[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Removal of IP



Title: Message
Hi Paul.
 
You need to apply that command on the first router your wireless clients come across, on your network. In your case, your core router, which the call "gateway". When you apply this command on this router, all packets with SRC_IP as their IP address will be routed to interface Null 0 [dropped]! However, it won't stop them from accessing other devices and services on your network that don't require them to go through your core router e.g. mail, other clients, web servers e.t.c
 
If want to kill their access as close to them as possible, install another router before they get to your switch fabric. That way, once you route their IPs to Null 0, they won't even get access to the rest of your network.
 
As for Postfix and Exim, Exim would be best, but you need to start simple, then complicate yourself as you go forward. Start with Postfix and when you feel comfortable with it, move to Exim. You may begin with Linux, so you are really comfortable with the whole system.
 
Regards,

Mark Tinka - CCNA
Network Engineer
Africa Online Uganda
5th Floor, Commercial Plaza
7 Kampala Rd,
Tel:   +256-41-258143
Fax:   +256-41-258144
E-mail: mtinka at africaonline.co.ug
Web:     www.africaonline.co.ug
 

-----Original Message-----
From: Paul [mailto:pademmy at yahoo.com]
Sent: Friday, May 16, 2003 11:47 AM
To: mtinka at africaonline.co.ug; 'Fisayo Adeleke'; 'Brian Longwe'
Cc: 'ALAIN PATRICK AINA'; sfolayan at skannet.com.ng; 'Brian Candler'; afnog at afnog.org
Subject: RE: Removal of IP

hello Mark,
 
Good day and thanks for your reply.
 
As for client disconnection, if your client's routed service crosses your distribution router before it gets to your core network, you can route that client's IP address to the Null interface, like so:
 
conf t
 ip route 192.168.0.200 255.255.255.255 null 0
 
concerning the above statement client disconnection, my wireless client are connected to my network through cisco switch then to my core router. I mean am using a DVB and SCPC system in which the DVB and Core router cable are plug into the same switch that I connect my wireless radio network into and that is where all my wireless client are connected for internet service
 
I configured core router with two public Ip address with the second one as secondary and is the one am using as the gateway for my wireless clinets. so when I use the routed command i can still see the particular IP transmitting packet. so I don't know the reason why is not working cos ordinary it should work with this command.
 
secondly, concerning the mail system, I don't know much about exim and postfix and if I may ask which one is good enough to use for mail system. moreso, I will appreciate if you can help me with some basic hints or knowledge on how to set it up i mean installation and configuration of the exim or postfix.
 
Pls I will serious appreciate your assistance on this issue
 
thanks alot.
 
ajayi
 
 
 
 


Mark Tinka <mtinka at africaonline.co.ug> wrote:
Hi Paul.
 
First of all, you shouldn't be using Microsoft for your SMTP services. A million things could and will go wrong.
 
You should try running Exim or Postfix on Linux/UNIX. If you configure it well, you should have no problem avoiding open relays, and have more flexibility in controlling spam.
 
As for client disconnection, if your client's routed service crosses your distribution router before it gets to your core network, you can route that client's IP address to the Null interface, like so:
 
conf t
 ip route 192.168.0.200 255.255.255.255 null 0
 
Assuming the client's IP is 192.168.0.200, his IP address will be explicitly routed to Null 0, a non-existent logical interface that drops any packet routed to it. You can also do this on the bandwidth manager by assigning the client 0bps, or the least amount of bandwidth allowable on your bandwidth manager. I've had experience with bandwidth managers that can provide as low as 80bps - I couldn't even ping after assigning this bandwidth.
 
Regards,

Mark Tinka - CCNA
Network Engineer
Africa Online Uganda
5th Floor, Commercial Plaza
7 Kampala Rd,
Tel:   +256-41-258143
Fax:   +256-41-258144
E-mail: mtinka at africaonline.co.ug
Web:     www.africaonline.co.ug
 

-----Original Message-----
From: owner-afnog at afnog.org [mailto:owner-afnog at afnog.org] On Behalf Of Paul Ademola Ajayi
Sent: Thursday, May 15, 2003 6:28 PM
To: Fisayo Adeleke; Brian Longwe
Cc: ALAIN PATRICK AINA; sfolayan at skannet.com.ng; Brian Candler; afnog at afnog.org; pademmy at yahoo.com
Subject: RE: Removal of IP

fisayo,
 
good day. pls I want to ask which watch-list program can one use to monitor a wireless access user on my network about spam issue?
 
Pls I will appreciate your help on this issue. for now we use windows200 server with microsft exchange as our mail server for all our wireless client but the mail server is still under configuration process, so what watch-list software can you advice we use to watch our wireless client?
 
and if any is guilty how do we block the public Ip address?, is by using a bandwidth manger to do that process or use the ip route on the cisco router which I tried once to use and is not working or is there any other way to do the process? pls help me out.
 
thanks
 
ajayi
 
 
We do react to such emails. Like in our own case as a matter of
::> policy, when we receive complaints or reports about spam from any
::> customer, we will execute *among other actions* have the IP address
::> moved to a special watch-list for the following 8 days. If
::a complaint
::> regarding an IP address on the watch-list is received after a grace
::> period of 24 hours but before the expiration of the 8 days, the IP
::> address is blocked for all access to the Internet for 3 days. The
::> customer receives an e-mail informing about this. After the
::3 days the
::> IP address is un-blocked and a notification is sent to the
::customer.
::> If it re-occurs a 3rd time then we cut off the account - it
::may come
::> to Sunday's *business
::> unusual* at times ;-)
::>
::> -Fisayo
::>
 
 
 
 


Fisayo Adeleke <fisayo at steineng.com> wrote:
We used to disconnect offending customers immediately but we reviewed
the policy as said earlier only for spams and all that. If it were to be
infections, yes it's immediate. We had to review the policy because of
some issues which have been raised earlier on this topic. The spam comes
from a customer (you get to see the single public IP) and it always
becomes a hell of problem when the customer tells you its not him but
probably a transit surfer. So the grace period is to kind of get to know
better. And ofcourse when u;re a repeat offender, you get the boot also
;-)

-Fisayo

::-----Original Message-----
::From: Brian Longwe [mailto:brian at pch.net]
::Sent: Tuesday, May 06, 2003 2:07 PM
::To: Fisayo Adeleke
::Cc: ALAIN PATRICK AINA; sfolayan at skannet.com.ng; Brian
::Candler; afnog at afnog.org
::Subject: RE: Removal of IP
::
::
::
::We immediately disconnect the offending (or is it offensive)
::customer, and do not reconnect untli one of our engineers has
::been to their premises (at their expense) and confirmed that
::any spam-ware, open SMTP proxy, NIIMDA infections and other
::unpleasant stuff has been sorted.
::
::Repeat offenders get the boot ;-)
::
::Longwe
::
::On Tue, 6 May 2003, Fisayo Adeleke wrote:
::
::> ::-----Original Message-----
::> ::From: ALAIN PATRICK AINA [mailto:aalain at trstech.net]
::> ::Sent: Tuesday, May 06, 2003 12:17 PM
::> ::To: sfolayan at skannet.com.ng; Brian Candler
::> ::Cc: afnog at afnog.org
::> ::Subject: Re: Removal of IP
::> ::
::> ::
::> ::
::> ::
::> ::> As Fisayo and others have written in previous posts, it
::is ::not
::> as easy ::> as it seems.
::> ::
::> ::But you ve to face the case. It is the same situation
::> ::when corrupted or
::> ::hacked machines from your IP block scan ports o n other
::> ::networks. If you don't react, your whole block get locked.
::> ::
::> ::
::> ::--alain
::> ::
::>
::> We do react to such emails. Like in our own case as a matter of
::> policy, when we receive complaints or reports about spam from any
::> customer, we will execute *among other actions* have the IP address
::> moved to a special watch-list for the following 8 days. If
::a complaint
::> regarding an IP address on the watch-list is received after a grace
::> period of 24 hours but before the expiration of the 8 days, the IP
::> address is blocked for all access to the Internet for 3 days. The
::> customer receives an e-mail informing about this. After the
::3 days the
::> IP address is un-blocked and a notification is sent to the
::customer.
::> If it re-occurs a 3rd time then we cut off the account - it
::may come
::> to Sunday's *business
::> unusual* at times ;-)
::>
::> -Fisayo
::>
::>
::>
::>
::>
::> ::-----
::> ::This is the afnog mailing list, managed by Majordomo 1.94.5
::> ::
::> ::To send a message to this list, e-mail afnog at afnog.org
::> ::To send a request to majordomo, e-mail
::majordomo at afnog.org ::and put
::> your request in the body of the message (i.e use ::"help" for help)
::> ::
::> ::This list is maintained by owner-afnog at afnog.org
::> ::
::> ::
::>
::> -----
::> This is the afnog mailing list, managed by Majordomo 1.94.5
::>
::> To send a message to this list, e-mail afnog at afnog.org
::> To send a request to majordomo, e-mail majordomo at afnog.org and put
::> your request in the body of the message (i.e use "help" for help)
::>
::> This list is maintained ow r-afnog at afnog.org
::>
::
::

-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org


Paul Ademola Ajayi
Systems/Network Administrator
Orbit Wireless Internet Services
Plot 32, No. 6 Birabi Street, Off Presidential Hotel
G.R.A. Phase I Port Harcourt, Rivers State, Nigeria.
Tel.:234-84-573479 E-mail:pademmy at yahoo.com


Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.


Paul Ademola Ajayi
Systems/Network Administrator
Orbit Wireless Internet Services
Plot 32, No. 6 Birabi Street, Off Presidential Hotel
G.R.A. Phase I Port Harcourt, Rivers State, Nigeria.
Tel.:234-84-573479 E-mail:pademmy at yahoo.com


Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.