So, discovered a problem with QUIC and my TP-Link TR-WR1043ND router the other day.
I have DoS security enabled on my, which will block hosts for ICMP-flooding, UDP flooding or TCP-SYN flooding. The default is for a 10 second sampling period, and triggers on 50 ICMPs or 500 UDPs or 50 TCP-SYNs....
Well, I fired up Chrome on my Mac (default browser is Safari, but it wouldn't open my HSA's website) And, suddenly, my Mac lost all Internet connectivity. Could still access all my local network devices, and then found that other devices (iPad) on my home network could still reach the outside world. Rebooting the Mac didn't help, nor did rebooting cable modem or router.
So, connected to my router from the Mac, to see if there any mysterious setting change (access controls?) that was getting in the way. When I happened to look at statistics, and it showed that I had hit a max of 563 udp packets during a 10 second window (to have DoS protection, statistics needed to be enabled. Which lead me to the DoS protection feature.
For some reason I had assumed it meant WAN side DoS, though it just says "protect the Router from being attacked by TCP-SYN Flood, UDP Flood and ICMP-Flood" It's from here that I can also control if it should respond to ping's on the WAN side and/or LAN side. I have it allowed for both, since ping is part of my internal Nagios check of it, and I used to have DSLreports pinging to generate latency graphs...
But, I guess it makes sense that it does internal hosts (as well?) To protect against a computer on my home network getting compromised and become a bot. Though that hasn't happened yet, as I have generally kept up with things at home.... (such as need to have antivirus software on my Macs... tried a number of free ones, but eventually purchased ClamXav, which I had used it when it was free to protect my work Macs.
So, what would be a reasonable setting for UDP-Flood protection that won't trigger due to Chrome's / Google's use of QUIC for https....likely due to having not used Chrome in a while, and it needing to update many of my extensions/apps as well as itself and other things. Though I still need to work out sync of bookmarks between my different browsers....
When looking at blocked hosts, found that my MacBookPro was also in the list, wonder when that had happened, as its been sleeping for some time now....plus I can't recall if I've gotten around to installing Chrome on it. Need to find a way to synchronize some/all of my apps between Macs.... The MacBookPro had reached a peak of 654 UDPs.... wonder if there's some way to monitor when it has blocked a host, etc. Didn't report anything in its internal logging, or daily email of logs.
Pages: 1· 2
Some time before I bought one, I had often wished I had a Travel Router during my travels. And, I know I looked at whether it would be possible to use my Linux laptop as such.
But, then on November 25th, 2011, Black Friday....meaning I was at Chicago TARDIS at the time....I had on the spur of the moment ordered the ZuniConnect ZTRP150 WiFi Travel Router with USB Charging by ZuniDigital from NewEgg.com.
As I recall, it then sat around for months until I finally set it up, in preparation for possible use on my next trip....Gallifrey One in 2012.
The turn hotel ethernet into WiFi for all my gadgets was really nice, since most hotels only allow one device per room to register for its free or pay wireless. (though I heard some allow pay per device....) But, my reasoning at the time was the large number of Eye-Fi cards that I have in my collection, which are unable to connect to such WiFi, even when its free and its just an EULA page that needs to be accepted.
Otherwise, I wasn't too WiFi dependent gadget heavy then....I could use 3G on my smartphone, and my Kindles all did 3G or something (either exclusively or later with WiFi...I had started carrying the Kindle Fire, original, on trips....so it was the first that would benefit from a travel router.)
It was November 23, 2012 that I started my journey into the world of Chromebook (I had preordered it, and that's when it shipped....at first I was traveling with both my Linux laptop and the Chromebook, but for some time now...I've been going with just the Chromebook. Which has been challenging, like now I can't add SSIDs to my eye-fi cards on the road. So, I have to hope that I got the right ones pre-added to the cards. Along with some of the ones I know what will work, like the SSID for my MiFi2200 or later tethering off of my HTC One (I got the 5GB tethering plan, because lower tiers weren't eligible for employee discount and I had been looking to upgrade from MiFi....but hadn't found a reasonable pay as I go, but can't be activated because I don't live in an area that's covered by it.
Though I did consider exiting the Smartphone crowd and getting a contract Mobile Hotspot, but there isn't anything in an Android 4.3/4.4+ equivalent to iPod Touch....or WiFi only smart phone ???
Now, I guess I've been lucky with the ZuniConnect, which has two modes, Router or WISP. It has both a WAN and LAN port, so there's lots of different ways it could be used.
Long before this, I already had a RoadWarrior travel Ethernet cable in my carry on....so I wasn't stuck if the room only had a jack. And, the router mode was all I needed. It was pretty much plug it in and go everywhere that I stayed.
That was until my previous trip....the one to visit my brother and parents for Christmas. The hotel I stayed at didn't have Ethernet in the room. I had never looked at WISP, but knew it was something I was going to need to use eventually.
Well, it was a bust, because WISP is largely a different configuration in the router, because I would see ZuniConnect or something as an SSID sometimes, but not be able to connect to it. Not sure I know how to connect Chromebook to WPS, or if its possible. etc. But, in the end found that the only way to configure WISP is through ethernet. And, none of my devices had ethernet ports. (I'd still be screwed if I had a MacBook Air along....)
So, I made a note to investigate alternative Travel Routers and to acquire a USB Ethernet adapter for my Chromebook, etc. I eventually got both as part of a larger order from Amazon.com on Jan 22, 2014. I got a "Plugable" USB Ethernet adapter, because it was specifically listed as an adapter from Chromebook. And, I got a TP-Link TL-WR702N, Which sounded like it also did all I wanted, had been favorably reviewed and I've been pretty happy with the TP-Link TL-WR1043ND router that handles my Cox connection to the world....doesn't do all the stuff I liked doing with DD-WRT (though I could DD-WRT it)...but its been rock solid, and since I've moved to running nginx reverse proxy on a DMZ host, the 16 port forwarding limitation isn't an issue. QoS might start to become a concern though. But, I still primarily do that through DD-WRT on AT&T connection to the world. Some day I think I want to try pfSense....
But, that hotel stay wasn't a problem since they're WiFi access was controlled by a password that is given out at check-in....so I could connect all my devices to the WiFi without problems.
Anyways....these items sat around in their packages, until the night before I was to depart for Gallifrey One 2014.
The USB Ethernet adapter just worked and wasn't a problem (though I haven't registered its MAC with my network, which only does reserved DHCP ... its on my list to create a guest network, which can be helpful for discovering MAC address of devices that don't have them printed anywhere on them. But, it hasn't been an issue with wireless devices, since those failed attempts show up in my radius log. Which probably also shows up in the dhcp log (I suppose I should set those logs to forward to zen, so I can see them and add them to the appropriate files in CFEngine 3 repository....still haven't gotten cf-runagent working though.)
The TP-Link TL-WR702N was another story. Again it looks like it needs to be configured manual for WIFi Bridging through its ethernet port, but the ethernet port being dual mode LAN or WAN, its out of scope for its built-in DHCP (which is also disabled by default...) Also of annoyance was that its SSID was fixed, couldn't tailor it to my convention, but rather its own convention ending with the last 3 octets of its MAC. Where the default password is the last 4 octets. It does allow you to change the password, along with other encryption settings, or go open. It has a dropdown list for channel, which had defaulted to AUTO. But, it won't allow you leave the page until its been changed to be the same channel as the selected WiFi. Seems its a flaw with all WISP, that they attach to BSSID.... I have two APs at home, both with the same SSID, but different BSSID (of course) and different channels. Yet, my bedroom is still in a hole....
Could be interesting in a hotel environment where there's going to to be many different BSSID/Channels, which might change throughout the stay.
But, I ran into a problem. I couldn't not get my Chromebook to connect to the Ethernet port. It didn't do DHCP, but Chromebook has options to set things manually, but Chromebook still wouldn't connect. I suspect there's something Chromebook expects to get answers for to determine that the connection makes sense, and the TP-Link doesn't do it. At first I thought the Chromebook was expecting a fully usable Internet connection....which doesn't make sense, since its able to use captive portals, though often the captive portals only block http/https initially, or provide/leak enough to satisfy my Chromebook.... That was until this Gallifrey One trip....
Latest Poopli Updaters -- http://lkc.me/poop
|<< <||> >>|
«chicago tardis» raid ups prescription «windows xp» cpap dvd ebay freebsd lhaven tardis cfengine3 linux progressive boinc wifi appletv raid1 ubuntu netflix replaytv zen «powersource 400» «air purifier» «watch instantly» usb b2evolution «tivo hd» twitter box dsl orac migration «windows 7» 10.04lts virtualbox «sans digital» amazon.com tivo «amazon prime» woot upgrade tv «instant streaming» eyeglasses backuppc «doctor who» mdadm «hd movie» cox