ADP flag my request to WebGUI as distributed port scan and tcp flood ?
Hello,
When I connect to a vpn 100 router to manage it remotely, I get kicked out after few minutes.
Upon investigation, the ADP functionality bans my IP with reasons of tcp-flood (53) and distributed port scanning (33).
All flood detection rules are configured to 1000 paquets per seconds, could a normal usage of google chrome generate more than 1000 paquets per seconds while browsing the webgui ?
I tried to use a private browser tab with no plugin loaded from another IP with same results.
I obviously did not launch nmap targeting the router I try to administrate, since it says distributed, I expected to see other IP in addition to mine, but only the specific IP i'm using at the moment of browsing gets blocked as it appears in the logs.
On my side, local router says there is only one connection from my local computer to the remote Zyxel router.
How do I configure ADP to not block me over normal usage of the WebGUI ?
When I connect to a vpn 100 router to manage it remotely, I get kicked out after few minutes.
Upon investigation, the ADP functionality bans my IP with reasons of tcp-flood (53) and distributed port scanning (33).
All flood detection rules are configured to 1000 paquets per seconds, could a normal usage of google chrome generate more than 1000 paquets per seconds while browsing the webgui ?
I tried to use a private browser tab with no plugin loaded from another IP with same results.
I obviously did not launch nmap targeting the router I try to administrate, since it says distributed, I expected to see other IP in addition to mine, but only the specific IP i'm using at the moment of browsing gets blocked as it appears in the logs.
On my side, local router says there is only one connection from my local computer to the remote Zyxel router.
How do I configure ADP to not block me over normal usage of the WebGUI ?
0
Comments
-
For me I just set TCP portscan to action none and inactivate (flood) IP flood.0
-
This defeat the whole purpose of ADP to disable it.0
-
Your not disabling all of it.
TCP port scan can not tell a legit connection to a scan which would be possible if it sees the TCP SYN and waits for the ACK if no ACK then it sees it as a port scan but thats not how it works.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight