QOS Implementation details with RouterOS

Monday, November 23rd, 2009
About 2 months ago, I began experimenting with an approach to QOS that mimics much of the functionality of the NetEqualizer (http://www.netequalizer.com) product line.  As I was experimenting with some various techniques for limiting bandwidth utilization, I realized that the scope of the project I had undertaken was WAY more than I had initially bargained for.  I dedicated more and more time to this project, however, because I was seeing some real results from my tests.  While most of my articles here have been tutorial in nature, this one is a little different.  I have a lot of time invested in my approach to handling QOS on a network and have made this a commercial offering.  I will attempt to describe some of the functionality in this short article. (more…)

Spam trojan detection with Mikrotik RouterOS

Sunday, December 14th, 2008
One major issue facing ISPs today is the difficulty in obtaining sufficient IP space for every customer.  For many, it's a matter of cost and for some it is simply a choice to NAT their customers behind their router/firewall.  For the most part, NAT behaves much better today than in days gone by, but there is one issue that is very problematic for those that choose to NAT their customers.  There is a significant proliferation of a new generation of trojans that turns  a user's computer into a menace to the Internet community.  This new generation of trojans (collectively known as "botnets") can cause problems for not only the owner, but for other customers of the ISP that chooses to NAT.  Since a significant number of these botnets are used to send spam all over the internet, we, as service providers, have to find a way to protect our networks from being blacklisted, while still allowing our customers to utilize the internet in a way that does not set too many boundries.  In this article, I will discuss two approaches to setting these limits which have shown to be both effective AND relatively mantenance free. (more…)

Basic iptables tutorial

Sunday, July 6th, 2008
In this article, I will provide a brief tutorial for using iptables.  This article applies specifically to ImageStream routers, but more generally, it applies to ALL Linux based devices that use iptables for the filtering of traffic.  In another article, I will address firewalling in Mikrotik, which is, also, an iptables based firewall.  Some parts of this article will apply to Mikrotik, so it may be worth reading even if you are a pure Mikrotik shop.