Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
IDS rate parser : tcp rate limiting - what is it and why did it seem to kill BB?
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: IDS rate parser : tcp rate limiting - what is ...
IDS rate parser : tcp rate limiting - what is it and why did it seem to kill BB?
08-11-2011 1:35 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I've got an ongoing evening slowness problem, in another thread. But just not, I lost ALL connectivity in the middle of the day, but the actual connection from the BT Homehub 2 router to the line was still up and solid at 4.1Mb.
Unlike the evening slowness, the connection came back when I soft-rebooted the router. But I see a fair amount of stuff in the router logs I've not seen before.
I guess the icmp stuff is the firewall rejecting pings, but see that line about
12:36:12 8 Nov IDS rate parser : tcp rate limiting (1 of 1) : 192.168.1.68 66.211.179.119 0064 TCP 50071->80 [S.....] seq 1539447617 win 65535
That's around the time I lost the internet, but the router was still connected. I pressed reset at 1pm, and gained the internet back after that. Perhaps it's nothing, but but I'd be interested to know, as Googling hasn't really told me anything about what IDS rate parser : tcp rate limiting is or does.
00:01:20 1 Jan PPP CHAP Receive challenge (rhost = pcl-ag01)
00:01:20 1 Jan PPP CHAP Receive challenge (rhost = ESR11.Manchester6)
00:01:03 1 Jan xDSL linestate up (ITU-T G.992.1; downstream: 4800 kbit/s, upstream: 832 kbit/s; output Power Down: 19.7 dBm, Up: 11.9 dBm; line Attenuation Down: 48.0 dB, Up: 29.0 dB; snr Margin Down: 6.0 dB, Up: 6.3 dB)
00:00:58 1 Jan DHCS server up
00:00:58 1 Jan FIREWALL event (1 of 1): deleted rules
00:00:51 1 Jan FIREWALL level changed to Standard.
00:00:47 1 Jan WIRELESS automatic channel selection done (channel = 1)
00:00:44 1 Jan FIREWALL event (1 of 1): modified rules
00:00:44 1 Jan FIREWALL event (1 of 1): created rules
00:00:33 1 Jan WIRELESS interface turned on.
00:00:31 1 Jan usbmgr: start 0.4.8
00:00:19 1 Jan KERNEL Warm restart
12:36:12 8 Nov IDS rate parser : tcp rate limiting (1 of 1) : 192.168.1.68 66.211.179.119 0064 TCP 50071->80 [S.....] seq 1539447617 win 65535
12:11:34 8 Nov SNTP Synchronised again to server: 213.123.20.170
12:11:16 8 Nov FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 92.151.136.243 Dst ip: 87.113.206.241 Type: Destination Unreachable Code: Host Unreacheable
11:43:58 8 Nov FIREWALL icmp check (1 of 2): Protocol: ICMP Src ip: 95.19.9.188 Dst ip: 87.113.206.241 Type: Destination Unreachable Code: Host Unreacheable
Unlike the evening slowness, the connection came back when I soft-rebooted the router. But I see a fair amount of stuff in the router logs I've not seen before.
I guess the icmp stuff is the firewall rejecting pings, but see that line about
12:36:12 8 Nov IDS rate parser : tcp rate limiting (1 of 1) : 192.168.1.68 66.211.179.119 0064 TCP 50071->80 [S.....] seq 1539447617 win 65535
That's around the time I lost the internet, but the router was still connected. I pressed reset at 1pm, and gained the internet back after that. Perhaps it's nothing, but but I'd be interested to know, as Googling hasn't really told me anything about what IDS rate parser : tcp rate limiting is or does.
00:01:20 1 Jan PPP CHAP Receive challenge (rhost = pcl-ag01)
00:01:20 1 Jan PPP CHAP Receive challenge (rhost = ESR11.Manchester6)
00:01:03 1 Jan xDSL linestate up (ITU-T G.992.1; downstream: 4800 kbit/s, upstream: 832 kbit/s; output Power Down: 19.7 dBm, Up: 11.9 dBm; line Attenuation Down: 48.0 dB, Up: 29.0 dB; snr Margin Down: 6.0 dB, Up: 6.3 dB)
00:00:58 1 Jan DHCS server up
00:00:58 1 Jan FIREWALL event (1 of 1): deleted rules
00:00:51 1 Jan FIREWALL level changed to Standard.
00:00:47 1 Jan WIRELESS automatic channel selection done (channel = 1)
00:00:44 1 Jan FIREWALL event (1 of 1): modified rules
00:00:44 1 Jan FIREWALL event (1 of 1): created rules
00:00:33 1 Jan WIRELESS interface turned on.
00:00:31 1 Jan usbmgr: start 0.4.8
00:00:19 1 Jan KERNEL Warm restart
12:36:12 8 Nov IDS rate parser : tcp rate limiting (1 of 1) : 192.168.1.68 66.211.179.119 0064 TCP 50071->80 [S.....] seq 1539447617 win 65535
12:11:34 8 Nov SNTP Synchronised again to server: 213.123.20.170
12:11:16 8 Nov FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 92.151.136.243 Dst ip: 87.113.206.241 Type: Destination Unreachable Code: Host Unreacheable
11:43:58 8 Nov FIREWALL icmp check (1 of 2): Protocol: ICMP Src ip: 95.19.9.188 Dst ip: 87.113.206.241 Type: Destination Unreachable Code: Host Unreacheable
Message 1 of 6
(3,252 Views)
5 REPLIES 5
Re: IDS rate parser : tcp rate limiting - what is it and why did it seem to kill BB?
08-11-2011 2:41 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I can't help you with any understanding of exactly what that message might mean. But on my Thomson TG585 v7 I am able to browse to a page (Toolbox-Intrusion Detection) which shows
"the number of times the Thomson Gateway actively protected your network against each intrusion since last statistics reset."
(For me the link is http://192.168.1.254/cgi/b/ids/ov/?be=0&l0=2&l1=7)
I'm thinking that at least you may discover if the event was just a one-off (since last statistics reset) or if it's been occurring with some routine frequency?
Edit:
I've just realised you've got a BT Homehub 2 router, so the Thomson link obviously won't be relevant. But maybe you'll have access to a similar record of intrusion detection events somewhere in the Homehub2 interface?
"the number of times the Thomson Gateway actively protected your network against each intrusion since last statistics reset."
(For me the link is http://192.168.1.254/cgi/b/ids/ov/?be=0&l0=2&l1=7)
I'm thinking that at least you may discover if the event was just a one-off (since last statistics reset) or if it's been occurring with some routine frequency?
Edit:
I've just realised you've got a BT Homehub 2 router, so the Thomson link obviously won't be relevant. But maybe you'll have access to a similar record of intrusion detection events somewhere in the Homehub2 interface?
Message 2 of 6
(1,009 Views)
Re: IDS rate parser : tcp rate limiting - what is it and why did it seem to kill BB?
08-11-2011 4:12 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I'm pretty clueless when it comes to googling IP addresses too. But 66.211.179.119 seems to have something to do with eBay if that relates to your possible browsing habits at times of disconnections?
Message 3 of 6
(1,009 Views)
Re: IDS rate parser : tcp rate limiting - what is it and why did it seem to kill BB?
08-11-2011 5:01 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
See, i was thinking because the logs have reset to Jan 01, that *something* caused the router to do...
This sounds more like a software-initiated 'restart' to me. (hence the resync..)
Regarding the IDS rate limiting, this could possible be due to QoS on the BT HH2 (if you have it enabled) - or the firmware in the router did not like how many connections that IP had open (and limited it based on firewall rules, preventing DDoS-style attacks mebbe? (Thats abit of a stab in the dark though )
Regards
Quote 00:00:19 1 Jan KERNEL Warm restart
This sounds more like a software-initiated 'restart' to me. (hence the resync..)
Regarding the IDS rate limiting, this could possible be due to QoS on the BT HH2 (if you have it enabled) - or the firmware in the router did not like how many connections that IP had open (and limited it based on firewall rules, preventing DDoS-style attacks mebbe? (Thats abit of a stab in the dark though )
Regards
Message 4 of 6
(1,009 Views)
Re: IDS rate parser : tcp rate limiting - what is it and why did it seem to kill BB?
08-11-2011 5:52 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Matt_2k34 ....preventing DDoS-style attacks mebbe? (Thats abit of a stab in the dark though )
This idnetters forum topic does seems to add light to your surmising.
Message 5 of 6
(1,009 Views)
Re: IDS rate parser : tcp rate limiting - what is it and why did it seem to kill BB?
08-11-2011 6:08 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
weee
Either way, I dont think its anything to be too concerned with (unless you start getting lots and lots of them!)...
Regards
Either way, I dont think its anything to be too concerned with (unless you start getting lots and lots of them!)...
Regards
Message 6 of 6
(1,009 Views)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: IDS rate parser : tcp rate limiting - what is ...