[WISPA] I need Mikrotik Help
To all, I have some abusive users, when I look at IP Firewall Connections I find asomeusers with over a hundred (100) instances listed in the source address column. I think its flooding my network. I have 2 T1's and 81 users. We're growing faster than I can install new customers. I am using Canopy 900, Canopy 2.45, Tranzeo 2.45. I have activated the SM, SNMP, BOOTP Server and Client filters on the canopy devices. How can I limit the number of active instances of these abusive users on the Mikrotik? Ron Wallace Hahnron, Inc. 220 S. Jackson Dt. Addison, MI 49220 Phone: (517)547-8410 Mobile: (517)605-4542 e-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] USA Today's Money Section today
In today's Money Section of the USA Today, many great tips for Small Business Do you have the right stuff to start a business? Starting a business: What it takes Business plans should be simple, passionate What's Your Target Market? http://www.usatoday.com/money/smallbusiness/2006-07-30-starting-your-business_x.htm http://www.usatoday.com/money/smallbusiness/2006-07-31-business-plan_x.htm In my experience working with many ISPs, most do not have a business plan or a marketing plan. Two questions you should be able to answer: What's your target market? What's your Value Proposition (Why should we buy from you)? Regards, Peter RAD-INFO, Inc. - NSP Strategist We Help ISPs Connect Communicate 813.963.5884 efax 530-323-7025 http://4isps.com -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] I need Mikrotik Help
I have a queation in general: in the typical wireless installation at public or general muni type APs, are the IP addresses given to the users in a many-to-one NAT like home routers or in a 1-to-1 NAT with each internal address NATted with a public address? I've been to CEAS and MAAWG meetings regularly over the past two years and have been involved with network- remediated Trojan/Worm/Virus technology from a variety of vendors. So far, they have avoided specifying how they treat wireless networks but, instead, concentrate on DSL/Cable. There, of course, a cable modem most often faces a Linksys or Netgear many-to-one NAT. ...sometimes several cascaded! Thank you. . . . j o n a t h a n -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John J. Thomas Sent: Monday, July 31, 2006 8:37 AM To: WISPA General List Subject: Re: [WISPA] I need Mikrotik Help How many is some? They may be boxes that have been compromised with a worm, trojan, virus or spyware. Look closely at the destination ports they are connecting to. If the addresses/ports are in sequence, they may have malware on their PC. John -Original Message- From: Ron Wallace [mailto:[EMAIL PROTECTED] Sent: Monday, July 31, 2006 04:24 AM To: [EMAIL PROTECTED], wireless@wispa.org Subject: [WISPA] I need Mikrotik Help To all, I have some abusive users, when I look at IP Firewall Connections I find a some users with over a hundred (100) instances listed in the source address column. I think its flooding my network. I have 2 T1's and 81 users. We're growing faster than I can install new customers. I am using Canopy 900, Canopy 2.45, Tranzeo 2.45. I have activated the SM, SNMP, BOOTP Server and Client filters on the canopy devices. How can I limit the number of active instances of these abusive users on the Mikrotik? Ron Wallace Hahnron, Inc. 220 S. Jackson Dt. Addison, MI 49220 Phone: (517)547-8410 Mobile: (517)605-4542 e-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] I need Mikrotik Help
Ron, When the number of active connections for any single user exceeds about 10 to 15 simultaneous connections, you generally have one of two things occurring. Either the subscriber has been infected by some sort of virus/spyware or the customer is running some sort of peer-to-peer networking software (i.e. Kaaza, winMX, Limewire, Bittorrent, etc, etc, etc). Either of these situations will result in increased latency and decreased overall available network throughput on the Canopy systems. On the Tranzeo system, the effect is far worse. Since Tranzeo is 802.11b based, there is no polling mechanism to ensure timely delivery of packets. the effect of a continuous streams ofoutboundtrafficis dropped packets. Dropped packets means timed-out web pages and dropped email sessions. It gets far worse when you start dealing with games and VoIP. Even 1% packet loss can result in unusable games. Likewise, the very slightest IP interruption can make VoIP sessions experience jitter, echoing, and garbled signal. It is important that you determine the specific customers that are causing the excessive streams. Look at the ports in use and the destination addresses. Determine if the traffic is likely P-t-P or an infection. If it's P-t-P, you should be able to control the volume of the traffic by using the P-t-P throttling mechanisms available through the Mikrotik software. If it's an infection, you shoulddisassociate the user from your AP's until the infection can be resolved. If you simply firewall the outbound traffic, you probably won't solve anything.Many infections cause the PC to continuously send out packets regardless ofwhether those packets ever arrive at a valid destination. Therefore, the infection will keepsending/flooding your AP even if you block the subscriber from successfully reaching the internet viaa Mikrotik firewall. Larry Yunker Network Consultant WISP Advantage [EMAIL PROTECTED] - Original Message - From: Ron Wallace To: [EMAIL PROTECTED] ; wireless@wispa.org Sent: Monday, July 31, 2006 6:24 AM Subject: [WISPA] I need Mikrotik Help To all, I have some abusive users, when I look at IP Firewall Connections I find asomeusers with over a hundred (100) instances listed in the source address column. I think its flooding my network. I have 2 T1's and 81 users. We're growing faster than I can install new customers. I am using Canopy 900, Canopy 2.45, Tranzeo 2.45. I have activated the SM, SNMP, BOOTP Server and Client filters on the canopy devices. How can I limit the number of active instances of these abusive users on the Mikrotik? Ron Wallace Hahnron, Inc. 220 S. Jackson Dt. Addison, MI 49220 Phone: (517)547-8410 Mobile: (517)605-4542 e-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] -- WISPA Wireless List: wireless@wispa.orgSubscribe/Unsubscribe:http://lists.wispa.org/mailman/listinfo/wirelessArchives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] frame size and fps - Mikrotik large packets
Charles, I asked one of our Engineers to clarify on Large Packet Support On Linux Routers and VLAN vs IPSEC. Here is his response. Vlan is level two information. A VLAN packet has a different type in the Ethernet header, which is read by the card driver. So a VLAN aware driver will allow a packet which physical size is 1518 bytes long (1500 bytes of payload + 2*6 of ethernet address + 2 bytes of type/len + 4 bytes VLAN extra info) instead of the normal 1514. On the other hand, IPSec (more precisely ESP and AH) are IP protocols. I.e. the ethernet drivers knows nothing about it. And an IPSec packet can be transported in an ethernet packet, a vlan packet or over a ppp connection. It is IP. Plus, the overhead of IPSec is a lot more than 4 bytes, more 40 bytes or so, but I don't remember the exact value. So my recollection is as followed: - the unpatched drivers on our Linux box were dumb and would simply drop packets that where too big. - the starOS has unpatched drivers but drops to 1496 the MTU of the VLAN interface so that no extra large packet would be generated at the ethernet interface. It works and is correct, but not the behavior we were looking after, only if all devices agree to this behavior and it doesn't mimic the capability of VLAN switches. - the patched drivers (RapidDSL Router Code) and Mikrotik drivers, although they display a MTU of 1500, will accept larger packets to accommodate VLANs. The fact that you cannot change the MTU in Mikrotik doesn't mean that I doesn't pass properly the VLAN packets. Many VLANs are setup all over the place over our Mikrotik routers and RapidDSL routers, and to the best of my knowledge, it works properly. But this has no bearing on IPSec. This is a different ball games. And that's why I was asking the question: what is it for? To create tunnels for you and they need to have 1500 MTU? Or to create tunnels for the customers and it is then a non-issue: they'll have to deal with the lower MTU size of the IPSec tunnel and most of the time it just works (thanks to path MTU discovery). To clarify. The MTU is only the size of the payload. It doesn't take into account the Ethernet header. Of course, the IP header, TCP/UDP header, etc. are considered payload for ethernet and indeed counted in the ethernet payload. There are two MTU to consider. The MTU of the underlying ethernet interface and the MTU of the VLAN interface itself. The second MTU is the effective MTU, the one seen by application, networks, using this interface. The first MTU is the one of the hardware interface. The trick used by StarOS is to reduced the effective MTU. Therefore, gaining 4 bytes off the payload to expand the header into it, without the underlying interface having to be aware of it. If it was possible, leaving the effective MTU at the same value and increasing the underlying interface MTU by 4 bytes would have the same effect. The proper VLAN aware drivers show 1500 MTU for both the underlying interface and the VLAN interface, but it treats VLAN packets with caution, so as not to truncate or drop them because of their longer size. On some places on our network (Reston) I could only ping -s 1470 IPaddres, because any higher ping wouldn;t work. Actually, if 1470 works, so should 1471 and 1472. The size in the ping command is the payload of the ping packet. So the actual size of the IP packet is this size plus the icmp header (8 bytes) and the IP header (20 bytes). 1472 + 20 + 8 = 1500. If you have a VLAN issue, it will cut off at 1468, 1472 - 4 extra bytes of the VLAN tagging. But at Dulles, I tried ping -s 9600 IPaddres and the pings returned. There is no way the Ethernet devices would pass 9600 byte packets would they? ICMP traffic is IP traffic, and as such can go through IP fragmentation (http://www.geocities.com/siliconvalley/vista/8672/network/ ipfrag.html). But some dumb device with a limited IP stack implementation will not support IP reassembling, especially on ICMP traffic. For example, at Dulles, pinging su-peter-knob with -s 1753 fails but pinging ap-wifi-peter-knob works. Note that the ap is Linux based, and hence has a full network stack, and the su (Teletronics) is not. I know the gigabit ports would, but not the Mikrotik 100mbps ports? So I'm not even sure how to test :-) You have to prevent or detect fragmentation to know what's going on. With ping, the option '-M do' will set the DF flag (don't fragment). The test is to see that without fragmentation, you can ping with '-s 1468' and not with '-s 1472'. This would indicate a VLAN MTU issue. Sniffing with tcpdump, where appropriate, is also very informative. In particular look at the flags: [DF] means that the don't fragment flag is set, [+] means that the more fragment to come flag is set (i.e. the message is fragmented). Examples: # sudo tcpdump -i eth4 -l -n -v icmp tcpdump: listening on eth4, link-type EN10MB (Ethernet), capture size 68 bytes 19:05:27.714176 IP (tos 0x0, ttl 64, id
Re: [WISPA] Outstanding Networking Trainer Needed
Tell your client to just hire his router work done. Routers can be managed from anywhere in the world. He should focus on his wireless and customers. Those things can't be done from the outside :-) Marlon (509) 982-2181 Equipment sales (408) 907-6910 (Vonage)Consulting services 42846865 (icq)And I run my own wisp! 64.146.146.12 (net meeting) www.odessaoffice.com/wireless www.odessaoffice.com/marlon/cam - Original Message - From: Chuck [EMAIL PROTECTED] To: 'WISPA General List' wireless@wispa.org Sent: Friday, July 28, 2006 2:40 PM Subject: RE: [WISPA] Outstanding Networking Trainer Needed Butch Evans ? Chuck Moses HIGH DESERT WIRELESS BROADBAND COMMUNICATION 16922 Airport Blvd # 3 Mojave CA 93501 661 824 3431 office 818 406 6818 cell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jack Unger Sent: Friday, July 28, 2006 1:18 PM To: WISPA General List Subject: [WISPA] Outstanding Networking Trainer Needed An ISP client of mine that I just provided wireless training for has asked me to recommend an instructor who could train them in Cisco router fundamentals, administration, and networking. I'd like to recommend someone to them who: 1. Can travel to the east coast to deliver a training course on-site for three professional-grade ISP employee/managers. 2. Is an accomplished and experienced router/networking trainer. 3. Possesses a friendly, flexible, down-to-earth teaching style (like mine) :) 4. Is dedicated, conscientious, and has a passion for empowering the class to succeed (again, like me) :) If you are, or if you know of such an individual, I'd appreciate it if you would let me know off-list, on-list, or via the telephone. Thanks in advance from your humble wireless servant, jack -- Jack Unger ([EMAIL PROTECTED]) - President, Ask-Wi.Com, Inc. Serving the License-Free Wireless Industry Since 1993 Author of the WISP Handbook - Deploying License-Free Wireless WANs True Vendor-Neutral WISP Consulting-Training-Troubleshooting Phone (VoIP Over Broadband Wireless) 818-227-4220 www.ask-wi.com -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Municipal Broadband - A Growing Threat (to Telcos)
Peter, Unfortunately some of these types of funding has as many strings attached to it than the RFP's themselves. Regards, Dawn DiPietro Peter R. wrote: Most RFP's I have reviewed including Atlanta are hot for someone to come in and give away free wi-fi, especially to schools and the under-served sections of town. There are a couple of problems: 1) How do you monetize that? 2) Most of the under-served don't have computers The only real threat to the telcos and cablecos is that the cheap users will use the free system, so some of their revenues will decrease. But so will support costs. And I am sure at some point they will stop maintaining and/or upgrading low revenue facilities, furthering the Digital Divide. But that won't stop them from collecting USF monies. There are monies available to build these networks if the governments could get it together: Quality of Life grants; Homeland Security funding; USF monies for libraries and schools - and those are just the ones off the top of my pointed beanie. It's all coming to a head. Between now and 2009, lots of turbulence to come. Much of it hangs on the lame telecom re-write and how much of a push-over Martin will be. If he gets a spine, it could be a great economic revival. - Peter Dawn DiPietro wrote: All, As quoted from the article; “The competitive impacts of municipal broadband will be especially threatening to incumbents to the extent that muni nets can be cost- justified by increased efficiencies, cost savings and other ‘internal’ or social benefits captured by local governments, schools, and other public institutions,” the report states. While some understand the cost savings these networks can bring others are still focused on the free wifi cloud for the population in these areas. There needs to be more focus on the fact that there are so many other benefits to these municipal networks such as water meter reading, public safety communications etc. For these applications to work a robust network has to be built with the following in mind low latency, 9 reliability, high capacity, and so on. Cost savings for local government, businesses and residential should also be factored into the equation for services such as telecommunications times X number of phone lines just for government offices and broadband access for all schools. I understand that this is only the tip of the ice burg and there are so many other applications and cost savings for these networks. My point is that the network has to be built robust enough to be able to support it all including a wifi cloud. Thanks to Jack for bringing this article to the list. :-) Regards, Dawn DiPietro http://www.telecommagazine.com/newsglobe/article.asp?HH_ID=AR_2244 --- --- -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] 168 Bidders Qualify in FCC Auction
John S. made it to the list! Congrats! I see my telco is on there too. Marlon (509) 982-2181 Equipment sales (408) 907-6910 (Vonage)Consulting services 42846865 (icq)And I run my own wisp! 64.146.146.12 (net meeting) www.odessaoffice.com/wireless www.odessaoffice.com/marlon/cam - Original Message - From: Peter R. [EMAIL PROTECTED] To: WISPA General List wireless@wispa.org Sent: Sunday, July 30, 2006 6:25 AM Subject: [WISPA] 168 Bidders Qualify in FCC Auction http://biz.yahoo.com/ap/060728/fcc_spectrum_auction.html?.v=3 The FCC on Friday issued a list of 168 bidders that have qualified to participate in an upcoming auction of wireless licenses that is expected to raise billions of dollars for the government while ushering in more next-generation services. The auction of 1,122 licenses, slated to begin on Aug. 9, covers slices of the airwaves that are currently used by the federal government. The FCC also issued a list of more than 80 would-be participants whose applications were rejected. upcoming auction of Advanced Wireless Services licenses in the 1710-1755 MHz and 2110-2155 MHz bands (“AWS-1”) (Auction No. 66).1 Bidding in Auction No. 66 is scheduled to begin on Wednesday, August 9, 2006. T-Mobile, Cingular, VZW, Lynch AWS Corp (Gabelli), CableONE... the rest of the list is here: http://hraunfoss.fcc.gov/edocs_public/attachmatch/DA-06-1525A2.pdf I can't find Sprint but maybe they are buying under PCS Partners, L.P. Also, XO aka NextLink is missing from the list. Regards, Peter RAD-INFO, Inc. - NSP Strategist We Help ISPs Connect Communicate 813.963.5884 http://4isps.com/newsletter.htm -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] Service in Lincoln Nebraska area
I have a customer with a friend looking for service. He is 15 miles south east of Lincoln and 4 miles south of Bennet Nebraska. Contact me off-list if you can provide service. Scott Reed Owner NewWays Wireless Networking Network Design, Installation and Administration www.nwwnet.net -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Municipal Broadband - A Growing Threat (to Telcos)
Thats the big thing government forgets to realize, that the costly part of FREE wifi to deliver is End user infrastructure and support, not deployment of the transport network. Thats why I believe many Government projects will not be successful. I can give you a perfect example. I almost had some contracts for broadband to street cameras in DC, and my intent was going to broadcast FREE wifi from every camera location. The broadband to camera contract revenue would have justified the cost for me to pay for the Wireless deployment, and did not require the full bandwidth of the radios for the project. It was only going to cost me an extra $110 per site (one time) to add a SR2s to layer on top the WiFi capabilty portion. Where the real cost was, was the end user CPE or Outdoor antenna, tech support, and buying computers, etc. The plan was maybe I'd set up a 900 number for the support, or pre-paid support hours via the web portal. Politically it would have also been good, maybe even press worthly, those annoying fines from traffic cameras, now gives back to the commmunity with FREE Wifi. What the government should be doing is providing grants or loans for free end user equipment. Then Third Party WISPs would flock in grand numbers, to provide the transport network. Or tax credits for builders thatinclude structure wiring, or allow easements for central wireless backhaul to the building. What doesn't add up to me on Free Wifi is the Governement tries to find a Internet provider to pay for it, through the benefits of advertising or access to eye ball traffic. But if a Marketing company were to give PCs to the End user, what better way would there be to control eye balls of the end user. The ISP doesn't need to control the transport network to control the end user, if they control them via the PC. I think they are making the wrong partnerships. There are also many assets that are needed such as assets of the property owners, and that isn;t available unless property owners/managers are included in on the deal somewhere. Tom DeReggi Peter R. wrote: Most RFP's I have reviewed including Atlanta are hot for someone to come in and give away free wi-fi, especially to schools and the under-served sections of town. There are a couple of problems: 1) How do you monetize that? 2) Most of the under-served don't have computers The only real threat to the telcos and cablecos is that the cheap users will use the free system, so some of their revenues will decrease. But so will support costs. And I am sure at some point they will stop maintaining and/or upgrading low revenue facilities, furthering the Digital Divide. But that won't stop them from collecting USF monies. There are monies available to build these networks if the governments could get it together: Quality of Life grants; Homeland Security funding; USF monies for libraries and schools - and those are just the ones off the top of my pointed beanie. It's all coming to a head. Between now and 2009, lots of turbulence to come. Much of it hangs on the lame telecom re-write and how much of a push-over Martin will be. If he gets a spine, it could be a great economic revival. - Peter Dawn DiPietro wrote: All, As quoted from the article; “The competitive impacts of municipal broadband will be especially threatening to incumbents to the extent that muni nets can be cost- justified by increased efficiencies, cost savings and other ‘internal’ or social benefits captured by local governments, schools, and other public institutions,” the report states. While some understand the cost savings these networks can bring others are still focused on the free wifi cloud for the population in these areas. There needs to be more focus on the fact that there are so many other benefits to these municipal networks such as water meter reading, public safety communications etc. For these applications to work a robust network has to be built with the following in mind low latency, 9 reliability, high capacity, and so on. Cost savings for local government, businesses and residential should also be factored into the equation for services such as telecommunications times X number of phone lines just for government offices and broadband access for all schools. I understand that this is only the tip of the ice burg and there are so many other applications and cost savings for these networks. My point is that the network has to be built robust enough to be able to support it all including a wifi cloud. Thanks to Jack for bringing this article to the list. :-) Regards, Dawn DiPietro http://www.telecommagazine.com/newsglobe/article.asp?HH_ID=AR_2244 --- --- -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe:
Re: [WISPA] I need Mikrotik Help
Thanks Larry, that is very useful. I shall follow all of the advice I get. -Original Message-From: Larry Yunker [mailto:[EMAIL PROTECTED]Sent: Monday, July 31, 2006 11:36 AMTo: 'WISPA General List'Subject: Re: [WISPA] I need Mikrotik Help Ron, When the number of active connections for any single user exceeds about 10 to 15 simultaneous connections, you generally have one of two things occurring. Either the subscriber has been infected by some sort of virus/spyware or the customer is running some sort of peer-to-peer networking software (i.e. Kaaza, winMX, Limewire, Bittorrent, etc, etc, etc). Either of these situations will result in increased latency and decreased overall available network throughput on the Canopy systems. On the Tranzeo system, the effect is far worse. Since Tranzeo is 802.11b based, there is no polling mechanism to ensure timely delivery of packets. the effect of a continuous streams ofoutboundtrafficis dropped packets. Dropped packets means timed-out web pages and dropped email sessions. It gets far worse when you start dealing with games and VoIP. Even 1% packet loss can result in unusable games. Likewise, the very slightest IP interruption can make VoIP sessions experience jitter, echoing, and garbled signal. It is important that you determine the specific customers that are causing the excessive streams. Look at the ports in use and the destination addresses. Determine if the traffic is likely P-t-P or an infection. If it's P-t-P, you should be able to control the volume of the traffic by using the P-t-P throttling mechanisms available through the Mikrotik software. If it's an infection, you shoulddisassociate the user from your AP's until the infection can be resolved. If you simply firewall the outbound traffic, you probably won't solve anything.Many infections cause the PC to continuously send out packets regardless ofwhether those packets ever arrive at a valid destination. Therefore, the infection will keepsending/flooding your AP even if you block the subscriber from successfully reaching the internet viaa Mikrotik firewall. Larry Yunker Network Consultant WISP Advantage [EMAIL PROTECTED] - Original Message - From: Ron Wallace To: [EMAIL PROTECTED] ; wireless@wispa.org Sent: Monday, July 31, 2006 6:24 AM Subject: [WISPA] I need Mikrotik Help To all, I have some abusive users, when I look at IP Firewall Connections I find asomeusers with over a hundred (100) instances listed in the source address column. I think its flooding my network. I have 2 T1's and 81 users. We're growing faster than I can install new customers. I am using Canopy 900, Canopy 2.45, Tranzeo 2.45. I have activated the SM, SNMP, BOOTP Server and Client filters on the canopy devices. How can I limit the number of active instances of these abusive users on the Mikrotik? Ron Wallace Hahnron, Inc. 220 S. Jackson Dt. Addison, MI 49220 Phone: (517)547-8410 Mobile: (517)605-4542 e-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] -- WISPA Wireless List: wireless@wispa.orgSubscribe/Unsubscribe:http://lists.wispa.org/mailman/listinfo/wirelessArchives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] I need Mikrotik Help
Thanks John, I have noticed that many of them from one user are in sequence everyother number 2,4,6,8, for example in the destination addr. I'll have a look at that.-Original Message-From: John J. Thomas [mailto:[EMAIL PROTECTED]Sent: Monday, July 31, 2006 09:36 AMTo: 'WISPA General List'Subject: Re: [WISPA] I need Mikrotik HelpHow many is "some"? They may be boxes that have been compromised with a worm, trojan, virus or spyware. Look closely at the destination ports they are connecting to. If the addresses/ports are in sequence, they may have malware on their PC.John -Original Message-From: Ron Wallace [mailto:[EMAIL PROTECTED]Sent: Monday, July 31, 2006 04:24 AMTo: [EMAIL PROTECTED], wireless@wispa.orgSubject: [WISPA] I need Mikrotik HelpTo all,I have some abusive users, when I look at IP Firewall Connections I find a some users with over a hundred (100) instances listed in the source address column. I think its flooding my network. I have 2 T1's and 81 users. We're growing faster than I can install new customers.I am using Canopy 900, Canopy 2.45, Tranzeo 2.45. I have activated the SM, SNMP, BOOTP Server and Client filters on the canopy devices.How can I limit the number of active instances of these abusive users on the Mikrotik?Ron Wallace Hahnron, Inc. 220 S. Jackson Dt. Addison, MI 49220 Phone: (517)547-8410 Mobile: (517)605-4542 e-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] -- WISPA Wireless List: wireless@wispa.orgSubscribe/Unsubscribe:http://lists.wispa.org/mailman/listinfo/wirelessArchives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] I need Mikrotik Help
How many? 2 maybe 4, not many. but one has generated over 500 boxes in the firewall connections listing.-Original Message-From: John J. Thomas [mailto:[EMAIL PROTECTED]Sent: Monday, July 31, 2006 09:36 AMTo: 'WISPA General List'Subject: Re: [WISPA] I need Mikrotik HelpHow many is "some"? They may be boxes that have been compromised with a worm, trojan, virus or spyware. Look closely at the destination ports they are connecting to. If the addresses/ports are in sequence, they may have malware on their PC.John -Original Message-From: Ron Wallace [mailto:[EMAIL PROTECTED]Sent: Monday, July 31, 2006 04:24 AMTo: [EMAIL PROTECTED], wireless@wispa.orgSubject: [WISPA] I need Mikrotik HelpTo all,I have some abusive users, when I look at IP Firewall Connections I find a some users with over a hundred (100) instances listed in the source address column. I think its flooding my network. I have 2 T1's and 81 users. We're growing faster than I can install new customers.I am using Canopy 900, Canopy 2.45, Tranzeo 2.45. I have activated the SM, SNMP, BOOTP Server and Client filters on the canopy devices.How can I limit the number of active instances of these abusive users on the Mikrotik?Ron Wallace Hahnron, Inc. 220 S. Jackson Dt. Addison, MI 49220 Phone: (517)547-8410 Mobile: (517)605-4542 e-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] -- WISPA Wireless List: wireless@wispa.orgSubscribe/Unsubscribe:http://lists.wispa.org/mailman/listinfo/wirelessArchives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
