on the access point and then
> give the real world IP to the customer's computer or dsl/cable router.  My
> question regarding this is how do you access the client devices (in our
case
> RG's) to change configuration, etc. if they are behind nat on the access
> point?
>
> Please excuse any stupid questions I am asking, I have very limited
> experience with bridging.
>
> Brett Hays
> Hometown Online
> www.htonline.net
>
>
> _______________________________________________
> Karlnet mailing list
> Karlnet@WISPNotes.com
> http://lists.wispnotes.com/mailman/listinfo/karlnet
>

<Prev in Thread]	Current Thread	[Next in Thread>
[Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Brett Hays Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Bob Hrbek <= Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Brett Hays Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Bob Hrbek Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Caleb Carroll RE: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Don Starnes Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Bruno Lopes F. Cabral Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Bruno Lopes F. Cabral RE: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Rob Trout

Previous by Date:	[Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Brett Hays
Next by Date:	RE: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Don Starnes
Previous by Thread:	[Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Brett Hays
Next by Thread:	Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Brett Hays
Indexes:	[Date] [Thread] [Top] [All Lists]

Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas