Barrage of DoS attacks from legitimate sources

Retired_Member
Sep 29, 2021
They are most certainly false positives, I was just wondering if there was an way to at the very least minimize the frequency of them, as this didnt happen with our last R7000 router.
- Razor512
  Prodigy
  Sep 29, 2021
  It is not that they didn't happen with the old router, it is that the router just ignored or simply couldnt identify them.
  
  Identifying an attack can be difficult apart from the obvious, e.g., if an IP is flooding you (saturating the WAN connection) with unrequested traffic then it will clearly be able to tell that a DOS attack is happening.
  
  There is no way to make it 100% acurate since there is no way to tell since there is no way to tell the intent behind the traffic, thus they tend to air on the side of mistrust, especially if something happens like an IP that you did not initiate any communication with, is trying to send SNMP traffic to you.
  The router will drop the unrequested traffic anyway in both cases, but the newer router be able to identify the type of traffic and estimate if it could have been malicious or not.
  
  A good way to understand it, is to think of the term used in podcasts such as Security Now; the term is Internet Background Radiation.
  Basically tons of unrequested traffic from the various botnets, milions of infected PCs, even some ancient windows 98 systems that are still plugged in someway and is trying to spread the malware that it was infected with, where they simply scan the entire IP range endlessly and try to find vulnerable syastems.
  - Retired_Member
    Sep 30, 2021
    In the end I ended up disabling the inbuilt DoS and Port scan protection as we already have Netger Armor, which also have it and its detecting nothing, we never suspected it was an actual attack as it was regular and not nearly the thousands you usually recieve in an actual DoS attack.

Forum Discussion

Barrage of DoS attacks from legitimate sources