All, in the last few weeks the Terabeam/YDI/KarlNet Technical Support center
has received many calls related to network performance degradation. The
majority of these callers have been experiencing viruses/worms on their
networks.The captured traffic (Ethereal) from the Ethernet interface of base
station show an alarming number of TCP SYN packets .Callers have also reported
IP spoofing and MAC spoofing.These networks are mostly bridged so the source of
the trouble is not easily found.The reported traffic types would be very
problematic to Ethernet networks but are EXTREMELY HARMFUL TO WIRELESS 802.11B
TYPE NETWORKS.
Recommendations for troubleshooting when experiencing performance degradation :
Capture traffic at Ethernet interface (base/sat) utilizing a packet capture
program.This is your baseline before applying filters.Examine the traffic that
exist at this device to determine if it is a potential risk.If you suspect
trouble then research that particular type of traffic for possible known
issues/fix.
Our software allows filters in the Bridging Menu that prevent Broadcast and
Multicast Storms by address (MAC). This should be enabled to help limit
excessive traffic from a single source MAC. This value should be more than
preset of 30, a too high value is not wise (50 broadcast/40 Multicast is
suggested). DO NOT SET THESE LIMITS BY INTERFACE, USE ADDRESS LIMITS ONLY.
Interface Thresholds disable entire interface for ALL connections, address
threshold blocks a single MAC ONLY.
For Unicast evaluation, please connect to the base station and view
Monitor-Interface Monitor-In/out Unicast packets for wireless interface.Select
Interval Monitor Rate to change to Normal. While the displayed packets are
sampled at 1 a second , this value should not be greater than 150 for a
sustained period of time (more than 2-3 min) for NORMAL TRAFFIC.If you have
users that constantly perform FTP or downloading large files the value may
spike but should not remain constant for long periods
It is our hope that your network NEVER EXPERIENCE THIS ISSUE, but back to the
real world.
1)Yes, there are preventive measures (please reply with suggestions to list)
2) Yes, there are other types of viruses tormenting networks ( Please respond
with observations to list)
3)Yes, you can recover ( Please provide YOUR solution to list)
4) No, we do not have the resources to debug your network. The information
provided above is the extent to our troubleshooting of your issues.
5) Yes, if you perform the baseline of your network and determine the problem
is NOT virus/worm related, we will assist.
6) Yes, we want your company to be successful and develop your customer base
Sincerely
Reg Mallory
Terabeam Technical Support
http://www.terabeam.com/
_______________________________________________
Karlnet mailing list
Karlnet@WISPNotes.com
http://lists.wispnotes.com/mailman/listinfo/karlnet
|