Archer C2300 HW version 2.0: false DDoS attack problems

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Archer C2300 HW version 2.0: false DDoS attack problems

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Archer C2300 HW version 2.0: false DDoS attack problems
Archer C2300 HW version 2.0: false DDoS attack problems
2021-02-25 17:45:31 - last edited 2021-12-08 05:57:50
Model: Archer C2300  
Hardware Version: V2
Firmware Version: 1.1.1 Build 20200918 rel. 67850(4555)

Hi!

 

I have some problems lately with the router: suddenly my main workstation computer gets disconnected, other clients on the network are not affected.

 

Last time this happened was today during a zoom-meeting that had some connection problems, it tried to reconnect. First time it reconnected successfully, the second time I lost Internet connection from this computer.

 

Logging in to the router from another computer (with full Internet access), I had a look at what was going on. The problem is indicated only in the System log, as a "ICMP-FLOOD Attack", apparently my main workstation was pointed out and the router shut it down from the network.

 

These problems have occurred more often lately, the only solution seems to be a re-booting of the router which is very inconvenient.

 

In the firmware verison I'm using now (the latest according to the router: 1.1.1 Build 20200918 rel. 67850(4555)), there are only three on-off swithes in the Advanced-Security-Antivirus section: for "Malicious content filter", "Intrusion prevention system", "Infected device quarantine". The treshold settings described in the C2300 manual for different DDoS attacks are not available in this firmware version, only these three switches.

 

Moreover, there is no way to see what clients that have been captured in these DDoS-filter, it does not show up in the history in the Anitivirus section - only in the system log as I said above.

 

In the original firmware version it was easy to lower the sensitivity for DDoS attacks, also easy to pull a client out of the blacklist/quarantine.

 

What do you suggest as solution to this? Should I wait for a new firmware version or is it possible to revert back to the earlier, "non-TrendMicro" firmware version that the unit was shipped with?

 

Many thanks!

  0      
  0      
#1
Options
1 Accepted Solution
Re:Archer C2300 HW version 2.0: false DDoS attack problems-Solution
2021-03-03 03:16:30 - last edited 2021-12-08 05:57:50

@Gonzo666 

 

Hello, I'm afraid the current workaround would be reset the C2300 to factory default and the DoS Protection will be disabled by default. Please give it a go, and get back if the issue will be resolved.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router Archer BE800 New Firmware Added Support for EasyMesh in AP Mode, DoH&DoT, and 3-Band MLO Connection Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
Recommended Solution
  0  
  0  
#3
Options
7 Reply
Re:Archer C2300 HW version 2.0: false DDoS attack problems
2021-02-25 22:10:52 - last edited 2021-02-26 00:00:57

@Gonzo666 

 

Sorry for bumping this thread but I am eager to find a solution.

 

Here are some additional information if it could help the great minds around here to come up with suggestions of possible solutions:

 

- The workstation I'm talking about is connected via wifi 5GHz, protocol is 802.11n. It is an old MacBook pro from 2013.

- Max wifi connection speed is "365" according to systems information data from the computer, I assume this is in Mbit/s. At this physical location - approx 10 meters from the router and at the floor below the router through the floor and some walls in between - I get approx 250/250 Mbit/s. So it is a quite fast connection considering the old equipment and physical circumstances.

- The router is connected to WAN via fiber 500/500 Mbps in current subscription.

- At the same physical location I get approx 450/450 Mbps with an iPad @ 5GHz 802.11ac, here I have experienced no problems of the device being disconnected because of DoS flooding attacks. Of course, it could be that the applications I'm running on the iPad are easier to handle for the router when it comes to actual network traffic.

 

What I have done today is to switch off two of the three switches in the Antivirus section in the router: "Intrusion prevention system", and "Infected device quarantine".

 

Maybe that will solve the problem for now but I get a feeling that these "TrendMicro" AV functions live a life on their own, uncoordinated with what shows up in the System log.

 

As I said, I am eagerly awaiting insightful ideas here as I am not comfortable with turning off what I presume to be essential security measures - which was part of the reasons I chose this router to begin with.

  0  
  0  
#2
Options
Re:Archer C2300 HW version 2.0: false DDoS attack problems-Solution
2021-03-03 03:16:30 - last edited 2021-12-08 05:57:50

@Gonzo666 

 

Hello, I'm afraid the current workaround would be reset the C2300 to factory default and the DoS Protection will be disabled by default. Please give it a go, and get back if the issue will be resolved.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router Archer BE800 New Firmware Added Support for EasyMesh in AP Mode, DoH&DoT, and 3-Band MLO Connection Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
Recommended Solution
  0  
  0  
#3
Options
Re:Archer C2300 HW version 2.0: false DDoS attack problems
2021-12-07 16:40:03

@Kevin_Z 

 

Thank you very much for this workaround. Did really help me avoid replacing this router with another model.

I've used this router without issues maybe for more than a year, without touching the default Homecare settings, then I don't know why I've enabled everything and the nuisance began. Every time I was connecting to my company VPN, the router disconnected that connection, regardless it was on cable or WiFi. Sometimes even my smartphone got disconnected. Checking the log, it was showing a line like this: “dos-protection[6209]: <4> 249044 udp flood attack!”. the only solution to restore the connection was to restart the router.

Now I confirm that after resetting to factory defaults and doing all the settings back manually, except those from Homecare, did stop this annoying behavior.

  1  
  1  
#4
Options
Re:Archer C2300 HW version 2.0: false DDoS attack problems
2021-12-08 05:59:04

@Mike_Danny 

 

Thank you very much for letting the community know the issue is resolved by restoring the router to factory defaults then reconfiguring from scratch, we appreciate it.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router Archer BE800 New Firmware Added Support for EasyMesh in AP Mode, DoH&DoT, and 3-Band MLO Connection Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#5
Options
Re:Archer C2300 HW version 2.0: false DDoS attack problems
2022-02-19 09:52:23 - last edited 2022-02-19 10:05:05

Hi, I just did the workaround procedure. Did a reset to factory defaults by pressing the reset button for 10 seconds until the led lights went out, then did the installation procedure.  I did the installation procedure from a wireless client, and was a bit surprised that it connected just fine to my custom SSID - apparently not all configuration data was reset in this procedure.

 

So far it seems to work ok but it is far too early to say. I thought it was supposed to revert back to the original firmware version but it did not, it is the same as before i.e the latest as stated in my first post. Did I do something wrong here?

  0  
  0  
#6
Options
Re:Archer C2300 HW version 2.0: false DDoS attack problems
2022-02-22 19:49:50

I have also had this problem since first buying the router about ten months ago. Around once a week on average the broadband connection would practically crawl a halt with speeds of less than 1mbps. Sometimes on just one computer, but other times more and only restarting the router seemed to fix it. I would say that download speeds in general were pretty poor on average as well. 

 

After reading this I turned off the anti virus settings about two weeks ago and it has not happened since. Download speeds have also been consistently better and closer to where they should be. It seems ridiculous that this has been known for an entire year and nothing has been done to fix it. 

  0  
  0  
#7
Options
Re:Archer C2300 HW version 2.0: false DDoS attack problems
2022-02-23 21:34:00

The very least thing that TP-link can do to make up for the massive mistake of introducing TrendMicro defunct bloatware into firmware "upgrades" - transforming reasonable good routers into more or less worthless junk - is to:

 

1) openly admit the mistake

2) provide an easy route to restore original firmware, without the TrendMicro-infused faulty additions under names such as HomeCare etc.

 

Act now, please. 

  2  
  2  
#8
Options