So, discovered a problem with QUIC and my TP-Link TR-WR1043ND router the other day.
I have DoS security enabled on my, which will block hosts for ICMP-flooding, UDP flooding or TCP-SYN flooding. The default is for a 10 second sampling period, and triggers on 50 ICMPs or 500 UDPs or 50 TCP-SYNs....
Well, I fired up Chrome on my Mac (default browser is Safari, but it wouldn't open my HSA's website) And, suddenly, my Mac lost all Internet connectivity. Could still access all my local network devices, and then found that other devices (iPad) on my home network could still reach the outside world. Rebooting the Mac didn't help, nor did rebooting cable modem or router.
So, connected to my router from the Mac, to see if there any mysterious setting change (access controls?) that was getting in the way. When I happened to look at statistics, and it showed that I had hit a max of 563 udp packets during a 10 second window (to have DoS protection, statistics needed to be enabled. Which lead me to the DoS protection feature.
For some reason I had assumed it meant WAN side DoS, though it just says "protect the Router from being attacked by TCP-SYN Flood, UDP Flood and ICMP-Flood" It's from here that I can also control if it should respond to ping's on the WAN side and/or LAN side. I have it allowed for both, since ping is part of my internal Nagios check of it, and I used to have DSLreports pinging to generate latency graphs...
But, I guess it makes sense that it does internal hosts (as well?) To protect against a computer on my home network getting compromised and become a bot. Though that hasn't happened yet, as I have generally kept up with things at home.... (such as need to have antivirus software on my Macs... tried a number of free ones, but eventually purchased ClamXav, which I had used it when it was free to protect my work Macs.
So, what would be a reasonable setting for UDP-Flood protection that won't trigger due to Chrome's / Google's use of QUIC for https....likely due to having not used Chrome in a while, and it needing to update many of my extensions/apps as well as itself and other things. Though I still need to work out sync of bookmarks between my different browsers....
When looking at blocked hosts, found that my MacBookPro was also in the list, wonder when that had happened, as its been sleeping for some time now....plus I can't recall if I've gotten around to installing Chrome on it. Need to find a way to synchronize some/all of my apps between Macs.... The MacBookPro had reached a peak of 654 UDPs.... wonder if there's some way to monitor when it has blocked a host, etc. Didn't report anything in its internal logging, or daily email of logs.
Pages: 1· 2
Latest Poopli Updaters -- http://lkc.me/poop
|<< <||> >>|
b2evolution «powersource 400» cfengine3 tardis «air purifier» «tivo hd» dsl cpap boinc tivo orac usb «hd movie» raid1 prescription zen 10.04lts «sans digital» replaytv migration «instant streaming» amazon.com ubuntu ebay «windows xp» box «chicago tardis» «windows 7» ups virtualbox «doctor who» lhaven netflix dvd twitter woot freebsd mdadm eyeglasses raid staples upgrade cox «amazon prime» «watch instantly» appletv backuppc progressive tv linux