Norton Anti Virus

Hi All-
I haven’t seen this mentioned, so I’ll pass it along. Setting up a new subscriber’s new laptop, running Vista, and noticed the connection was sluggish and unstable. I knew the SM was working well and had great speed. I noticed that Norton popped up a message that it had blocked an attempt to attack the computer. I checked the message and saw a familiar IP address…the AP I was connecting to. It had to be added as “trusted”. I’ve never seen this before, so thought I’d pass it along to the group.
Jim Bremer

Hmm…are your AP’s assigned public or private addresses? How do they relate to the IP addresses assigned to your end customers?

The AP’s have private IP’s, as do the SM’s. The customer is assigned a public IP address.

Are the SM’s NAT’d?

No. No NAT.

That is interesting. I have also never seen that before.

On this particular installation, are you terminating the SM directly into a NIC, or into a router of some type? My guess would be direct termination only because that’s the only way I can think of that the customer’s PC would “hear” and/or “see” any type of traffic from the AP’s IP interface.

Keep me posted.

Yes, this was noted with a direct connection to the laptop’s NIC.

Let me get this straight, Norton detected the Management IP of the AP?

Are you using public or private IP’s in the AP?

Is the IP for the SM a public or private IP?

Is the Customer’s PC a public or private IP?

Still, it makes no sense unless the AP somehow becomes part of the bridge table.

Norton sucks anyway - LOL

FWIW it’s bad practice to connect customer PC’s directly to your network for alot of reasons. It’s highly recommended to either use NAT on the SM or have them put in a broadband router.

Hi Jerry:

We have probably 50% of our customers directly on the network without using NAT…just giving them an address of 192.168.1.x - what symptoms would we see that this is bad?

thanks,
jay fuller

Since you are giving them private IP’s they are less exposed to stuff that is “in the wild” however they are not immune.

You do need to be concerned with broadcast traffic. Chatter from one machine is heard by all the other machines. They start answering back, etc and you have a storm sucking up all your BW. One way to combat this is to use the filters in the SM. We enable:

- PPPoE
- SMB
- SNMP
- BootP Client (unless serving DHCP)
- BootP Server
- IPv4 Multicast

If a machine gets a virus or a worm or gets hijacked it’s exposed to your network - not good. If the malicious code is a port scanner, it will be able to look at every exposed host on your network. If it’s just an obnoxious network session generator it will suck up lots of BW and clog the network.

Jerry,

My understanding of the situation is that the AP and SM have private addresses, and the customer’s laptop has a public IP address. It sounds like the SM is terminated right into the laptop.

Beats me?

I know what hes talkinh about i get that msg at one of our remtoe office, its says it blocking it but it doesnt. Its ICMP it blocks

Oops. I just found out that I wasn’t configuring some SM’s correctly. I was entering the public IP info; it should have been the private. This may explain the situation. Sorry about misleading the group.
Jim