As I say in my Traffic Management and Firewalling Mikrotik Courses, "If you can't identify the traffic, you can't control it, block it, limit it, or otherwise do ANYTHING with it! "
Traffic Identification is first! :) * ----------------------------------------------------------- Dennis Burgess, CCNA, A+, Mikrotik Certified Trainer WISPA Board Member - wispa.org <http://www.wispa.org/> Link Technologies, Inc -- Mikrotik & WISP Support Services WISPA Vendor Member* *Office*: 314-735-0270 *Website*: http://www.linktechs.net <http://www.linktechs.net/> */LIVE On-Line Mikrotik Training/* <http://www.linktechs.net/onlinetraining.asp> The information transmitted (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is intended only for the person(s) or entity/entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient(s) is prohibited, If you received this in error, please contact the sender and delete the material from any computer. Patrick Shoemaker wrote: > You really need to find out exactly WHAT the problematic traffic is > before you worry about how to best block it. Hook up a machine with > Wireshark to a tap or a mirrored switch port that is seeing the > offending traffic. If you can't immediately identify the problem traffic > by looking at the packets live from the wire, you can have Wireshark > sort the flows by all kinds of different factors. > > Patrick Shoemaker > Vector Data Systems LLC > [email protected] > office: (301) 358-1690 x36 > http://www.vectordatasystems.com > > > Patrick Nix Jr. wrote: > >> Right, I'm routing already to my customers. I just can't seem to >> identify where the flood of traffic is coming from. My guess is that >> someone is using some sort of p2p and opening gazillions of connections >> for either upload or download traffic or someone has a virus that is >> flooding the network with a bunch of small packets. I've tried to setup >> some iptables rules in our imagestream to prevent both of these but I am >> a newbie with iptables and I either end up killing all internet traffic >> to everyone or it has no effect at all. Does anyone care to share some >> suggestions for iptables rules using Powercode with an imagestream >> router. >> >> Thanks a million. >> >> __________________________________________ >> >> Patrick Nix, Jr., >> csweb.net >> (918) 235-0414 >> http://www.csweb.net >> E-Mail: [email protected] >> >> ==================================================================== >> ATTENTION: This e-mail may contain information that is confidential in >> nature. If you are not the intended recipient, please delete this e-mail >> and notify the sender immediately. Thank you. >> ==================================================================== >> >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Dennis Burgess >> Sent: Wednesday, February 18, 2009 10:33 AM >> To: WISPA General List >> Subject: Re: [WISPA] Suggestions on preventing network flooding >> >> Routing man. >> >> * ----------------------------------------------------------- >> Dennis Burgess, CCNA, A+, Mikrotik Certified Trainer >> WISPA Board Member - wispa.org <http://www.wispa.org/> >> Link Technologies, Inc -- Mikrotik & WISP Support Services >> WISPA Vendor Member* >> *Office*: 314-735-0270 *Website*: http://www.linktechs.net >> <http://www.linktechs.net/> >> */LIVE On-Line Mikrotik Training/* >> <http://www.linktechs.net/onlinetraining.asp> >> >> The information transmitted (including attachments) is covered by the >> Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is intended >> only for the person(s) or entity/entities to which >> it is addressed and may contain confidential and/or privileged material. >> Any review, retransmission, dissemination or other use of, or taking of >> any action in reliance upon, this information by persons or entities >> other than the intended recipient(s) is prohibited, If you >> received this in error, please contact the sender and delete the >> material from any computer. >> >> >> >> >> >> Patrick Nix Jr. wrote: >> >>> Everyday we seem to have this problem, we can watch our pings and for >>> the morning our avg ping time will be about 27ms to our customers. >>> >> And >> >>> then it will just start climbing up to 1000ms and stay there most of >>> >> the >> >>> time for hours. I can't seem to identify where it is coming from >>> although it must be coming from our customers, because I can set here >>> >> at >> >>> the head end and still ping google at 60ms consistently while this is >>> going on. When it happens the network slows down to the point of >>> >> being >> >>> unusable. Any suggestions. Below is an example of yesterday. >>> >>> >>> >>> >>> >>> >>> >>> Thanks >>> >>> >>> >>> __________________________________________ >>> >>> >>> >>> Patrick Nix, Jr., >>> >>> csweb.net >>> >>> (918) 235-0414 >>> >>> http://www.csweb.net <http://www.csweb.net/> >>> >>> E-Mail: [email protected] >>> >>> >>> >>> ==================================================================== >>> >>> ATTENTION: This e-mail may contain information that is confidential in >>> nature. If you are not the intended recipient, please delete this >>> >> e-mail >> >>> and notify the sender immediately. Thank you. >>> >>> ==================================================================== >>> >>> >>> >>> >>> >>> >>> >> ------------------------------------------------------------------------ >> >>> >>> >> ------------------------------------------------------------------------ >> -------- >> >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> >>> >> ------------------------------------------------------------------------ >> -------- >> >>> >>> WISPA Wireless List: [email protected] >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >> ------------------------------------------------------------------------ >> -------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> ------------------------------------------------------------------------ >> -------- >> >> WISPA Wireless List: [email protected] >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: [email protected] >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
