cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IDS rate parser : tcp rate limiting - what is it and why did it seem to kill BB?

racquel
Grafter
Posts: 181
Thanks: 4
Registered: ‎21-11-2008

IDS rate parser : tcp rate limiting - what is it and why did it seem to kill BB?

‎08-11-2011 1:35 PM

I've got an ongoing evening slowness problem, in another thread. But just not, I lost ALL connectivity in the middle of the day, but the actual connection from the BT Homehub 2 router to the line was still up and solid at 4.1Mb.
Unlike the evening slowness, the connection came back when I soft-rebooted the router. But I see a fair amount of stuff in the router logs I've not seen before.
I guess the icmp stuff is the firewall rejecting pings, but see that line about
12:36:12   8 Nov IDS rate parser : tcp rate limiting (1 of 1) : 192.168.1.68 66.211.179.119 0064 TCP 50071->80 [S.....] seq 1539447617 win 65535
That's around the time I lost the internet, but the router was still connected. I pressed reset at 1pm, and gained the internet back after that. Perhaps it's nothing, but but I'd be interested to know, as Googling hasn't really told me anything about what IDS rate parser : tcp rate limiting is or does.
00:01:20   1 Jan PPP CHAP Receive challenge (rhost = pcl-ag01)
00:01:20   1 Jan PPP CHAP Receive challenge (rhost = ESR11.Manchester6)
00:01:03   1 Jan xDSL linestate up (ITU-T G.992.1; downstream: 4800 kbit/s, upstream: 832 kbit/s; output Power Down: 19.7 dBm, Up: 11.9 dBm; line Attenuation Down: 48.0 dB, Up: 29.0 dB; snr Margin Down: 6.0 dB, Up: 6.3 dB)
00:00:58   1 Jan DHCS server up
00:00:58   1 Jan FIREWALL event (1 of 1): deleted rules
00:00:51   1 Jan FIREWALL level changed to Standard.
00:00:47   1 Jan WIRELESS automatic channel selection done (channel = 1)
00:00:44   1 Jan FIREWALL event (1 of 1): modified rules
00:00:44   1 Jan FIREWALL event (1 of 1): created rules
00:00:33   1 Jan WIRELESS interface turned on.
00:00:31   1 Jan usbmgr: start 0.4.8
00:00:19   1 Jan KERNEL Warm restart
12:36:12   8 Nov IDS rate parser : tcp rate limiting (1 of 1) : 192.168.1.68 66.211.179.119 0064 TCP 50071->80 [S.....] seq 1539447617 win 65535
12:11:34   8 Nov SNTP Synchronised again to server: 213.123.20.170
12:11:16   8 Nov FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 92.151.136.243 Dst ip: 87.113.206.241 Type: Destination Unreachable Code: Host Unreacheable
11:43:58   8 Nov FIREWALL icmp check (1 of 2): Protocol: ICMP Src ip: 95.19.9.188 Dst ip: 87.113.206.241 Type: Destination Unreachable Code: Host Unreacheable
Message 1 of 6
(3,252 Views)
0 Thanks
5 REPLIES 5
caulbox
Rising Star
Posts: 179
Thanks: 1
Fixes: 1
Registered: ‎19-06-2009

Re: IDS rate parser : tcp rate limiting - what is it and why did it seem to kill BB?

‎08-11-2011 2:41 PM

I can't help you with any understanding of exactly what that message might mean. But on my Thomson TG585 v7 I am able to browse to a page (Toolbox-Intrusion Detection) which shows

"the number of times the Thomson Gateway actively protected your network against each intrusion since last statistics reset."
(For me the link is http://192.168.1.254/cgi/b/ids/ov/?be=0&l0=2&l1=7)

I'm thinking that at least you may discover if the event was just a one-off (since last statistics reset) or if it's been occurring with some routine frequency?
Edit:
I've just realised you've got a BT Homehub 2 router, so the Thomson link obviously won't be relevant. But maybe you'll have access to a similar record of intrusion detection events somewhere in the Homehub2 interface?
Message 2 of 6
(1,009 Views)
0 Thanks
caulbox
Rising Star
Posts: 179
Thanks: 1
Fixes: 1
Registered: ‎19-06-2009

Re: IDS rate parser : tcp rate limiting - what is it and why did it seem to kill BB?

‎08-11-2011 4:12 PM

I'm pretty clueless when it comes to googling IP addresses too. But 66.211.179.119 seems to have something to do with eBay if that relates to your possible browsing habits at times of disconnections?
Message 3 of 6
(1,009 Views)
0 Thanks
matt_2k34
Grafter
Posts: 1,300
Registered: ‎09-07-2007

Re: IDS rate parser : tcp rate limiting - what is it and why did it seem to kill BB?

‎08-11-2011 5:01 PM

See, i was thinking because the logs have reset to Jan 01, that *something* caused the router to do...
Quote
00:00:19  1 Jan  KERNEL Warm restart

This sounds more like a software-initiated 'restart' to me. (hence the resync..)
Regarding the IDS rate limiting, this could possible be due to QoS on the BT HH2 (if you have it enabled) - or the firmware in the router did not like how many connections that IP had open (and limited it based on firewall rules, preventing DDoS-style attacks mebbe? (Thats abit of a stab in the dark though Smiley )
Regards
Message 4 of 6
(1,009 Views)
0 Thanks
caulbox
Rising Star
Posts: 179
Thanks: 1
Fixes: 1
Registered: ‎19-06-2009

Re: IDS rate parser : tcp rate limiting - what is it and why did it seem to kill BB?

‎08-11-2011 5:52 PM

Quote from: Matt_2k34
....preventing DDoS-style attacks mebbe? (Thats abit of a stab in the dark though Smiley )

This idnetters forum topic does seems to add light to your surmising.
Message 5 of 6
(1,009 Views)
0 Thanks
matt_2k34
Grafter
Posts: 1,300
Registered: ‎09-07-2007

Re: IDS rate parser : tcp rate limiting - what is it and why did it seem to kill BB?

‎08-11-2011 6:08 PM

weee  Smiley
Either way, I dont think its anything to be too concerned with (unless you start getting lots and lots of them!)...
Regards
Message 6 of 6
(1,009 Views)
0 Thanks