DDOS protection in "Firewall" is disabled by default?

[neil0311]

I understand what DDOS is and why you'd want to protect against it. I'm using a RT-AC1900P with the latest Merlin build. I previously had an RT-AC68P which died, so I'm reasonably familiar with the router and the configuration of the firmware.

I had always left the setting for DDOS protection at the default of "OFF" but decided with my new router to enable it. When I did I noticed ping times using Speedtest and via tracert tripled from 11ms to 33ms. The question is 1) why is DDOS protection off by default, and 2) is it recommended to enable, and if so, why the performance hit?

 

[AndreiV]

I have always had DDOS protection "ON" and never seen any difference in performance. Speedtests and pings are unaffected with it set on or off.

 

[ColinTaylor]

Absolutely no difference in ping times here with DDOS protection on or off.

 

[neil0311]

I have always had DDOS protection "ON" and never seen any difference in performance. Speedtests and pings are unaffected with it set on or off.

Definitely not the case here. Repeatable and observable. I guess I just leave it off.

 

[RMerlin]

why is DDOS protection off by default

Because it can interfere with regular traffic/troubleshooting, as it throttles certain ICMP packets.

 

[neil0311]

Because it can interfere with regular traffic/troubleshooting, as it throttles certain ICMP packets.

Thanks.