Menu
What's new
By:
Filters Better Search

DoS Protection from Asus Firewall - on or off?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Jack Yaz

Jack Yaz

Part of the Furniture
Just wondering if there's any point this being on, since I imagine any serious DDOS will drop the CPU like a bad habit anyway.
 
I read merlin saying it slows down the cpu with extra rules, and load but that's confusing since net gear has theirs on by default and it was still fast.
So I'm not entirely sure how it could hurt, id say test it.
 
Last edited:
From the man himself RMerlin
"Enabling the DoS protection will add firewall rules that will limit connection attempts (from a port scanner for example) and ICMP PINGs to a maximum of 1 per second. This will add some extra processing on the router as it will need to track the rate of each incoming connection, so it can degrade throughput performance under higher loads.

The default is "Disabled", and this is usually fine that way for a home router. If someone was attempting to truly DoS you, chances are your connection would still be flooded to the point of being unusable, so this setting is of limited usefulness. Someone pointing a few dozens of gigabits of flood at you through a DDoS will take you offline no matter what protection your router has."
https://www.snbforums.com/threads/rt-n66u-noob-questions.8122/
 
Vexira said:
From the man himself RMerlin
"Enabling the DoS protection will add firewall rules that will limit connection attempts (from a port scanner for example) and ICMP PINGs to a maximum of 1 per second. This will add some extra processing on the router as it will need to track the rate of each incoming connection, so it can degrade throughput performance under higher loads.

The default is "Disabled", and this is usually fine that way for a home router. If someone was attempting to truly DoS you, chances are your connection would still be flooded to the point of being unusable, so this setting is of limited usefulness. Someone pointing a few dozens of gigabits of flood at you through a DDoS will take you offline no matter what protection your router has."
https://www.snbforums.com/threads/rt-n66u-noob-questions.8122/
Click to expand...
Thanks, I've now set to disabled.
 
no problem, though if it is the case, I'm not sure why netgear has their enabled by default.
 
The performance impact is probably not even measurable with modern router's CPUs.
 
So it's fine to enable on the 88u?
 
netware5 said:
@RMerlin, does RT-N66U CPU fall into the "modern router's CPUs"?
Click to expand...
im going to specualte hes refering to the arm cpus not the mips, keep in mind i coud be wrong, my basis is that arm platform router cpus are running the trend micro software where as mips cant.
 
netware5 said:
@RMerlin, does RT-N66U CPU fall into the "modern router's CPUs"?
Click to expand...

Yes. The mentioned impact is more for pre-wifi days, where we had 200 MHz CPUs handling our traffic. Unless of course you run a very busy 1 Gbps link, in which case it might perhaps be measurable. I doubt anyone ever measured the latency introduced by a single iptables rule, so I'm just going by gut feeling here.
 
i stand corrected, so in that case a router like the gt 5300 should basically have the smallest amout of cpu interrupt with dos protection enabled?
 
Vexira said:
i stand corrected, so in that case a router like the gt 5300 should basically have the smallest amout of cpu interrupt with dos protection enabled?
Click to expand...

Yes, unless you're having that very busy 1 Gbps link hooked to it (and by busy, I mean with lots of new connections, since DoS rules should only be processed on new connections).
 
Jack Yaz said:
Just wondering if there's any point this being on, since I imagine any serious DDOS will drop the CPU like a bad habit anyway.
Click to expand...
Using it will give you stutters in games like CS:GO.
I've tried it, it's only "good" if you're not gaming or streaming on a low bandwidth.
 
Boggy said:
Using it will give you stutters in games like CS:GO.
I've tried it, it's only "good" if you're not gaming or streaming on a low bandwidth.
Click to expand...
That's odd to me Netgear has Thiers on and when I had Thier router it was perfectly fine oddthey must have some sort of black box code to get that working smoothly.
 
You must log in or register to reply here.

Similar threads

Q
[Feature Request] Schedule DoS Protection state and/or whitelist option
Replies
5
Views
244
ColinTaylor
C
B
Firewall lan - vpn?
Replies
0
Views
275
blast
B
C
Need help with Cake SQM
Replies
12
Views
1K
sfx2000
sfx2000
D
Solved Windows 11 updates won't download attempted disabling router settings.
Replies
18
Views
1K
DJones
D
escape75
RT-AX68U Merlin vs. 3.0.0.4.388_24646
Replies
0
Views
409
escape75
escape75
Similar threads
Thread starter Title Forum Replies Date
Q [Feature Request] Schedule DoS Protection state and/or whitelist option Asuswrt-Merlin 5
Z Solved Accidentally flashed XT12 latest merlin on a ET12 Asus Zenwifi Pro. Can't flash back stock FW. Asuswrt-Merlin 11
B Asus RT-AC5300 and ExpressVPN Asuswrt-Merlin 8
T Asus RT-AX86U vs RT-AX68U (with Merlin cake SQM) Asuswrt-Merlin 9
Coldblackice Does ASUS Merlin's QoS consider DSCP? Asuswrt-Merlin 5
JA93 iVentoy on Asus Merlin Asuswrt-Merlin 1
M [🙏 Feature request For Asus Merlin] Add Public WiFi Mode for GT-AX11000 Asuswrt-Merlin 7
A Asus Merlin 388.6_2 VPN-Director Asuswrt-Merlin 5
S Issues compiling Realtek RTL8156 (r8152) driver for ASUS RT-AX86U Asuswrt-Merlin 2
D Asus XT8 HW1 & HW2 Asus-wrt Merlin GNUton Asuswrt-Merlin 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 715 (members: 30, guests: 685)
Top