Skynet Will skynet help me on blocking these DDoS attacks?

[L&LD]

1. Consumer routers don't have anything extra as resources. They have enough to (barely) meet specs.

2. I don't need to know. If ISPs and other giant corporations can be DDoS out of cyberspace, any consumer router is automatically outclassed.

If I'm remembering correctly, RMerlin has stated this point of view too.

 

[ColinTaylor]

You obviously don't know what the router's DOS protection option does. So you're not really in a position to be telling other people whether it should be on or off.

It is rather academic for the OP anyway as he isn't actually suffering from a DDOS attack.

 

[L&LD]

The router doesn't have DDoS protection anyway.

And it is rather academic if I 'know' or not. I can search (and learn).

ASUS RT-AC86U Firmware version 3.0.0.4.384_81351

so here i am just browsing since i'm having another insomniac episode and i learn that the latest fw has some excessive loading on the cpu. checked my router and goodness!! both cores are pretty much pegged at 100%. so back to 45717 i went and lo and behold, we're back to normal again. methinks...

www.snbforums.com

DDOS... It's happening

About 2 weeks ago a "friend of a friend" joined an xbox party I was in. My friends and I were in game chat (not party chat) and this person started counting down in messages 10,9,8 etc. He got to 1 and the next message said GAME OVER. We all got booted. I came back online and rejoined the party...

www.snbforums.com

and a few more...

(1) Advanced search results | SmallNetBuilder Forums (snbforums.com)

 

[ColinTaylor]

I can search (and learn).

Indeed. That's what you should have done rather than telling people to turn off DOS protection when you didn't actually understand the implications.

 

[L&LD]

But so can they (search). I simply added a data point to the conversation.

There are no implications for turning it off. At least, not on a properly working network (where you aren't spamming yourself).

 

[Liang]

1. Consumer routers don't have anything extra as resources. They have enough to (barely) meet specs.

2. I don't need to know. If ISPs and other giant corporations can be DDoS out of cyberspace, any consumer router is automatically outclassed.

If I'm remembering correctly, RMerlin has stated this point of view too.

Hm. So consumer router can't hold it up with ddos? is there any router should I get that can defend from DDoS attack?

 

[L&LD]

Read post 21.

 

[Liang]

Read post 21.

I hosting a Minecraft server of my own with port forwarding. Past few days I getting some Ddos and the same syslog in this post. I have been thinking of a business router. Can it defend from some "light" DDoS?

 

[RMerlin]

Enabling DoS protection actually can help reduce the load. What it does is throttle the sending of replies, which will reduce the CPU and network load a bit. However it will not do much to help in case of a DDoS.

 

[Skely]

Could you guys help me see about this? Is there anything that I can do to avoid it? before the " Aug 20 11:18:36 WAN Connection: Fail to connect with some issues. " , the router CPU1 went up to 100% then i no longer have access to the internet. Is everything above a syn flood attack? there's still alot alot more in the log but just the log didn't record all. Is there a possibility that it flooded my router and my router went reboot? it says DROP but is there a limit for DROP?

 

[follower]

Hm. So consumer router can't hold it up with ddos? is there any router should I get that can defend from DDoS attack?

No it can't. Impossible. There is no router can defend from DDoS. Only your ISP and some DDoS protection companies can do that like Cloudflare, Akamai.
However they don't provide the service to consumers but companies.

 

[follower]

I hosting a Minecraft server of my own with port forwarding. Past few days I getting some Ddos and the same syslog in this post. I have been thinking of a business router. Can it defend from some "light" DDoS?

You can't protect the server from DDoS attack if you run your Minecraft server in your home. You can use DDoS protection service if you use Server Hosting in the IDC and pay for DDoS protection service. It's not related in Routers but Backbone.

 

[dave14305]

Could you guys help me see about this? Is there anything that I can do to avoid it? before the " Aug 20 11:18:36 WAN Connection: Fail to connect with some issues. " , the router CPU1 went up to 100% then i no longer have access to the internet. Is everything above a syn flood attack? there's still alot alot more in the log but just the log didn't record all. Is there a possibility that it flooded my router and my router went reboot? it says DROP but is there a limit for DROP?

It looks like you’re a target of a NTP Reflection attack (source port 123/udp). Can you change your IP and any DDNS hostname someone might be using to locate your IP?

 

[Skely]

I see that you're using RT-AC86U , im planning to get one , is the two way IPS AiProtection function in your router works for my situation? My IP is dynamic , whenever my router reboots , my IP changes.

 

[ColinTaylor]

@Skely Do you have reason to think that you personally are the target of an attack. For example have you upset people in an online game?

The type of traffic being logged in your files of August 19 & 20 (the NTP traffic Dave mentioned) is different than the traffic in your other two files of Aug 12 & 16. In those earlier files there is no NTP traffic or unusual drops. The majority of traffic there is accepted traffic forwarded to an internal machine. That accepted traffic might be normal if you are running a public server of some kind.

I see that you're using RT-AC86U , im planning to get one , is the two way IPS AiProtection function in your router works for my situation? My IP is dynamic , whenever my router reboots , my IP changes.

It looks like you currently have an RT-AX55 router so you can try AiProtection for yourself to see if it helps.

 

[dave14305]

I see that you're using RT-AC86U , im planning to get one , is the two way IPS AiProtection function in your router works for my situation? My IP is dynamic , whenever my router reboots , my IP changes.

I don’t use AiProtection, nor Skynet.

Your IP changes after a reboot, but then you update Asus DDNS with the new IP. So if someone is targeting you and knows your ddns hostname, you’re making it easy for them to find you again after a reboot and IP change. That’s why I also suggested changing your ddns hostname.

 

[Skely]

Yes im on a RT-AX55 and the aiprotection doesnt help , i am hosting public servers for minecraft and i think they attacked my subdomain which connected to my ddns hostname. i dont upset people in an online game.

 

[Skely]

From the Aug 12 log , you can see all IP is accepted to port 28265 , but the port server is a private server located in Malaysia around 10 players only which the IP should be Malaysians only. But the IP there is from the world , from lots of country

 

[ColinTaylor]

I don't play Minecraft. Can you explain why someone would go to the trouble (and expense) of setting up a DDOS attack on a Minecraft server that only hosts 10 players. Is this sort of thing common?

 

[Skely]

I wanna know the reason too... getting a disconnect attack everyday is frustrating