cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

DoS Support

Marvo
Dabbler
Posts: 16
Fixes: 1
Registered: ‎18-09-2020

DoS Support

‎17-01-2021 7:42 PM

Does PlusNet actually have any system protection for Denial of Service Attacks?

I have a Draytelk router on my Plusnet connection and seeinf high levels of DoS type traffic trying to get in through it.

Just wanted to see if anyone else is seeing it or if PN themselves have any form of pre-user protection in place.

Message 1 of 9
(1,023 Views)
0 Thanks
8 REPLIES 8
jab1
Legend
Posts: 17,024
Thanks: 5,447
Fixes: 254
Registered: ‎24-02-2012

Re: DoS Support

‎17-01-2021 7:51 PM

@Marvo I'm not an expert in this field, but the router is doing its job by blocking these attempts. I don't know, but I doubt any ISP would tell you publicly what their protection systems are.

John
Message 2 of 9
(1,017 Views)
198kHz
Seasoned Hero
Posts: 5,731
Thanks: 2,779
Fixes: 41
Registered: ‎30-07-2008

Re: DoS Support

‎17-01-2021 10:21 PM

@Marvo 

I'd agree with @jab1 .

There are always chancers probing for open ports, but as long as your internet is working OK then your router is doing its job and keeping the bad guys out.

Murphy was an optimist
Zen FTTC 40/10 + Digital Voice   FRITZ!Box 7530
BT technician (Retired)
Message 3 of 9
(989 Views)
Anonymous
Not applicable

Re: DoS Support

‎18-01-2021 9:25 AM

@Marvo wrote:

Does PlusNet actually have any system protection for Denial of Service Attacks?

 

It depends what you mean by Denial of Service Attacks.

Typically a DoS attack involves someone on the internet sending a deluge of connection requests on a specific service port at your internet address THAT YOU USE (typically to allow access to a web server or other service on your network) in order to overwhelm the connection to prevent other people accessing the service you are providing - i.e. deny legitimate access to the service.

Alternatively, many firewall logs report "DoS attack" when the firewall has blocked a speculative external port probe in an attempt to detect whether there is anything interesting that could be targeted on your network.  This isn't really a "denial of service" but more like someone knocking on your door to check whether anyone is home, and as others have already said, your router is reporting that it is doing its job by hiding and protecting your connection.

 

@Marvo  So at the moment you are describing the firewall in your router that is blocking unsolicited external connections that have reached your home internet connection.  Did you know that Plusnet have an additional firewall, that can block the most common port probing BEFORE those requests are passed to your home connection.

To find the Plusnet "Broadband Firewall", login to your "Member Centre" and then go to https://www.plus.net/member-centre/broadband/firewall 

You might find a setting there that will help significantly reduce the most common unsolicited port probes.

 

Message 4 of 9
(950 Views)
jab1
Legend
Posts: 17,024
Thanks: 5,447
Fixes: 254
Registered: ‎24-02-2012

Re: DoS Support

‎18-01-2021 9:30 AM

Good point, @Anonymous I'd forgotten about the Broadband Firewall as mine has been 'off' for as long as I've been here, but as you say, @Marvo may find it useful.

John
Message 5 of 9
(947 Views)
0 Thanks
Mook
Seasoned Champion
Posts: 1,266
Thanks: 870
Fixes: 9
Registered: ‎27-12-2019

Re: DoS Support

‎18-01-2021 9:31 AM


Your DrayTek Router may have DDoS protection have a look at it's Web UI, I know the 2925 does.

Message 6 of 9
(945 Views)
0 Thanks
Anonymous
Not applicable

Re: DoS Support

‎19-01-2021 6:56 PM

@Marvo  did any of the suggestions solve your problem ?

Message 7 of 9
(884 Views)
0 Thanks
Marvo
Dabbler
Posts: 16
Fixes: 1
Registered: ‎18-09-2020

Re: DoS Support

‎20-01-2021 8:45 PM

I went online to the PN Online Firewall and turned it on.

I've also enabled a few firewall rules on the Draytek for the ports showing up on the DOS summary pages.

The CPU doesn't appear to be hammered and the SYN/UDP blocks do appear to be working.

It was just a surprise to find maybe 1 or 2 external IPs in the log at any time but this is now a constant stream of the same IPs and ports. I've raised a support query with Draytek and they've said that no more that 16 IPs can be blocked at any time so they suggested creating the firewall rules so I'll edit them going forward to specifically block the IP addresses and ranges used.

Message 8 of 9
(853 Views)
0 Thanks
Anonymous
Not applicable

Re: DoS Support

‎20-01-2021 10:37 PM

Have you checked whether the ports that are being probed, are invisible from the internet side ?

If a 'hacker' has detected any sort of response from particular port numbers, then they will often keep bashing that address+port.  If ALL your ports are truly stealthed and completely invisible, then the port scanner usually moves on to other targets.

Try using a port scanning tool such as ShieldsUP! 

Press the [Proceed] button, then on the next page press the [All Service Ports] button.

Message 9 of 9
(841 Views)
0 Thanks