ADP flag my request to WebGUI as distributed port scan and tcp flood ?
Hello,
When I connect to a vpn 100 router to manage it remotely, I get kicked out after few minutes.
Upon investigation, the ADP functionality bans my IP with reasons of tcp-flood (53) and distributed port scanning (33).
All flood detection rules are configured to 1000 paquets per seconds, could a normal usage of google chrome generate more than 1000 paquets per seconds while browsing the webgui ?
I tried to use a private browser tab with no plugin loaded from another IP with same results.
I obviously did not launch nmap targeting the router I try to administrate, since it says distributed, I expected to see other IP in addition to mine, but only the specific IP i'm using at the moment of browsing gets blocked as it appears in the logs.
On my side, local router says there is only one connection from my local computer to the remote Zyxel router.
How do I configure ADP to not block me over normal usage of the WebGUI ?
When I connect to a vpn 100 router to manage it remotely, I get kicked out after few minutes.
Upon investigation, the ADP functionality bans my IP with reasons of tcp-flood (53) and distributed port scanning (33).
All flood detection rules are configured to 1000 paquets per seconds, could a normal usage of google chrome generate more than 1000 paquets per seconds while browsing the webgui ?
I tried to use a private browser tab with no plugin loaded from another IP with same results.
I obviously did not launch nmap targeting the router I try to administrate, since it says distributed, I expected to see other IP in addition to mine, but only the specific IP i'm using at the moment of browsing gets blocked as it appears in the logs.
On my side, local router says there is only one connection from my local computer to the remote Zyxel router.
How do I configure ADP to not block me over normal usage of the WebGUI ?
0
Comments
-
For me I just set TCP portscan to action none and inactivate (flood) IP flood.0
-
This defeat the whole purpose of ADP to disable it.0
-
Your not disabling all of it.
TCP port scan can not tell a legit connection to a scan which would be possible if it sees the TCP SYN and waits for the ACK if no ACK then it sees it as a port scan but thats not how it works.
0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 115 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 64 Switch Ideas
- 900 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 832 Nebula FAQ
- 402 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight