IPv4 Multicast

CelerityNetworks · April 12, 2006, 12:36pm

Is anyone using this feature on the SM’s? We have had a few DOS attacks on our network in the past month and it looks like by checking this box under filters that you can stop the multicast traffic that would cause a DOS attack. Anyone have any thoughts on the good’s abd bad’s of this?

Jerry_Richardson · April 12, 2006, 6:49pm

We filter it for the same reasons. Seems to help.

CelerityNetworks · April 12, 2006, 7:09pm

Thanks Jerry, what other filtering do you do? We have been getting hit hard with DOS attacks lately.

Jerry_Richardson · April 12, 2006, 7:14pm

PPoE
SMB
BootP (both)
IPv4 Multicast.

I’m sure there is more we could be doing but this seems to work.

Jerry_Richardson · April 12, 2006, 7:18pm

By the way, we use PRTG so we can identify the AP, and from there the SM that is spewing. We turn off the ethernet port on the SM and call the customer to let them know they have an infected machine.

charles.regan · April 12, 2006, 8:41pm

what do you monitor in prtg to know the source of the problem?

Jerry_Richardson · April 12, 2006, 9:39pm

outbound traffic.

We have the AP’s listed at the top level and then the child SM’s under each AP. We look at the AP first and look at outbound traffic. Once we find the AP, then we look for the SM under it.

Anonymous1 · April 13, 2006, 4:03am

I’ve never tried filtering bootp and I’m not sure why you’d filter PPPoE. I thought BootP was related to DHCP in some way and could cause trouble with dynamic addressing.

charles.regan · April 13, 2006, 11:55am

you need to filter “bootp server”. If a client start a DHCP server on his connection you are in trouble. This will block it. You don’t want to filter “bootp client” if you are using dynamic addressing.

CelerityNetworks · April 13, 2006, 12:31pm

Sorry Jerry, Kind of new to this. What is PRTG? Is it a setting on the SM?

pcolomes · April 13, 2006, 1:25pm

PRTG it’s a Windows software wich allows you to have graphics html generated pages by measuring what you need, for example Outcoming or Incoming traffic on all devices of your network via SNMP

Here is the web: http://www.paessler.com/prtg

The “bad” thing is you must pay for it but it’s really easy to set up. The Linux alternative is called MRTG, of course it’s free but it’s really difficult to configure if you are not used to work under linux.

Anonymous1 · April 13, 2006, 1:56pm

Cacti is much easier to configure on *nix and runs on the LAMP stack over the web, it’s a Debian package and is also available in package form for other OS’ if you need it. Also works in Windowz if you want to go through the hassle.

CelerityNetworks · April 13, 2006, 3:33pm

We currently have a custom monitoring system here that will monitor the bandwidth inbound and outbound. It also alerts us when customers go down via e-mail and text msg on phones. Great system.