What's new

RT-N66U and GRC's port scanner

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Agent Smith

New Around Here
I have a RT-N66U I think it's the black night? and every time I try to scan for open ports at GRC's port scanning webpage the network, specifically WIFI goes down. I never had this issue using a very old WRT54GL flashed with DD-WRT.

Current firmware is: 380.64_2.

This is the website: https://www.grc.com/x/ne.dll?bh0bkyd2
 
Is firewall logging enabled?

I've noticed somewhat similar problems with both RT-N56U and RT-N66U. If the firewall is configured to log dropped packets, the router gets unresponsive.

See:

https://www.snbforums.com/threads/rt-n56u-firewall-logging-causes-serious-slowdown.13766/

https://www.snbforums.com/threads/a...ion-3-0-0-4-376-3861.23155/page-2#post-177900


This didn't always happen with RT-N66U and I'm wondering why. My guess is that the router now saves the log data to NVRAM (a flash memory region) in addition to keeping it in RAM, and this is slow. But I might be completely wrong.


<edit> What firmware are you using in RT-N66U? That number (380.64_2) looks strange. Is it very old, or is it custom?

<edit 2> Ok so this is the Asuswrt-Merlin subforum so obviously it's Merlin's firmware. Didn't notice that. :p
 
Last edited by a moderator:
BTW- This is like a DDoS attack and yet I saw an option in the router for anti-DDoS. :eek: What is that feature anyway?

Here's some information:
https://www.asus.com/us/support/FAQ/1031610/

So it attempts to detect and suppress certain types of more sophisticated attacks that are based on malformed packets or exhaustion of receiver connection resources. Simple bandwidth-based attacks (UDP/ICMP flooding) can't be mitigated by on-site solutions.

Generally, people seem to recommend turning it off. It increases router's workload and it isn't very useful for most users. It may help if you have a server that is subject to these specific attacks. But it won't stop crude and heavy bandwidth-based attacks.

I don't know how well that feature works in Asus routers, but some "DoS protection" schemes used in home routers may actually cause problems if there is lots of traffic to/from the internet. They simply think that the traffic is caused by an attack and start slowing it down or discarding parts of it.


This showed up on my LTS fork last year, and I put in a change to address it.
https://www.snbforums.com/threads/f...lts-releases-v24e3.18914/page-230#post-287133

I'm not 100% sure but I think this problem didn't occur with some old versions of the stock firmware of RT-N66U (see the links in my previous post). On newer versions it does occur. Do you know if changes were made to the logging routines?
 
I don't know how well that feature works in Asus routers

All it does is throttle those specific packet types to 1 per second. Nothing really sophisticated there, this ain't an IPS or anything similar, and it doesn't put any real pressure on your CPU either (that claim must come from the WRT54G days where CPUs were a fraction of today's CPU speed).
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top