What's new

Need advice how to troubleshoot a potential sporadic DDOS against my home network behind ASUS RT-AC88U

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Meshuggah

New Around Here
Hi,

I've recently starting to experience sporadic bursts of huge incoming traffic from unknown source.
Because of this I loose my internet connection until I restart router. Sometimes it will stop without me restarting anything.

Is there any good tools how to troubleshoot the source(s) of this flood of traffic?

I can't really find anything useful in the UI and I'm familiar in using CLI. But is tcpdump together with wireshark the only option here?

Regards
 
If it's from a single source that would be DOS rather than DDOS. As a first step I would enable DoS protection in the router's Firewall settings if it isn't already.

What makes you think it's caused by "huge incoming traffic" rather than some other problem?
 
Hi,

DOS protection is enabled.

When I loose my internet connection I log into the Router UI and see that there is 1Gbit incoming traffic.
 
When I loose my internet connection I log into the Router UI and see that there is 1Gbit incoming traffic.
I might be wrong but if you're seeing 1Gb of traffic in the router's Traffic Monitor then it must be going somewhere. In other words something on your network has initiated (or allowed) the incoming traffic. If it were random unsolicited traffic it would be dropped by the firewall and wouldn't show up in the Traffic Monitor.

Can you see where the traffic is going in Traffic Analyzer - Statistic?
 
Hi,

That is the thing. I can't see any traffic with these numbers on my internal devices when I go to Traffic Analyzer so therefore I make the conclusion that none of my devices is trigging this behavior.
 
I'd be more inclined to think it's something on the router trying to download something, and possibly failing and retrying. Are you using any addon scripts?
 
I found that spdMerlin was scheduled to run every 30th minute. That could explain the incoming burst of traffic but I haven't seen indications of high cpu load during these times. UI is 100% responsive.
Anyway.. i disabled this and now I will see if this has solved the issue or not.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top