When the number of active connections for any single user exceeds about 10 to 15 simultaneous connections, you generally have one of two things occurring.  Either the subscriber has been infected by some sort of virus/spyware or the customer is running some sort of peer-to-peer networking software (i.e. Kaaza, winMX, Limewire, Bittorrent, etc, etc, etc). 
Either of these situations will result in increased latency and decreased overall available network throughput on the Canopy systems.  On the Tranzeo system, the effect is far worse.  Since Tranzeo is 802.11b based, there is no polling mechanism to ensure timely delivery of packets.  the effect of a continuous streams of outbound traffic is dropped packets.  Dropped packets means timed-out web pages and dropped email sessions.  It gets far worse when you start dealing with games and VoIP.  Even 1% packet loss can result in unusable games.  Likewise, the very slightest IP interruption can make VoIP sessions experience jitter, echoing, and garbled signal.
It is important that you determine the specific customers that are causing the excessive streams.  Look at the ports in use and the destination addresses.  Determine if the traffic is likely P-t-P or an infection.  If it's P-t-P, you should be able to control the volume of the traffic by using the P-t-P throttling mechanisms available through the Mikrotik software.  If it's an infection, you should disassociate the user from your AP's until the infection can be resolved.  If you simply firewall the outbound traffic, you probably won't solve anything.  Many infections cause the PC to continuously send out packets regardless of whether those packets ever arrive at a valid destination.  Therefore, the infection will keep sending/flooding your AP even if you block the subscriber from successfully reaching the internet via a Mikrotik firewall.
Larry Yunker
Network Consultant
WISP Advantage 
----- Original Message -----
Sent: Monday, July 31, 2006 6:24 AM
Subject: [WISPA] I need Mikrotik Help

To all,
I have some abusive users, when I look at IP Firewall Connections I find a some users with over a hundred (100) instances listed in the source address column.  I think its flooding my network.  I have 2 T1's and 81 users.  We're growing faster than I can install new customers.
I am using Canopy 900, Canopy 2.45, & Tranzeo 2.45.  I have activated the SM, SNMP, BOOTP Server and Client filters on the canopy devices.
How can I limit the number of active instances of these abusive users on the Mikrotik?
Ron Wallace
Hahnron, Inc.
220 S. Jackson Dt.
Addison, MI 49220

Phone: (517)547-8410
Mobile: (517)605-4542

WISPA Wireless List:


WISPA Wireless List:



Reply via email to