MikroTik

Hi evrybody I have a question
I have an Mikrotik router and after it has a wireless bridge the reason I am asking is the clients that I have conected probably some of them has viruses that works on port 445 I have blocked this port using firewall rule forward but stil I can see activity betwen clients that brings the router down have any body an like this experience or I way to get this problem out.

Do yourself and the rest of the Internet a favor and block the infected clients completely from the internet until they clean their machine(s). Seriously. Your network will be virus free at least for awhile.

Could you explain your setup a little more in detail?

Are you saying that you have router behind a wireless bridge, or that you have a mikrotik router set up as a wireless bridge/AP.

Please be more specific so that we can help.

Thanks,

Dan

I'll tyr to explain my confguration I've got a Mikrotik which is conceted with cisco aironet on mikrotik ap thats not importnt then this router is a hotspot gateway after it is a ap bridge which is conected through ethernet at last times we are having too many problems with atacks(ddos) and viruses, in router I have blocked certain ports that are used by the virus so they don't get out but betwen clients the virus is still active and this brings the router down and all clinets show ip conflict even we use dhcp we are so tired with these problems and my question is does exicsts any way stop this or not ?!
Thanks very much in reply
the_time

You need to disable client to client communication. I am still not clear which of your devices is acting as the ap. If it is the mikrotik, under the wireless device that is acting as the ap, there is a setting called default forward. You need to disable that. If you are using a different device to act as the AP, Look in its setting. Look for a setting called client to client, or interclient, or something along those lines. If it doesn't have that feature, then you need to get an AP that does.

Dan

Even if you block this traffic at your router, it will still flood everything between the clients and the router (your APs in particular). You can only do so much. As I said before, the only way to resolve this completely is to take these people off your network until they clean their machines!

the device that act as a ap is not mikrotik and even when we detect and block the client until they clean the computer we practicing this stragtegy for months but again having trouble.
Again thanks.

I have a Cisco Bridge 350 too, and this have the feature PSPF, which is to not permit interclient connection... Enable this feature and your problem may be a remember.... Sorry my bad english.. Regards
Alessio