Re: [Karlnet] Ping Floods, DoS Attacks, etc.

To:	"Brett Hays" <bretth@htonline.net>, "Karlnet Mailing List" <karlnet@WISPNotes.com>
Subject:	Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas
From:	"Bob Hrbek" <bhrbek@jagwireless.com>
Reply-to:	Karlnet Mailing List <karlnet@WISPNotes.com>
Date:	Tue, 17 Jun 2003 22:43:34 -0500
List-post:	<mailto:karlnet@WISPNotes.com>

We use a mikrotik based router.  It has all the tools to do what you are
asking for.

check it out  http://www.mikrotik.com


----- Original Message -----
From: "Brett Hays" <bretth@htonline.net>
To: "Karlnet Mailing List" <karlnet@WISPNotes.com>
Cc: "Scot Green" <sjgreen@htonline.net>
Sent: Tuesday, June 17, 2003 10:20 PM
Subject: Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas


> It's just a colossal pain in the a** hunting down the offender.  I suppose
I
> need to find some better diagnostic tools or learn something.  Does anyone
> have tips on how to hunt down this sort of traffic.  All I know to do is
> watch turbocell station entries on the AP and look for traffic patterns,
but
> that's not much help.  Are there any programs we can run at the noc to
watch
> for traffic anomalies like this.  I am familiar with active ports and some
> other programs, but they only watch the machine they are actually
installed
> on.  We run all Win2000 boxes for servers, so something that would run on
> that platform would be best.
>
> Brett Hays
> Hometown Online
> www.htonline.net
>
> ----- Original Message -----
> From: "Bob Hrbek" <bhrbek@jagwireless.com>
> To: "Karlnet Mailing List" <karlnet@WISPNotes.com>
> Sent: Tuesday, June 17, 2003 9:33 AM
> Subject: Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas
>
>
> > Brett, I think you are doing things correctly with the routing.  I don't
> > believe the storm settings will help with ICMP or UDP overloading of the
> > network.  These virus's have taken down the networks of some VERY large
> > companies.  One thing I suppose you could do is if you determine that
the
> > traffic is coming from a particular customer, you could create a MAC
> filter
> > to deny their traffic at the AP until they got the problem resolved.
> >
> > I don't think that the alternative configurations that you suggested
would
> > be of any help in these instances.
> >
> > As any other service provider would do.....if a subscriber is taking
down
> > the providers network, you simply isolate them until they get their
stuff
> > fixed.
> >
> > -bob
> >
> >
> > ----- Original Message -----
> > From: "Brett Hays" <bretth@htonline.net>
> > To: "Karlnet Mailing List" <karlnet@WISPNotes.com>;
<RMallory@karlnet.com>
> > Cc: <kstuckwisch@htonline.net>; "Scot Green" <sjgreen@htonline.net>
> > Sent: Tuesday, June 17, 2003 9:24 AM
> > Subject: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas
> >
> >
> > > We have finally isolated a problem we have been having for over a
month
> on
> > > our wireless system with some customers falling offline, etc on mostly
> > > nights and weekends for 5-15 minute durations due to excessive icmp (I
> > > believe) traffic coming from one customer location.  The customer is
> > working
> > > with us to isolate the offending machine/device and solve the problem.
> > >
> > > That said, this has been a mother to isolate and solve.  Does anyone
> have
> > > any ideas on how to protect access points from one client with code
red,
> > > etc. pegging the whole network?  We run AP1000 base and RG1100
clients.
> > > Currently, we are routed with real world IP's on the RG's and nat for
> the
> > > customer on the ethernet side.  I noticed in the bridging setup that
> there
> > > is a section called storm protection.  If we were running bridging on
> the
> > > clients and had this enabled, would it protect from this sort of
> problem?
> > >
> > > I know that some of you have said you run nat on the access point and
> then
> > > give the real world IP to the customer's computer or dsl/cable router.
> My
> > > question regarding this is how do you access the client devices (in
our
> > case
> > > RG's) to change configuration, etc. if they are behind nat on the
access
> > > point?
> > >
> > > Please excuse any stupid questions I am asking, I have very limited
> > > experience with bridging.
> > >
> > > Brett Hays
> > > Hometown Online
> > > www.htonline.net
> > >
> > >
> > > _______________________________________________
> > > Karlnet mailing list
> > > Karlnet@WISPNotes.com
> > > http://lists.wispnotes.com/mailman/listinfo/karlnet
> > >
> >
> > _______________________________________________
> > Karlnet mailing list
> > Karlnet@WISPNotes.com
> > http://lists.wispnotes.com/mailman/listinfo/karlnet
> >
>
>
> _______________________________________________
> Karlnet mailing list
> Karlnet@WISPNotes.com
> http://lists.wispnotes.com/mailman/listinfo/karlnet
>

<Prev in Thread]	Current Thread	[Next in Thread>
[Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Brett Hays Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Bob Hrbek Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Brett Hays Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Bob Hrbek <= Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Caleb Carroll RE: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Don Starnes Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Bruno Lopes F. Cabral Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Bruno Lopes F. Cabral RE: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Rob Trout

Previous by Date:	Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Bruno Lopes F. Cabral
Next by Date:	Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Bruno Lopes F. Cabral
Previous by Thread:	Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Brett Hays
Next by Thread:	Re: [Karlnet] Ping Floods, DoS Attacks, etc. - Any Ideas, Caleb Carroll
Indexes:	[Date] [Thread] [Top] [All Lists]