Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 3119 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Suffering from DoS attack according to XG from internal devices

rfcat_vk

Hi Folks,

today the XG has decided that some of the DHCP requests are DDOS attacks and my security cameras are generating DDOS attacks. The cameras connect then immediately drop out. These cameras have been working for months.

I end up with a IPS GUI display like this, but nothing showing in logviewer -> IPS.

Reviewing firmware updates, nothing since this morning.The issue is affecting both MAC mini and iPad.

Suggestions as to where to look for answers?

Ian



This thread was automatically locked due to age.
Parents
  • 0

    Deeper investigation shows that every time camera open is initiated a DoS storm results using port 53 against my Wan IP address, The address has been changed a number of times.

    So, I have asked the security camera company if their site has been compromised. I am waiting until they investigate and respond.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    New software from the security camera company for the iPad. The initial problem has not been fixed entirely. I had to disable DoS UDP flood on both incoming and outgoing settings to sustain a connection.

    The new application on the MAC mini fails Apple verification, so testing canon proceed.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I have had to disable UDP and ICMP flood to get the cameras working again. Something happened in MR-5 that caused the working services to suddenly be recorded as flooding.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I still believe the camera did something (maybe background patch of the vendor) to change the mechanism of the data flowing. Hence the Firewall is dropping due to many packets.

    Nobody of my peers nor other in the community reports anything regarding DOS Protection and there were no changes in the code to this module. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi Lucar,

    I will check with the camera company whether there was a software update to the cameras. If I enable flood protection there are a lot of very strange connection attempts from outside the XG, when disabled none of the ports show in the logviewer even with aspecific IP address as the filter criteria.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi folks,

    I have tested this issue on another XG running v18.0.3 and the cameras worked without changing DoS settings. I upgraded the XG to the latest v18.0.5 MR-5 586 and the issue appears. Uncheck DoS settings and the cameras work correctly.

    My conclusion is v18.0.5 MR-5(586) has a DoS bug.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to rfcat_vk

    Hi folks,

    I have tested this issue on another XG running v18.0.3 and the cameras worked without changing DoS settings. I upgraded the XG to the latest v18.0.5 MR-5 586 and the issue appears. Uncheck DoS settings and the cameras work correctly.

    My conclusion is v18.0.5 MR-5(586) has a DoS bug.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML