USG60 Udp flood
Comments
-
If its a full on DoS by UPnP reflection attack then their might be nothing you can do about it...
You can try putting a switch between your modem and USG 60 and make a ACL rule to drop UDP source port 1900 but it might not help.
On another note that rule 2 for all_ips from WAN to any looks to be a bad rule.
And going by your log you seem to be double Natting?
also logging may add to CPU load
1 -
Hi @detractor,
If it have large amount attack traffic continuously, I would suggest to disable the log on Security rule#1 temporarily,
because the device keep on writing the log, which will consume the CPU loading.
1 -
PeterUK said:
If its a full on DoS by UPnP reflection attack then their might be nothing you can do about it...
You can try putting a switch between your modem and USG 60 and make a ACL rule to drop UDP source port 1900 but it might not help.
On another note that rule 2 for all_ips from WAN to any looks to be a bad rule.
And going by your log you seem to be double Natting?
also logging may add to CPU load
without the second rule, I can not connect from wan to RDP and other service0 -
Sory it is not true detractor said:PeterUK said:
If its a full on DoS by UPnP reflection attack then their might be nothing you can do about it...
You can try putting a switch between your modem and USG 60 and make a ACL rule to drop UDP source port 1900 but it might not help.
On another note that rule 2 for all_ips from WAN to any looks to be a bad rule.
And going by your log you seem to be double Natting?
also logging may add to CPU load
without the second rule, I can not connect from wan to RDP and other service
0 -
PeterUK said:
If its a full on DoS by UPnP reflection attack then their might be nothing you can do about it...
You can try putting a switch between your modem and USG 60 and make a ACL rule to drop UDP source port 1900 but it might not help.
On another note that rule 2 for all_ips from WAN to any looks to be a bad rule.
And going by your log you seem to be double Natting?
also logging may add to CPU load
no port drop source in usg60
0 -
That why I said put a switch between your modem and USG 60 and make a ACL on the switch.
As for RDP you can make a rule from WAN to LAN1 or the port RDP PC is connected to with service to the RDP normally port 3389.
0 -
It's about udp flooding. The number of sessions is growing. How do I disable them?0
-
If someone is out to get you by a DoS from some UPnP enabled router exposed on the WAN side which it looks to be not much you can do but change your IP? can your ISP modem be put into modem mode or bridge mode?
Have you tried changing the log to no? Also change the log in ADP to no for UDP flood.
0 -
To be more precise. There is a service www.ipstresser.com .Specify ip and udp port. Well, usg60 hangs. log turned off0
-
Hi @detractor,
You may try reduce the threshold from 1000 to something lower.
If the CPU still goes high, please help me to get the following CLI result.
Router# show cpu all
Router# debug system ps | match "zylogger"
Router# debug system show cpu status
Router# show cpu average
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight