Thread Info
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intrusion Prevention

Alden Padron

Hi,

I'm pretty new on the forum so please bear with me.

I`m having a little issue with UDP Flood Protection. Everytime I try to watch a youtube video on high definition or 4k using "Google Chrome" browser, the intrusion Prevention activate generating this kind of log and cause the video render completly unplayable.

 

 

""
2018:05:25-13:17:04 djfranco ulogd[4708]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth0" srcmac="2c:0b:e9:15:f0:22" dstmac="Removed my wan MAC" srcip="173.194.186.233" dstip="removed my wan IP" proto="17" length="1378" tos="0x00" prec="0x20" ttl="59" srcport="443" dstport="64165"
 
""
Only way to watch the video in Chrome is disabling the "Use UDP Flood Protection" or adding an exception.
But the interesting part is that using Mozilla FireFox this doesn`t happen.
 
So why Chrome activate this and Firefox not ?
 
thanks in advanced.
 


This thread was automatically locked due to age.
  • 0

    Hi, can you post a link to a youtube video that is being blocked? 

     

    Also in your intrusion detection options, have you changed the source and destination packets/second or are they at 200 and 300 respectively?

     

    Also is web filtering turned on and is the web filtering blocking anything when you try to watch a youtube video?

      • 0 in reply to Alden Padron

        Thankyou. I can confirm that there is indeed a UDP flood attempt when playing this video on Chrome, but it plays fine on Firefox. My webfilter log shows nothing being blocked. But my intrusion prevent log shows this:

         

        2018:05:25-13:57:15 mysophosutm ulogd[19751]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth0" srcmac="00:01:5c:8a:3c:46" dstmac="68:05:ca:58:20:28" srcip="172.217.129.41" dstip="XX.XX.XX.XX" proto="17" length="1378" tos="0x00" prec="0x00" ttl="58" srcport="443" dstport="56959"

         

        Occasionally Chrome has issues playing HD Youtube videos and clearing the cache helps, but in this case the UDP flood detection is blocking the video from loading but it plays fine on Firefox.

        • 0 in reply to Alden Padron

          Using Chrome notice the connection speed...

           

          Using Firefox same video is perfect, notice the connection speed.

          • 0 in reply to Alden Padron

            That's because the intrusion detection system is blocking most of the packets for whatever the reason..

          • 0 in reply to alan weir

            Hi Alan

            No I have not changed the source and dest/s they are at default value.

            I have an exption to not web filter my PC .

             

            thanks

          • +1

            Someone posted this on a google products help forum:

             

            https://productforums.google.com/forum/#!topic/chrome/9x4trkWwVN4

             

            Just for anyone else that happens to search this, mainly fellow sysadmins: If you are having issues with all Google services loading slowly in Chrome, another issue is that when using the QUIC protocol, some firewalls will see the traffic as a UDP flood due to the way QUIC uses HTTPS over UDP. Disabling QUIC in this case will solve the issue, or figuring out how to exclude Google services in your firewall from seeing QUIC as a UDP flood. You can disable QUIC in chrome by going to chrome://flags and setting QUIC to disabled

             
            We have this issue in specific with a Sophos UTM firewall at work. As of now, there is no good way to make an exclusion, so we had to disable QUIC in Chrome. We noticed the problem mainly manifest with lots of buffering on Youtube and very slow loading of maps in Google maps. The problem was never present in other browsers.
             
          Unfiltered HTML