You betcha. Welchia like behaviour scanning for a vulnerable machine .... Seems to me that another good reason for NAT'ing at your main router.
Dan ----- Original Message ----- From: "Pascal Losier" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 27, 2003 9:35 PM Subject: RE: [smartBridges] Virus attacks > > Most of the time, > I get some ICMP request from the fiber side of my mikrotik router. > They don't seem to established. > > Are those request made by some sort of virus ?? > They are all consecutive IP. > > > dst, address > Ex: 207.xxx.xxx.46 > 207.xxx.xxx.47 > 207.xxx.xxx.48 > 207.xxx.xxx.49 > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Banes > Sent: Thursday, November 27, 2003 10:41 PM > To: [EMAIL PROTECTED] > Subject: Re: [smartBridges] Virus attacks > > > We just had someone with a virus and it pretty much took everyone on the > access point down. It sure would have been nice to be able to put in > their MAC address and block all their traffic. > > John > > ----- Original Message ----- > From: "Wayland Sothcott" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, November 27, 2003 09:54 AM > Subject: Re: [smartBridges] Virus attacks > > > > We don't have that feature in smartBridges but I have seen it in other > > > devices. > > > > ----- Original Message ----- > > From: "Stuart Pierce" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, November 27, 2003 1:51 PM > > Subject: RE: [smartBridges] Virus attacks > > > > > > > I haven't checked, but can you put in a mac address to NOT allow to > > authenticate ? Will the constant trying of authentication drive the ap > wild > > or how much would it drive it wild ? > > > > > > ---------- Original Message ---------------------------------- > > > From: "The Wirefree Network" <[EMAIL PROTECTED]> > > > Reply-To: [EMAIL PROTECTED] > > > Date: Wed, 26 Nov 2003 08:22:55 -0800 > > > > > > >Eeekkk...to undo the ESSID you would have to either: > > > >a. rollout > > > >b. have the client perform a "restore to default" with the PoE (iff > > > > >you > > used > > > >simpleDeploy) > > > > > > > >Once you tell the client how to do the "restore to default", they > > > >will > do > > it > > > >every time their connection acts up. > > > > > > > >Just use MAC internal filtering and DON'T put that client in the > > > >list. > > > > > > > >I do this all the time. > > > > > > > >Sully > > > > > > > >> -----Original Message----- > > > >> From: [EMAIL PROTECTED] > > > >> [mailto:[EMAIL PROTECTED] 15.org] On Behalf Of > > > >> [EMAIL PROTECTED] > > > >> Sent: Wednesday, November 26, 2003 7:52 AM > > > >> To: [EMAIL PROTECTED] > > > >> Subject: RE: [smartBridges] Virus attacks > > > >> > > > >> In this situation, I log into their radio and type in an invalid > ESSID, > > > >> kicking them off the AP. They're no longer on the network. > > > >> > > > >> They then get a phone call from me and I explain why they've > > > >> suddenly > > lost > > > >> connection. They get the option to pay me to come out and fix > > > >> their computer or promise that as soon as I get them back online, > > > > >> they will download and install AV software (www.grisoft.com is > > > >> *free*, so they > > have > > > >> no excuse). If they agree, I have them reset their radio which > > > >> gets > > them > > > >> back online. If they keep doing it, I kick them offline and they > > > >> get > a > > > >> tech-support charge from me to go out there and fix them (haven't > done > > > >> this yet, but i've got a couple people who are starting to get on > > > > >> my nerves. Maybe it's an education issue, maybe it's apathy --in > > > > >> either case, I DO NOT need that kind of crap on my network!) > > > >> > > > >> If I get more than 2 or 3 people doing that in a week, I send out > > > > >> an > > email > > > >> to all customers emphasizing the importance of keeping their AV > > > >> definitions current, and Windows Update is their friend. > > > >> > > > >> TIM > > > >> > > > >> +++++++++++++++++++++++++++++++++++ > > > >> > > > >> Hi, > > > >> > > > >> We are running a wireless network servicing about 30 customers on > > > > >> 4 Airpoint AP's. Currently a subscriber gateway is being used to > > > > >> authenticate users. We have had an ongoing problem with users > getting > > > >> viruses and then bringing the network to a crawl and/or > > > >> completely > down > > as > > > >> the virus scans and/or spams to spread itself. Removing the > > > >> customer > > from > > > >> the subscriber gateway stops any access to the Internet at large, > > > > >> but because they are still connected to the AP's, the AP itself > > > >> and our internal equipment are still getting hammered. Currently > > > > >> we are not > > using > > > >> the internal MAC filtering feature on the airpoints. Has anyone > > > >> know > > if > > > >> this (or any other actions) will allow us to completely shut off > > > >> an infected user? Any input you have would be appreciated. > > > >> > > > >> Thanks, > > > >> Andrew Goble > > > >> > > > >> Tim Foster > > > >> www.AledoBroadBand.com > > > >> Aledo's only high-speed ISP > > > >> > > > >> The PART-15.ORG smartBridges Discussion List > > > >> To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > > > >> smartBridges <yournickname> To Remove: > > > >> mailto:[EMAIL PROTECTED] (in the body type unsubscribe > > > >> smartBridges) > > > >> Archives: http://archives.part-15.org > > > > > > > >The PART-15.ORG smartBridges Discussion List > > > >To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > > smartBridges <yournickname> > > > >To Remove: mailto:[EMAIL PROTECTED] (in the body type > > > >unsubscribe > > smartBridges) > > > >Archives: http://archives.part-15.org > > > >--- > > > >[This E-mail scanned for viruses by Declude Virus By Avolve.net] > > > > > > > > > > > --- > > > [This E-mail scanned for viruses by Declude Virus By Avolve.net] > > > > > > The PART-15.ORG smartBridges Discussion List > > > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > > smartBridges <yournickname> > > > To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe > > smartBridges) > > > Archives: http://archives.part-15.org > > > > > > > > > The PART-15.ORG smartBridges Discussion List > > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > smartBridges <yournickname> > > To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe > smartBridges) > > Archives: http://archives.part-15.org > > > > > The PART-15.ORG smartBridges Discussion List > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in > the body type unsubscribe smartBridges) > Archives: http://archives.part-15.org > > > > > The PART-15.ORG smartBridges Discussion List > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> > To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) > Archives: http://archives.part-15.org > The PART-15.ORG smartBridges Discussion List To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) Archives: http://archives.part-15.org
