Need advice how to troubleshoot a potential sporadic DDOS against my home network behind ASUS RT-AC88U

Meshuggah

New Around Here
Hi,

I've recently starting to experience sporadic bursts of huge incoming traffic from unknown source.
Because of this I loose my internet connection until I restart router. Sometimes it will stop without me restarting anything.

Is there any good tools how to troubleshoot the source(s) of this flood of traffic?

I can't really find anything useful in the UI and I'm familiar in using CLI. But is tcpdump together with wireshark the only option here?

Regards
 

ColinTaylor

Part of the Furniture
If it's from a single source that would be DOS rather than DDOS. As a first step I would enable DoS protection in the router's Firewall settings if it isn't already.

What makes you think it's caused by "huge incoming traffic" rather than some other problem?
 

Meshuggah

New Around Here
Hi,

DOS protection is enabled.

When I loose my internet connection I log into the Router UI and see that there is 1Gbit incoming traffic.
 

ColinTaylor

Part of the Furniture
When I loose my internet connection I log into the Router UI and see that there is 1Gbit incoming traffic.
I might be wrong but if you're seeing 1Gb of traffic in the router's Traffic Monitor then it must be going somewhere. In other words something on your network has initiated (or allowed) the incoming traffic. If it were random unsolicited traffic it would be dropped by the firewall and wouldn't show up in the Traffic Monitor.

Can you see where the traffic is going in Traffic Analyzer - Statistic?
 

Meshuggah

New Around Here
Hi,

That is the thing. I can't see any traffic with these numbers on my internal devices when I go to Traffic Analyzer so therefore I make the conclusion that none of my devices is trigging this behavior.
 

ColinTaylor

Part of the Furniture
I'd be more inclined to think it's something on the router trying to download something, and possibly failing and retrying. Are you using any addon scripts?
 

Meshuggah

New Around Here
I found that spdMerlin was scheduled to run every 30th minute. That could explain the incoming burst of traffic but I haven't seen indications of high cpu load during these times. UI is 100% responsive.
Anyway.. i disabled this and now I will see if this has solved the issue or not.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top