cancel
Showing results for 
Search instead for 
Did you mean: 

DoS Support

Marvo
Dabbler
Posts: 16
Fixes: 1
Registered: ‎18-09-2020

DoS Support

Does PlusNet actually have any system protection for Denial of Service Attacks?

I have a Draytelk router on my Plusnet connection and seeinf high levels of DoS type traffic trying to get in through it.

Just wanted to see if anyone else is seeing it or if PN themselves have any form of pre-user protection in place.

8 REPLIES 8
jab1
Seasoned Hero
Posts: 8,217
Thanks: 1,808
Fixes: 89
Registered: ‎24-02-2012

Re: DoS Support

@Marvo I'm not an expert in this field, but the router is doing its job by blocking these attempts. I don't know, but I doubt any ISP would tell you publicly what their protection systems are.

John
198kHz
Seasoned Hero
Posts: 5,263
Thanks: 724
Fixes: 33
Registered: ‎30-07-2008

Re: DoS Support

@Marvo 

I'd agree with @jab1 .

There are always chancers probing for open ports, but as long as your internet is working OK then your router is doing its job and keeping the bad guys out.

To err is human; to purr, feline
ADSL2+   Billion 7800N
BT technician (Retired)
Nibiru
Community Veteran
Posts: 5,636
Thanks: 359
Fixes: 7
Registered: ‎11-08-2007

Re: DoS Support


@Marvo wrote:

Does PlusNet actually have any system protection for Denial of Service Attacks?


 

It depends what you mean by Denial of Service Attacks.

Typically a DoS attack involves someone on the internet sending a deluge of connection requests on a specific service port at your internet address THAT YOU USE (typically to allow access to a web server or other service on your network) in order to overwhelm the connection to prevent other people accessing the service you are providing - i.e. deny legitimate access to the service.

Alternatively, many firewall logs report "DoS attack" when the firewall has blocked a speculative external port probe in an attempt to detect whether there is anything interesting that could be targeted on your network.  This isn't really a "denial of service" but more like someone knocking on your door to check whether anyone is home, and as others have already said, your router is reporting that it is doing its job by hiding and protecting your connection.

 

@Marvo  So at the moment you are describing the firewall in your router that is blocking unsolicited external connections that have reached your home internet connection.  Did you know that Plusnet have an additional firewall, that can block the most common port probing BEFORE those requests are passed to your home connection.

To find the Plusnet "Broadband Firewall", login to your "Member Centre" and then go to https://www.plus.net/member-centre/broadband/firewall 

You might find a setting there that will help significantly reduce the most common unsolicited port probes.

 

Plusnet FTTC 80/20 IPv4/30, Hurricane Electric 6in4 IPv6/48, Pulse8 landline & calls, SamKnows 600N
Vigor 130 modem, pfSense 2.5.2 router, DrayTek WAPs, Devolo dLAN 500, Gigaset N300A-IP VoIP DECT
jab1
Seasoned Hero
Posts: 8,217
Thanks: 1,808
Fixes: 89
Registered: ‎24-02-2012

Re: DoS Support

Good point, @Nibiru I'd forgotten about the Broadband Firewall as mine has been 'off' for as long as I've been here, but as you say, @Marvo may find it useful.

John
Mook
Champion
Posts: 919
Thanks: 208
Fixes: 2
Registered: ‎27-12-2019

Re: DoS Support


Your DrayTek Router may have DDoS protection have a look at it's Web UI, I know the 2925 does.

Nibiru
Community Veteran
Posts: 5,636
Thanks: 359
Fixes: 7
Registered: ‎11-08-2007

Re: DoS Support

@Marvo  did any of the suggestions solve your problem ?

Plusnet FTTC 80/20 IPv4/30, Hurricane Electric 6in4 IPv6/48, Pulse8 landline & calls, SamKnows 600N
Vigor 130 modem, pfSense 2.5.2 router, DrayTek WAPs, Devolo dLAN 500, Gigaset N300A-IP VoIP DECT
Marvo
Dabbler
Posts: 16
Fixes: 1
Registered: ‎18-09-2020

Re: DoS Support

I went online to the PN Online Firewall and turned it on.

I've also enabled a few firewall rules on the Draytek for the ports showing up on the DOS summary pages.

The CPU doesn't appear to be hammered and the SYN/UDP blocks do appear to be working.

It was just a surprise to find maybe 1 or 2 external IPs in the log at any time but this is now a constant stream of the same IPs and ports. I've raised a support query with Draytek and they've said that no more that 16 IPs can be blocked at any time so they suggested creating the firewall rules so I'll edit them going forward to specifically block the IP addresses and ranges used.

Nibiru
Community Veteran
Posts: 5,636
Thanks: 359
Fixes: 7
Registered: ‎11-08-2007

Re: DoS Support

Have you checked whether the ports that are being probed, are invisible from the internet side ?

If a 'hacker' has detected any sort of response from particular port numbers, then they will often keep bashing that address+port.  If ALL your ports are truly stealthed and completely invisible, then the port scanner usually moves on to other targets.

Try using a port scanning tool such as ShieldsUP! 

Press the [Proceed] button, then on the next page press the [All Service Ports] button.

Plusnet FTTC 80/20 IPv4/30, Hurricane Electric 6in4 IPv6/48, Pulse8 landline & calls, SamKnows 600N
Vigor 130 modem, pfSense 2.5.2 router, DrayTek WAPs, Devolo dLAN 500, Gigaset N300A-IP VoIP DECT