DoS Support
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Fibre Broadband
- :
- Re: DoS Support
DoS Support
17-01-2021 7:42 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Does PlusNet actually have any system protection for Denial of Service Attacks?
I have a Draytelk router on my Plusnet connection and seeinf high levels of DoS type traffic trying to get in through it.
Just wanted to see if anyone else is seeing it or if PN themselves have any form of pre-user protection in place.
Re: DoS Support
17-01-2021 7:51 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Marvo I'm not an expert in this field, but the router is doing its job by blocking these attempts. I don't know, but I doubt any ISP would tell you publicly what their protection systems are.
Re: DoS Support
17-01-2021 10:21 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: DoS Support
18-01-2021 9:25 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Marvo wrote:
Does PlusNet actually have any system protection for Denial of Service Attacks?
It depends what you mean by Denial of Service Attacks.
Typically a DoS attack involves someone on the internet sending a deluge of connection requests on a specific service port at your internet address THAT YOU USE (typically to allow access to a web server or other service on your network) in order to overwhelm the connection to prevent other people accessing the service you are providing - i.e. deny legitimate access to the service.
Alternatively, many firewall logs report "DoS attack" when the firewall has blocked a speculative external port probe in an attempt to detect whether there is anything interesting that could be targeted on your network. This isn't really a "denial of service" but more like someone knocking on your door to check whether anyone is home, and as others have already said, your router is reporting that it is doing its job by hiding and protecting your connection.
@Marvo So at the moment you are describing the firewall in your router that is blocking unsolicited external connections that have reached your home internet connection. Did you know that Plusnet have an additional firewall, that can block the most common port probing BEFORE those requests are passed to your home connection.
To find the Plusnet "Broadband Firewall", login to your "Member Centre" and then go to https://www.plus.net/member-centre/broadband/firewall
You might find a setting there that will help significantly reduce the most common unsolicited port probes.
Re: DoS Support
18-01-2021 9:30 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Good point, @Anonymous I'd forgotten about the Broadband Firewall as mine has been 'off' for as long as I've been here, but as you say, @Marvo may find it useful.
Re: DoS Support
18-01-2021 9:31 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Your DrayTek Router may have DDoS protection have a look at it's Web UI, I know the 2925 does.
Re: DoS Support
19-01-2021 6:56 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Marvo did any of the suggestions solve your problem ?
Re: DoS Support
20-01-2021 8:45 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I went online to the PN Online Firewall and turned it on.
I've also enabled a few firewall rules on the Draytek for the ports showing up on the DOS summary pages.
The CPU doesn't appear to be hammered and the SYN/UDP blocks do appear to be working.
It was just a surprise to find maybe 1 or 2 external IPs in the log at any time but this is now a constant stream of the same IPs and ports. I've raised a support query with Draytek and they've said that no more that 16 IPs can be blocked at any time so they suggested creating the firewall rules so I'll edit them going forward to specifically block the IP addresses and ranges used.
Re: DoS Support
20-01-2021 10:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Have you checked whether the ports that are being probed, are invisible from the internet side ?
If a 'hacker' has detected any sort of response from particular port numbers, then they will often keep bashing that address+port. If ALL your ports are truly stealthed and completely invisible, then the port scanner usually moves on to other targets.
Try using a port scanning tool such as ShieldsUP!
Press the [Proceed] button, then on the next page press the [All Service Ports] button.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page