Denial of Service attacks 1

[deankn]

Hi -
We are a small wireless IP with a switched network - because our network is essentially one large LAN we have a huge problem with malware/viruses/etc. attacking from within our network. We are eventually going to route each of our towers which should help but in the meantime I am looking for a solution which will ease the problem. I would like to find an inexpensive firewall appliance that would simply provide traffic filtering - no routing or vpn functions, etc - and insert them in certain branches of our network. DHCP and most of the network traffic would pass thru unaffected(essentially an inexpensive version of the Allot Netenforcer that has minimal functionality). Any ideas?
Thanks
Dean

 

[LawnBoy]

Any linux box with iptables running. If you're not familiar with linux or iptables, I recommend the Smoothwall firewall package. Very easy to use, and free. I think you will need to configure an ipheper to get dhcp to pass through.

 

[m4ilm4n]

I believe LawnBoy is correct - you'd need an iphelper address defined for any broadcast-type packet you need to pass, such as DHCP or NetBIOS (gasp!).

 

[burtsbees]

gasp at NetBIOS?!?!?! Just uncheck the File and Printer Sharing box...lol
How about BOOTP?!?!?!*GASP!*

 

[Atavar]

If you are an ISP providing wireless broadband to the public I would suggest you also need to configure your access points to deny peering and force clients to go through the gateway to communicate with each other.

If you let your clients see each other bad things happen.