Archer C7 v2 DoS Ptotection Bug?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Archer C7 v2 DoS Ptotection Bug?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Archer C7 v2 DoS Ptotection Bug?
Archer C7 v2 DoS Ptotection Bug?
2014-12-09 15:17:54
Region : Sweden

Model : Archer C7

Hardware Version : Not Clear

Firmware Version : 3.14.1 Build 140929 Rel.33293n

ISP : Telia


Hi.

I purchased this router few days ago, configured, all stable and works fine. It's connected directly to Internet.

Started up a web server on my computer on port 8080, opened that port in Forwarding > Port Triggering, all works fine, server is reachable from Internet.

Then I tried DoS Protection for fun:

Security > Advanced Security > DoS Protection: Enable + ICMP,UDP,TCP-SYN + WAN Ping
System Tools > Statistics: Enabled

Asked a friend from Internet to run a small DoS on my external IP and port 8080, a program that makes 100 TCP connections per second, nothing unusual.

The next second Internet connection on my computer died, I could not connect to Internet and nobody could connect to my web server anymore.

Then I looked in Security > Advanced Security > Blocked DoS Host List and found single IP in that list, that IP is the address that router gave to my computer via DHCP.

Question: Is this a joke? A bug perhaps? How smart is a DoS protection that blocks the hoster himself when it should block the other address who attacked me?

This is very big misunderstanding, either software developers have no idea how DoS protection really should work, or it's a simple bug.

Please help me out, I only got a couple of days left to return my router back to the store if I'm not satisfied.
  1      
  1      
#1
Options
12 Reply
Re:Archer C7 v2 DoS Ptotection Bug?
2014-12-10 23:40:34
Anyone?
  0  
  0  
#2
Options
Re:Archer C7 v2 DoS Ptotection Bug?
2014-12-11 02:01:56
I think that is question for TP-Link support. You have to report it here - http://ticket.tp-link.com/index.php?/Tickets/Submit We can't help you.
  0  
  0  
#3
Options
Re:Archer C7 v2 DoS Ptotection Bug?
2014-12-11 02:42:04
I will do that, thank you.
  0  
  0  
#4
Options
Re:Archer C7 v2 DoS Ptotection Bug?
2014-12-13 08:50:56
Thank you for testing this and notifying us, though.
  0  
  0  
#5
Options
Re:Archer C7 v2 DoS Ptotection Bug?
2014-12-15 10:52:35
Me:


Support:
Thanks for your feedback.

I am very sorry for misunderstanding you that
our DOS protection function is preventing the local device in LAN to attack the device in internet.
when enable DOS protection function,and set the ICMP(UDP,TCP) FLOOD Packets Threshold,
if the packets sent from the LAN device exceed the threshold,the LAN device will be added into the block.
This is design idea of our DOS protection function,it is not a bug.

If you need this function,here is an advice that set the threshold for a higher value.
because our C7 is a NAT device,it is not necessary to enable DOS protection function for security.

Hope this may do something for help.
Looking forward to your reply.


Me:
But my LAN device (my computer) did not send an amount of packets that
exceeded the threshold, it's the other address in WAN who sent those
packets to my device.

Is there a way to access SSH on the router using original firmware? I would
like to change the way DoS protection works.


Support:
Thanks for your reply.
Based on three handshakes of TCP, when your WAN device access your LAN web server,your web server will reply packets according to the request.
Unfortunately our router does not support SSH telnet,and it is unable to change the way DoS protection works.
However,because our router is a NAT device,it is not necessary to enable DOS protection function for security.


That's how all ended up for me, but I keep saying: What kind of DoS protection is one that blocks the hoster himself? Totally useless! :/
  0  
  0  
#6
Options
Re:Archer C7 v2 DoS Ptotection Bug?
2014-12-15 13:36:45
Don't forget that are SOHO routers only.
  0  
  0  
#7
Options
Re:Archer C7 v2 DoS Ptotection Bug?
2014-12-18 04:38:06

feardc wrote

That's how all ended up for me, but I keep saying: What kind of DoS protection is one that blocks the hoster himself? Totally useless! :/


It makes sense only if packets are being sent from the host (prevention of worms), but that's not what it sounds like you were testing. Also, what kind of response is it to say, "we're giving you DoS protection, that isn't necessary"? What does that mean? I'm not a network expert, but why waste resources to offer it, why offer it at all? I've got to believe it is necessary to some degree and a DoS attack is pretty common. In fact, it's what Anonymous used to go after government agencies and take down many different websites.
  0  
  0  
#8
Options
Re:Archer C7 v2 DoS Ptotection Bug?
2014-12-19 06:55:39
I ran into the same problem earlier on and assumed it was a firmware bug in the firmware at the time, instead it appears that they've implemented the feature completely backwards,making the feature useless.
  1  
  1  
#9
Options
Re:Archer C7 v2 DoS Ptotection Bug?
2014-12-21 02:57:03
@ hecampbell

+1
  0  
  0  
#10
Options
Re:Archer C7 v2 DoS Ptotection Bug?
2019-01-07 01:14:13

I know this is an old thread, but if you do still want this DoS enabled, setting ICMP, UDP, TCP-SYN FLOOD settings to "High" should take care of it.  I experienced this on my Android phone when all other devices were working fine because I started syncing my photos/videos with Google Photos.  It would connect and almost automatically popped my phone on the blocked list.  Setting it to "Medium" still had it listed, but switching it to high allowed it to successfully backup my photos/videos without further issues.

  1  
  1  
#11
Options