• March 28, 2024, 07:24:36 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Router Troubleshooting, flood attack on lan ports..  (Read 13822 times)

Commissar

  • Level 1 Member
  • *
  • Posts: 6
Router Troubleshooting, flood attack on lan ports..
« on: February 15, 2019, 09:31:02 AM »

Hi there, im new on this forum, i have problem with router like i have 20mb internet speed with cable directly puted into PC, but when i put into router then from router into PC, my internet speed is 2-3 mb.. i have firewall on pc and i blocked every single application and still its 2-3 mb speed..
I found something interesting on router configuration,

Time and Date   Message
Feb 15 18:28:12   Per-source ACK Flood Attack Detect (ip=104.16.59.37) Packet Dropped
Feb 15 18:28:12   Whole System ACK Flood Attack from WAN Rule:Default deny
Feb 15 18:27:12   Per-source ACK Flood Attack Detect (ip=104.16.59.37) Packet Dropped
Feb 15 18:27:12   Whole System ACK Flood Attack from WAN Rule:Default deny
Feb 15 18:26:12   Per-source ACK Flood Attack Detect (ip=104.16.59.37) Packet Dropped
Feb 15 18:26:12   Whole System ACK Flood Attack from WAN Rule:Default deny
Feb 15 18:25:12   Per-source ACK Flood Attack Detect (ip=104.16.59.37) Packet Dropped
Feb 15 18:25:12   Whole System ACK Flood Attack from WAN Rule:Default deny
Feb 15 18:24:12   Per-source ACK Flood Attack Detect (ip=104.16.59.37) Packet Dropped
Feb 15 18:24:12   Whole System ACK Flood Attack from WAN Rule:Default deny

thats these packet drops, i tried to fix it and trying to find a solution but nothing works i tried everything, from to turn (router) firewall off (didnt helped), to turn everything off(also didnt helped), im currently using DIR-605L router soo i really need help, because i dont want to spend money on a new router..   :)
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Router Troubleshooting, flood attack on lan ports..
« Reply #1 on: February 15, 2019, 09:32:34 AM »

Link>Welcome!

What model D-Link router do you have?

  • What Hardware version is your router? Look at sticker under the router case.
  • Link>What Firmware version is currently loaded? Found on the routers web page under status.
  • What region are you located?
  • Are you wired or wireless connected to the router?


Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have?

Check the IP address you see in the attack at domaintools.com to see where that IP address is coming from.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Commissar

  • Level 1 Member
  • *
  • Posts: 6
Re: Router Troubleshooting, flood attack on lan ports..
« Reply #2 on: February 15, 2019, 09:37:08 AM »

Link>Welcome!

What model D-Link router do you have?

  • What Hardware version is your router? Look at sticker under the router case.
  • Link>What Firmware version is currently loaded? Found on the routers web page under status.
  • What region are you located?
  • Are you wired or wireless connected to the router?


Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have?

Check the IP address you see in the attack at domaintools.com to see where that IP address is coming from.


i have dlink DIR-605L
Hardware: B2
Firmware 2.12
Region: Serbia
Im wired connected

ISP Service: KBCNet
And Cable
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Router Troubleshooting, flood attack on lan ports..
« Reply #3 on: February 15, 2019, 12:06:19 PM »

If you have the SPI firewall enabled then this is the router doing it's job and reporting whats happening in the logs. It's stopping the attacks.
You'll need to contact your ISP to see if they can help you block these from actually happening or move your modems IP address your ISP gives you to a different IP address. However the attacker could follow you.

Good Luck.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Commissar

  • Level 1 Member
  • *
  • Posts: 6
Re: Router Troubleshooting, flood attack on lan ports..
« Reply #4 on: February 15, 2019, 12:12:59 PM »

I already did, but they said its not attacker, its a something about firewall rules are so strict, so router is distraffic the ports..
so i dont know how to change the rules at firewall
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Router Troubleshooting, flood attack on lan ports..
« Reply #5 on: February 15, 2019, 12:21:46 PM »

The firewall feature is mostly automatic. You can set Port Forwarding configurations to help with ports getting thru from the WAN side. Theres no configurations for the firewall though. It's automatic. What happens if you temporarily disable SPI? Re-enable after testing.

What was the details of that IP address listed in the logs?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Commissar

  • Level 1 Member
  • *
  • Posts: 6
Re: Router Troubleshooting, flood attack on lan ports..
« Reply #6 on: February 15, 2019, 01:09:40 PM »

The firewall feature is mostly automatic. You can set Port Forwarding configurations to help with ports getting thru from the WAN side. Theres no configurations for the firewall though. It's automatic. What happens if you temporarily disable SPI? Re-enable after testing.

What was the details of that IP address listed in the logs?

When i disable spi, logs are not showing anymore, but the ping is higher than usuall..
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Router Troubleshooting, flood attack on lan ports..
« Reply #7 on: February 15, 2019, 01:24:40 PM »

What was the details of that IP address listed in the logs?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Commissar

  • Level 1 Member
  • *
  • Posts: 6
Re: Router Troubleshooting, flood attack on lan ports..
« Reply #8 on: February 15, 2019, 01:45:17 PM »

What was the details of that IP address listed in the logs?

It says its a cloudflare
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Router Troubleshooting, flood attack on lan ports..
« Reply #9 on: February 15, 2019, 01:54:01 PM »

Are you using any custom DNS on the router or do any of your devices use cloudfare DNS, 1.1.1.1?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Commissar

  • Level 1 Member
  • *
  • Posts: 6
Re: Router Troubleshooting, flood attack on lan ports..
« Reply #10 on: February 16, 2019, 03:26:59 AM »

Are you using any custom DNS on the router or do any of your devices use cloudfare DNS, 1.1.1.1?

no, its set on " Receive DNS from ISP"
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Router Troubleshooting, flood attack on lan ports..
« Reply #11 on: February 16, 2019, 11:52:54 AM »

Do you have anything or a device that has services from this address?
Do you have a different router that you can test with?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

alphahydrae

  • Level 1 Member
  • *
  • Posts: 1
Re: Router Troubleshooting, flood attack on lan ports..
« Reply #12 on: February 22, 2019, 03:44:50 AM »

I have the same issue. I posted it in reddit/r/techsupport.
Here is the link: https://www.reddit.com/r/techsupport/comments/as7w89/my_pc_location_is_incorrect_when_router_is/

@Commissar, have you checked your Speedtest? My Speedtest gives me different recommended server. Try to check yours. Im from PH but Speedtest tells me that recommended server is either India, Russia, Canada, or some other Eastern EU which causes the internet speed to slow down since its far away from where I am.

There is no issue when router is disconnected from the ISP Router-Modem. Issue only occurs when this same DLINK DIR 605L is connected to it and I just experienced this recently this Feb as well.
« Last Edit: February 22, 2019, 03:49:38 AM by alphahydrae »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Router Troubleshooting, flood attack on lan ports..
« Reply #13 on: February 22, 2019, 06:29:25 AM »

Link>Welcome!

  • If the ISP modem has a built in router, it's best to bridge the modem. Having 2 routers on the same line can cause connection problems: Link>Double NAT and How NAT Works. Call the ISP and ask to see if the ISP modem can be bridged. To tell if the modem is bridged or not, look at the routers web page, Status/Device Info/Wan Section, if there is a 192.168.0.# address in the WAN IP address field, then the modem is not bridged. If the modem can't be bridged then see if the modem has a DMZ option and input the IP address the router gets from the modem and put that into the modems DMZ. Also check the routers DHCP IP address maybe conflicting with the ISP modems IP address of 192.168.0.1. Check to see if this is the same on the ISP modem, and if modem can't be bridged, change the DIR router to 192.168.1.1 or .0.254.
    Example of a D-Link router configured for PPPoE with ISP Modem bridged: PPPoE Configuration on a Router

I have the same issue. I posted it in reddit/r/techsupport.
Here is the link: https://www.reddit.com/r/techsupport/comments/as7w89/my_pc_location_is_incorrect_when_router_is/

@Commissar, have you checked your Speedtest? My Speedtest gives me different recommended server. Try to check yours. Im from PH but Speedtest tells me that recommended server is either India, Russia, Canada, or some other Eastern EU which causes the internet speed to slow down since its far away from where I am.

There is no issue when router is disconnected from the ISP Router-Modem. Issue only occurs when this same DLINK DIR 605L is connected to it and I just experienced this recently this Feb as well.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.