• March 28, 2024, 02:27:44 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Advanced >> Firewall Settings >> IPv4 Rules dont block flood from external Ip  (Read 14477 times)

userdsp

  • Level 1 Member
  • *
  • Posts: 7
« Last Edit: October 24, 2018, 08:11:37 AM by userdsp »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Link>Welcome!


  • What region are you located?

Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have?

What is "block blood"?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

userdsp

  • Level 1 Member
  • *
  • Posts: 7

Location Bulgaria
ISP bulsat.com
Fiber Optic -> Lan -> DIR-859

What is "block blood"?
Mistake i mean FLOOD

This IP 74.125.153.250 is floding me and I want to stop this.
« Last Edit: October 24, 2018, 08:14:10 AM by userdsp »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

FLOOD meaning? DDOS? Are you trying to block a specific site?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

userdsp

  • Level 1 Member
  • *
  • Posts: 7

Yes its DDoS
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have?

Are you seeing this in the router logs? I presume firewall and SPI is enabled on the DIR router?
Have you looked up the IP address that seems to be doing this and ask your ISP to help you block this as well on there side? The firewall should be blocking automatically and if it's logging it, then it's doing it's job already and just letting you know.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

userdsp

  • Level 1 Member
  • *
  • Posts: 7

I were cloned the router MAC to my lan card.
Then i start Wireshark and I saw the flood.
my ISP bulsat.com told me that they cant block it and I must block it my self
If I change mac address on the router and ISP register my new one everything going good until this IP start flood me again after few days
I do play Battlefield 4 and admins from one of the servers there can see my IP and they flood me
After i play the game flood start again until i change my MAC (IP address)
When I use DIR-859 router i cant see the flood but ping to the game is bigger than usual and i have some connection issues inside the game
After flood start my ping increace with 8-10ms

I hope you do understand my bad English :) So is there any way to block them from the router?
With with this settings from the screenshots I can ping this IP but connection between flod  IP and me must to be unpossible in both ways, correct?
« Last Edit: October 24, 2018, 08:32:38 AM by userdsp »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Is DNS relay enabled ON the router?
Under Schedule, do you have a section for these two Settings?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752

That IP address is Google. Are you using google services or DNS servers?
Logged

userdsp

  • Level 1 Member
  • *
  • Posts: 7

DNS realy is On and rules are Always Enable
Nope im not using nothing from goodle
I snif my trafik on fresh installed windows with stoped update services fresh boot and all programs closed
« Last Edit: October 24, 2018, 08:41:41 AM by userdsp »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Set a schedule for these two settings and highlight ALL sections in the time frames. Save and apply.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

userdsp

  • Level 1 Member
  • *
  • Posts: 7

So i do mistake with IP adress and ill correct it.
I make this time frame correction too and i can still ping this IP :(
Logged

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752

Reset the router (paperclip in the reset hole for 10 seconds with the router powered on) and reconfigure from scratch.

The rules are not doing anything. The traffic will still hit the router.

You can try to router the traffic to a false IP.  Go to Features > Firewall > IPv4 Rules

Source - WAN 74.125.153.250   ( do not add anything else, just the IP address)

Destination - LAN  Enter an unused IP address on your local network (192.168.0.2 for example)

Protocol/Port - Select ANY.

Make sure Turn IPv4 Filtering ON and DENY rules listed is selected.

But again the traffic is still coming in so there is something going on.
Logged

userdsp

  • Level 1 Member
  • *
  • Posts: 7

Do not work
Destination - LAN  Enter an unused IP address on your local network (192.168.0.2 for example)
Why to block connection to unused IP? I make it and dont work. Then i change it to my internal ip and still do not work.
« Last Edit: October 24, 2018, 09:19:00 AM by userdsp »
Logged

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752

Is the traffic trying to go to a particular IP address on your network?

Did you reset the router?

The rules block the traffic from entering your network, it does not prevent the flood.
Logged