Karlnet
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Karlnet] Re: virus at customer site hoses entire AP, any ideas?

from [Evgeny N. Ananyev] [Permanent Link][Original]
To: "karlnet-request@WISPNotes.com" <karlnet@WISPNotes.com>
Subject: [Karlnet] Re: virus at customer site hoses entire AP, any ideas?
From: "Evgeny N. Ananyev" <ansy@nm.ru>
Reply-to: Karlnet Mailing List <karlnet@WISPNotes.com>
Date: Sat, 5 Feb 2005 03:59:18 +0500
List-post: <mailto:karlnet@WISPNotes.com> 
  Hi, karlnet users!

4 feb 2005 at 22:01:25 you wrote:

>> Yeah, but you can't deny 1 customer w/o explicitly allowing all
>> others....unless I'm missing something on the mac list setup.

We add allowed radios only into TurboCell Access List and give
them some piece of bandwidth. All others are prohibited by default.

Another effective way is to lock the bandwith in clients' KN-50.
First of all, trojan/virus jams local radiobridge, and may be
even lock it out -- but not entire wireless network. Client will
feel his' bandwidth degradation and take antivirus measures.

Of course, we have 512kbit/s and more speedy clients, so if we
discover infected one, we temporarily low his' KN-50 down to
32kbit/s until he'll get healthy. On the other hand, client's
still getting some service for his urgent needs...

But the best way is to have ISP-controlled firewalling device
on clients' site just after the radio (Linux, FreeBSD box & SSH
to it, may be some advanced top-boxes) -- for ISP-customised
firewalling and smart traffic shaping. Let's every device do
its' own special work.

>> ----- Original Message -----
>> From: "Brett Hays" <bretth@htonline.net>
>> To: <isp-wireless@isp-wireless.com>
>> Cc: <EL_Conquistador@htonline.net>; "Karlnet Mailing List"
>> <karlnet@WISPNotes.com>
>> Sent: Thursday, February 03, 2005 10:10 PM
>> Subject: [Karlnet] virus at customer site hoses entire AP, any ideas?
>>
>> We have had a couple of situations now where a customer machine will get a
>> Trojan that sends out massive amounts of traffic and bring down every other
>> customer on the same AP.  Most recently, it was one called multidr.bk/Troj
>> which opened up damn near every port in the 3000 range.
>>
>> All of our wireless network is routed and customers are behind
>> dlink/netgear/linksys/etc routers on the other side of our cpe. However,
>> this traffic makes it past the router and our cpe and ends up dominating the
>> polling cycles on the ap they are connected to and causing massive packet
>> loss for everyone else on that ap, ultimately basically locking up the ap.
>>
>> Other than turning off the customer in the maclist until the problem is
>> resolved, has anyone found a way to safeguard against this sort of thing?
>>
>> Brett Hays
>> Hometown Online
--
W/best, Evgeny Ananyev
WISP SysAdmin @ INTERCOM LLC, Russia

_______________________________________________
Karlnet mailing list
Karlnet@WISPNotes.com
http://lists.wispnotes.com/mailman/listinfo/karlnet
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Karlnet] Re: virus at customer site hoses entire AP, any ideas?, Evgeny N. Ananyev <=
Previous by Date:  Re: [Karlnet] virus at customer site hoses entire AP, any ideas?, Bob Hrbek
Next by Date:  [Karlnet] Test, Intercom - Roberto Ravetti
Previous by Thread:  [Karlnet] virus at customer site hoses entire AP, any ideas?, Brett Hays
Next by Thread:  [Karlnet] Test, Intercom - Roberto Ravetti
Indexes:  [Date] [Thread] [Top] [All Lists]