ADP flag my request to WebGUI as distributed port scan and tcp flood ?

Zulgrib
Zulgrib Posts: 27  Freshman Member
First Comment Friend Collector Third Anniversary
edited April 2021 in Security
Hello,

When I connect to a vpn 100 router to manage it remotely, I get kicked out after few minutes.
Upon investigation, the ADP functionality bans my IP with reasons of tcp-flood (53) and distributed port scanning (33).

All flood detection rules are configured to 1000 paquets per seconds, could a normal usage of google chrome generate more than 1000 paquets per seconds while browsing the webgui ?
I tried to use a private browser tab with no plugin loaded from another IP with same results.

I obviously did not launch nmap targeting the router I try to administrate, since it says distributed, I expected to see other IP in addition to mine, but only the specific IP i'm using at the moment of browsing gets blocked as it appears in the logs.

On my side, local router says there is only one connection from my local computer to the remote Zyxel router.

How do I configure ADP to not block me over normal usage of the WebGUI ?

Comments

  • PeterUK
    PeterUK Posts: 3,459  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    For me I just set TCP portscan to action none and inactivate (flood) IP flood. 
  • Zulgrib
    Zulgrib Posts: 27  Freshman Member
    First Comment Friend Collector Third Anniversary
    This defeat the whole purpose of ADP to disable it.
  • PeterUK
    PeterUK Posts: 3,459  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Your not disabling all of it.

    TCP port scan can not tell a legit connection to a scan which would be possible if it sees the TCP SYN and waits for the ACK if no ACK then it sees it as a port scan but thats not how it works.


Security Highlight