× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973
Reply

Configure denial of service and block mobile on wifi

hacesoft
Tutor

Configure denial of service and block mobile on wifi

Hello, I have the Denial of Service Configuration function on the switch, it is set with default parameters. I have a WiFi Unifi AP AC RL connected to the switch, every moment it happens to me that the port where WiFi is connected is blocked. I get a message in the switch list:

 

<11> Jan 16 03:18:04 192.168.20.10-1 DOS [43327500]: dos_api.c (1844) 4979 %% Interface g19 has been shut down by Dos attack notification

 

I probably noticed the cause of the problem:

In the UniFi Controller in the WiFi settings there is an item:

 

- Multicast and broadcast filtering

 

when I check an item:

 

- Block multicast and broadcast data in the direction from LAN to WLAN

 

So they start getting the aforementioned message .... Can you explain to me why this is happening?

 

I have the module installed on my firewall:

- Suricata Network IDS, IPS and Network Security Monitoring engine and at the time of the incident I do not see any suspicious packets ....

 

Many thanks for any information that will lead to an understanding of my problem ..

Model: GS724Tv4|ProSafe 24 ports Gigabit Smart switch
Message 1 of 2
schumaku
Guru

Re: Configure denial of service and block mobile on wifi


@hacesoft wrote:

- Block multicast and broadcast data in the direction from LAN to WLAN


Whatever is the idea to block traffic which is typically normal, and required here .... is multicast and broadcast evil or what? Just because the control does exist, it does not imply it's anyhting meaningful for a real-world network.

 


@hacesoft wrote:

So they start getting the aforementioned message .... Can you explain to me why this is happening?


You are going to block things which require to be workable, and systems on your WLAN might go and repeat normal actions where answers are expected from the network, typically the local network, say for example ARP resolution, discovery, live video streams, ... and the client might repeat the "requests" heavily for example.

 


@hacesoft wrote:

I have the module installed on my firewall:

- Suricata Network IDS, IPS and Network Security Monitoring engine and at the time of the incident I do not see any suspicious packets ....


Many things you'll never see - because the traffic is not intended for the Internet connection, is not considered evil, ...

 

 

Message 2 of 2
Top Contributors
Discussion stats
  • 1 reply
  • 717 views
  • 0 kudos
  • 2 in conversation
Announcements