I am working on prvisioning ADSL service off of a 7206 and PA-A3 ATM
interface. First, thanks to those you responded to my last questions,
I have things mostly working now, but I have some security/filtering
issues.
I now have one ATM subinterface for each ADSL connection (pvc). I then
have multiple subinterfaces associated with a bridge group. I also
have a bridged virtual interface (BVI) with an ip netblock assigned
to that. The ADSL customers can talk to the world and to each
other. What concerns me is NetBIOS traffic. Two or more ADSL customers
can see each other's Windows shares. I would like to be able to kill
NetBIOS traffic over the bridge. First, is this even possible. Second,
how should it be done. My thought was to put an extended access list
on the BVI denying udp traffic to ports 135-139. That does not seem to
work. Because the ATM pvcs are bridged together, when talking to each
other the access list on the BVI doesn't come into play. I have also
played with access lists on the bridge groups, and I can permit or
deny IP traffic, but I haven't been able to permit or deny specifcally
NetBIOS (or any other udp or tcp protocols).
Also, what is the best way to prevent things like ping floods and
other kinds of attacks between customers on this bridged network.
Thanks for any info.
-- ================================================================== Steven Saner SouthWind Internet Access, Inc. ssaner@southwind.net Systems/Network Administrator http://www2.southwind.net/~ssaner http://www.southwind.net 263-7963 Wichita (800)525-7963
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:07 EDT