Lee Sharp wrote:
> Replying to myself again... Updates to all, and this seems the best way
> to thread it.
Wow... I snipped the log, sorry, informative but too much to include in
a reply as it will be long winded enough.
I agree that likely this is your problem, or a variant. This is now
turning into more of a "political" issue than a technical one though.
Perhaps you should sit with management and explain to them that you
can't be responsible for the systems on the network, but you can be
responsible for the network. What I mean by that is any system on the
network causing issue, may be removed at your discretion. I am sure you
are aware of this, but I just threw it out there anyways. Bottom line
is, the one (or eight) PC's are bringing down everyone, and affecting
business, and should be culled with a straight-to-the-point warning. Fix
it or lose it (the connection). That is just my .02 ;-)- track them
using static DHCP or whatever so that you can narrow it right down.
The hotels and hot spots I manage all use a portal page- as I am sure
yours do too. It clearly defines the AU policy, and the consequences of
abuse, so there is no cause to whine when they get the boot for
inappropriate use. While this may not be intentional abuse, it is still
abuse. This doesn't fix your problem, I know, but gives a bit of
insight. You are going to fry yourself trying to keep up with this.
On to the possible solution: Again, I will nag on shutting down ports. I
really think this is the only short term solution for now. This storm
worm has been around for a bit now, and is really picking up steam. It
may very well curb soon, but another one will replace it. It will be a
lot of work initially, but worth it in the end. Combined with this
though, I think if you aren't using the portal, you should, no
authentication, just a disclaimer. Explaining in very plain terms why
WoW isn't working, or why they can't download music etc. That way the
guests are informed. Also, it may not hurt to have the hotel staff
create a document to place in the rooms. If you explain it to the
management in terms they can follow, I am sure they will understand. The
guests might get pissed, but you can't be expected to contain their
shortcomings in the way of security.
Another trick I used is to segregate the rooms. I did this by using
switches or bridges combined with switches for the wireless setups.
Smaller hotels got one bridge per room- no switch, large hotels had the
rooms segregated into blocks of rooms on a single bridge. At least then
I could say what room it was, or what block of rooms by referencing the
guilty IP. Using this, I can narrow it down to a guest, and if they are
causing a major issue, the hotel staff will call their room and inform
them of the problem, and the consequences. Maybe this is not feasible
for you now, but it is something to keep in the back of your mind *if*
the hotel is not afraid to spend a little to curb this problem. If it
happened to be a block of rooms, then it gets more difficult, but I have
on occasion shut down a whole block of 5 or 6 rooms. Usually the culprit
is the first to phone the desk and complain, and when they are
complaining, you can usually get the IP out of them in the course of
"troubleshooting" and go from there- us sneaky bastards. If it is the
offending IP, I shut it out for the night and play dumb, but turn the
switch back on for the other rooms. You will find the odd one savvy
enough to assign an IP, but it is easy enough catch them again. Without
going into too much detail- block a is a 10.10.12.x, b a 10.10.13.x, etc
(multiple interfaces, multiple WAN connections and m0n0's depending on
the number of rooms). DHCP is set to a range of rooms+1, and anything
falling outside the DHCP range is usually your culprit for the static
IP. A bit of a gong-show, but it works.
I have only had to use this setup in the problem hotels- like yours-
extended stay hotels for the oil crews etc. I sure would like to find a
way to make sure individual rooms receive the same IP every time though,
without the addition of a pile of equipment like in my above example.
One thing I hate to point out, is that the longer this drags on, the
more it will chew at your credibility with that business. Best to cut it
off as soon as possible, even if it isn't the solution you ideally want,
it will buy you some time to find the proper solution. It will make you
look like a genius/ hero ;-)