Solution TCP SYN Packet Attack After the Firmware Upgrade
This Article Applies to:
All Omada routers.
Issue Description/Phenomenon:
We received feedback after the upgrade of the Omada routers in a recent firmware release(by the time of this thread), your controller will show the log of XYZ Detected TCP SYN packet attack and dropped 123 packets.
Available Workarounds/Solutions:
First, it is an expected symptom if you have enabled/tweaked the firewall parameters - Block TCP scan with RST. By default, this is disabled.
If a connection sends a TCP SYN to the router, the router will respond with an RST. It will be recorded and the controller will report it every 10 minutes to you in the log.
Note that the log is supposed to record what should be there or what is happening which is what the log does. And we are enriching the log system to be more specific and detailed. To some users, this might be confusing or bothering. Please use the User Guide and Google wisely. If you don't prefer the log repeatedly showing up in your controller, you may disable it.
Available Solution:
Disable the Block TCP scan with RST.
This will not respond with an RST instead it will instantly drop the connection without replying anything.
Related Reading: Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test. [Case Closed]
Q&A 3 in Understanding TCP/UDP and How Omada Firewall Protects Your Network from Attacks
Thank you for your attention!
Update Log:
Jan 5th, 2024:
Release of this article.
Feedback:
If this was helpful, welcome to give us Kudos by clicking the thumbs-up button below.
If the solution doesn't work for you, your case is probably different from what is described here.
In that case, please feel free to click Start a New Thread and elaborate on the problem so that we can try to help you further.
Thank you for your great cooperation and patience!
TP-Link Support Team
