IPv4 Multicast

Is anyone using this feature on the SM’s? We have had a few DOS attacks on our network in the past month and it looks like by checking this box under filters that you can stop the multicast traffic that would cause a DOS attack. Anyone have any thoughts on the good’s abd bad’s of this?

We filter it for the same reasons. Seems to help.

Thanks Jerry, what other filtering do you do? We have been getting hit hard with DOS attacks lately.

BootP (both)
IPv4 Multicast.

I’m sure there is more we could be doing but this seems to work.

By the way, we use PRTG so we can identify the AP, and from there the SM that is spewing. We turn off the ethernet port on the SM and call the customer to let them know they have an infected machine.

what do you monitor in prtg to know the source of the problem?

outbound traffic.

We have the AP’s listed at the top level and then the child SM’s under each AP. We look at the AP first and look at outbound traffic. Once we find the AP, then we look for the SM under it.

I’ve never tried filtering bootp and I’m not sure why you’d filter PPPoE. I thought BootP was related to DHCP in some way and could cause trouble with dynamic addressing.

you need to filter “bootp server”. If a client start a DHCP server on his connection you are in trouble. This will block it. You don’t want to filter “bootp client” if you are using dynamic addressing.

Sorry Jerry, Kind of new to this. What is PRTG? Is it a setting on the SM?

PRTG it’s a Windows software wich allows you to have graphics html generated pages by measuring what you need, for example Outcoming or Incoming traffic on all devices of your network via SNMP

Here is the web: http://www.paessler.com/prtg

The “bad” thing is you must pay for it but it’s really easy to set up. The Linux alternative is called MRTG, of course it’s free but it’s really difficult to configure if you are not used to work under linux.

Cacti is much easier to configure on *nix and runs on the LAMP stack over the web, it’s a Debian package and is also available in package form for other OS’ if you need it. Also works in Windowz if you want to go through the hassle.

We currently have a custom monitoring system here that will monitor the bandwidth inbound and outbound. It also alerts us when customers go down via e-mail and text msg on phones. Great system.