Defending the home front network

Ok this is a rather interesting topic. I do internet work for several public places that like to have free wireless internet. Recently a string of DOS attacks and Winnukes have plegued not only my networks but the poor saps that leave their Firewalls down while checking email and drinking coffie. I have tryied warning them against turning their FW's off while on my network but most of these people dont know how to turn on their wireless let alone the FW. Please help me figure out a method to start saving these peoples computers. Its rapidly taking away from bizniz because the place is the only place that offers wireless.

Why not firewall your connection to the internet at each location? You need nothing more than a single external fixed IP address and let the LAN side DHCP serve addresses in a private range with dynamic NAT to route them through. An added bonus is that your firewall can keep logs, so as well as protecting your surfers you can see if any of them are using your network for dubious purposes

My thing is that I do have it firewalled at the location... they are using the private IP's network to attack other users on the network. I attempted to use a WEP but i dont know exactly who is launching the attacks. We see many of the same customers day in and day out so im not sure exactly whats going on....I have attempted to try and log the attacks and their IP at the current time with network traffic monitor... That was no avail. This isnt an attack via router this is random users that are being victimized.

Ah, I see; your attacks aren't coming from the internet but from some evil toad who carts his/her laptop into the vicinty then preys on the innocent. Hmm, tricky.
You could try tightening things down - set a WEP key on the wireless and change it weekly. The access could still be free, but they have to come to the counter and ask for the key when they order their food. That way you can keep a log of who uses it and the times, which might serve as a deterrant. Another possibility is logging the MAC addresses of all the users automatically; you could also consider having and IDS on there, snort perhaps, looking for port scans. Ultimately though the issue is your users. As you say, they leave their firewalls off and I bet a fair number of them also have their wireless cards wide open and waiting for ad-hoc connections. You could try education, and perhaps this could even be a business opportunity - security advice while you drink your coffee. Or you could take the other course and just stick up a disclaimer notice that basically says "surf at your own risk; we're not responsible".

Thank you. I tryed that today and actually got a better response. Thanks a mill.