after upgrading to 1.4.0 every 10minutes "Router Detected TCP SYN packets attack "

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

after upgrading to 1.4.0 every 10minutes "Router Detected TCP SYN packets attack "

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
after upgrading to 1.4.0 every 10minutes "Router Detected TCP SYN packets attack "
after upgrading to 1.4.0 every 10minutes "Router Detected TCP SYN packets attack "
2024-01-17 11:00:22
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version: 1.4.0

We have a network with only Omada switches (SG2210P) and AP (610 & 615) and OC200. All are at the latest level and all are V1.

The WAN connection is UTPcat6 1GB up&down fixed IP address.

After upgrading to 1.4.0 at least every 10min error msg like "Router Detected TCP SYN packets attack and dropped xxx packets"

In this business comunity i identified similar issues with the ER605 and simular I tried first to stop the email and error logs by

OC200: "log => notifications => devices "  Gateway Detected Attack unmarked all 3 options.

This indeed stopped all the alerts and emails.

However the network speed is stalling frequently to the point employees can not work properly.

Network provider states: "there is no such attack or has been any in the last month"

 

To solve the stalling issue I now did unmark the "Block TCP Scan with RST" (OC200: Network security => Attack defence)

This is not a acceptable situation, only a must assessing risk versus ability for employees to work. 

Is this a known issue and has somebody made a request to fix this error?

regards jw

 

  0      
  0      
#1
Options
3 Reply
Re:after upgrading to 1.4.0 every 10minutes "Router Detected TCP SYN packets attack "
2024-01-17 11:28:25

  @jandico 

 

Block TCP Scan with RST is unmark by default, with this enabled ther router fail in ShieldsUP scan and is more insekure. so I think the settings you have now is more secure.

 

do som search on forum and ShieldsUP

 

 

  0  
  0  
#2
Options
Re:after upgrading to 1.4.0 every 10minutes "Router Detected TCP SYN packets attack "
2024-01-17 13:21:30
Thanks for your reply but: -The default setting of "TCP Scan with RST " is marked and not unmarked. (I was not aware of this option and setting before this issue or have made any change to the default "attack defence" configuration. -Reading the forum on ShieldsUp I interpret the statement "if you have enabled Block TCP Scan with RST this test will fail, try disabling Block TCP Scan with RST" by: For this test only you should unmark. there is noware a statement or indication that unmarking is more secure.
  0  
  0  
#3
Options
Re:after upgrading to 1.4.0 every 10minutes "Router Detected TCP SYN packets attack "
2024-01-17 14:46:16

  @jandico 

 

maybe i have a simple mind but the security test fails with this function on, it doesn't fail when it is off.
and when creating a new site, it is disabled deafult

 

do you have a comment @Clive_A 

  0  
  0  
#4
Options