Tags: router

03/31/17

  02:37:00 pm, by The Dreamer   , 1149 words  
Categories: Software, Networking

TP-Link TR-WR1043ND DoS Protection Feature and QUIC

So, discovered a problem with QUIC and my TP-Link TR-WR1043ND router the other day.

I have DoS security enabled on my, which will block hosts for ICMP-flooding, UDP flooding or TCP-SYN flooding. The default is for a 10 second sampling period, and triggers on 50 ICMPs or 500 UDPs or 50 TCP-SYNs....

Well, I fired up Chrome on my Mac (default browser is Safari, but it wouldn't open my HSA's website) And, suddenly, my Mac lost all Internet connectivity. Could still access all my local network devices, and then found that other devices (iPad) on my home network could still reach the outside world. Rebooting the Mac didn't help, nor did rebooting cable modem or router.

So, connected to my router from the Mac, to see if there any mysterious setting change (access controls?) that was getting in the way. When I happened to look at statistics, and it showed that I had hit a max of 563 udp packets during a 10 second window (to have DoS protection, statistics needed to be enabled. Which lead me to the DoS protection feature.

For some reason I had assumed it meant WAN side DoS, though it just says "protect the Router from being attacked by TCP-SYN Flood, UDP Flood and ICMP-Flood" It's from here that I can also control if it should respond to ping's on the WAN side and/or LAN side. I have it allowed for both, since ping is part of my internal Nagios check of it, and I used to have DSLreports pinging to generate latency graphs...

But, I guess it makes sense that it does internal hosts (as well?) To protect against a computer on my home network getting compromised and become a bot. Though that hasn't happened yet, as I have generally kept up with things at home.... (such as need to have antivirus software on my Macs... tried a number of free ones, but eventually purchased ClamXav, which I had used it when it was free to protect my work Macs.

So, what would be a reasonable setting for UDP-Flood protection that won't trigger due to Chrome's / Google's use of QUIC for https....likely due to having not used Chrome in a while, and it needing to update many of my extensions/apps as well as itself and other things. Though I still need to work out sync of bookmarks between my different browsers....

When looking at blocked hosts, found that my MacBookPro was also in the list, wonder when that had happened, as its been sleeping for some time now....plus I can't recall if I've gotten around to installing Chrome on it. Need to find a way to synchronize some/all of my apps between Macs.... The MacBookPro had reached a peak of 654 UDPs.... wonder if there's some way to monitor when it has blocked a host, etc. Didn't report anything in its internal logging, or daily email of logs.

Pages: 1· 2

08/04/13

  12:25:00 pm, by The Dreamer   , 633 words  
Categories: Software, Computer, Networking

Apparently my dd-wrt does loopback now

A couple months ago I asked if mosh could be made to work if the mosh-server IP changes when roaming between networks.

Years ago, I used to have routers that did 'loopback', but haven't had ones capable of it for sometime...or so I thought. Though I hadn't really had a major need for it. Except perhaps for mosh.

mosh, MObile SHell, is an ssh replacement that supports roaming and intermittent connectivity. Since I do my IRC using irssi in screen, running all the time on a server at home. This makes staying connected to IRC on my laptop much nicer. I can close my laptop, and later open it and it'll still be connected to my screen session.

The problem was when I came home, I'd be unable to recover the connection correctly and the client goes into an unrecoverable state, so that even if I later use my laptop on an outside network the mosh session won't resume.

But, today I opened my laptop (and I just realized that I didn't do what I had intended to do) and I just minimized the window out the of the way...even though it probably wouldn't recover on Monday at work. But, the dock icon showed that something wanted my attention....probably mosh-client giving up? No. Well, my nick had come up a couple of times yesterday, but it shouldn't have known that....but not really thinking, I switch to the channel. And, it does. I switch around and its working. Wait...it shouldn't be though! :!:

So what changed? I do a tcpdump and see that it is connecting to my WAN IP and getting responses from my WAN IP....'loopback' never worked for me though....

:idea: Perhaps its 'loopback' of port forwards that has never worked....

I had moved irssi from box to dbox a while back. The router has two port forwards set related to this to box, a single port TCP forward and port range UDP forward.

But, because my other router is running stock firmware, it has a limited number of port forwards...so as I was migrating services to cbox (and using nginx to reverse proxy web services on other systems on my home network, where those that use a webserver are using apache, including local services...such as cacti on cbox and nagios on dbox), I decided that I would just make cbox the DMZ host...start running host based firewalls at home, especially on this host (it also uses an IP alias...kind of like how we do hosts behind the BigIP at work &#59;D )

So that means no port forward(s) for my dd-wrt router for WAN to dbox....so I guess the NAT allows 'loopback'ng in this case.

Wonder if the same applies to my other router.

The only problem this causes is that I had plans to replace routers. I actually have a new router to replace the current stock router....though I haven't got anything that really needs to speed upgrade to 802.11ac yet in the room where I using wireless bridging. I also had plans to replace my dd-wrt router, which had started getting unreliable which they seem to do after a while....though it seems to have helped after I deleted old traffic data....

Full story »

11/13/11

  02:49:29 pm, by The Dreamer   , 930 words  
Categories: VoIP, Networking, Cox HSI, AT&T DSL, Broadband, RoadRunner

I guess it was time to replace my WRT54GS routers

Link: http://www.amazon.com/Buffalo-Technology-AirStation-Wireless-WHR-HP-GN/dp/B002WBV37Y/

For quite some time, I've been running WRT54GS routers....that I had hacked to run Sveasoft Alchemy...eventually reaching 1.0 release and then pretty much doing very little to.

Originally, I had gotten a WRT54GS v1.1 that I upgraded, and used with my Roadrunner Cablemodem service. Later word came out that newer WRT54GS had less memory than before, and were switching to non-replaceable OSs. So, I started keeping an eye out for older WRT54GS routers...to get as a spare. One day in a Wal-Mart, I was going through the WRT54GS's on a shelf...when way at the back behind the newer v5 stock, was a v2.0. Well, I had to buy it right then and there.

Later when I moved to Manhattan, KS...I was presented with the opportunity to go dual WAN. Well, wasn't my intent, but I was forced into it. So, not wanting to mess up my 'cable' configs. I set up the backup WRT54GS for DSL use.

And, things have been humming along pretty well, with the two WRT54GS routers and the running of both Cox and AT&T broadband.

That was until last September....I was trying transparent proxy and ended up bricking the WRT54GS for DSL. So, I started looking online for a new router to replace the WRT54GS that would be better than what I had now. One of the key features of Sveasoft is the better QoS...which was important since I was doing a lot of VoIP (having at the time both Lingo and Vonage, since neither had Manhattan, KS numbers...they have since gone away...and its just Broadvoice now. But, I've been thinking of getting another....) But, I had turned of QoS on the cable one, because I found that it was affecting my ability to see the speed improvements that Cox had been making to it. So, I had already started looking at what next after WRT54GS....but now with a bricked router, things were more urgent.

So, what I did was order a pair of Buffalo WHR-HP-GN (with dd-wrt) routers from Amazon, using Amazon Prime...on September 9, 2010.

Full story »

Pages: 1· 2

01/21/08

  11:18:00 am, by The Dreamer   , 130 words  
Categories: VoIP, Networking

Xantrex PowerSource 400

Link: http://www.xantrex.com/web/id/204/p/1/pt/32/product.asp

Today's UPS delivery showed up...and among the items was a Xantrex PowerSource 400.

I acquired this to run the items in my 'network' closet'.

The items in there are my DSL modem, Linksys WRT54GS, Sipura SPA-3000 and the base for my Uniden cordless phone.

My Kill-A-Watt meter had reported the load at 11W, but it doesn't even register on the load meter on the Xantrex PowerSource 400. Wonder just how much life I'll get off of this?

The manual says 8W load will give 55h of run time, while a 25W load will give 15h of run time. Nothing in between...so hard to say how long it'll last really...but it'll be over a day, eh?

I wonder if I'll invest in additional units, to cover my online activities during an extended outage.

Now instead of subjecting some poor random forum to a long rambling thought, I will try to consolidate those things into this blog where they can be more easily ignored profess to be collected thoughts from my mind.

Latest Poopli Updaters -- http://lkc.me/poop

bloglovin

There are 20 years 2 months 26 days 14 hours 38 minutes and 4 seconds until the end of time.
And, it has been 4 years 10 months 1 day 23 hours 24 minutes and 52 seconds since The Doctor saved us all from the end of the World!

Search

October 2017
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          
Google

Linkblog

  XML Feeds

Who's Online?

  • Guest Users: 0
This seal is issued to lawrencechen.net by StopTheHacker Inc.
CMS

hosted by
Green Web Hosting! This site hosted by DreamHost.

monitored by
Monitored by eXternalTest
SiteUptime Web Site Monitoring Service
website uptime