ADP flag my request to WebGUI as distributed port scan and tcp flood ?
Options
Hello,
When I connect to a vpn 100 router to manage it remotely, I get kicked out after few minutes.
Upon investigation, the ADP functionality bans my IP with reasons of tcp-flood (53) and distributed port scanning (33).
All flood detection rules are configured to 1000 paquets per seconds, could a normal usage of google chrome generate more than 1000 paquets per seconds while browsing the webgui ?
I tried to use a private browser tab with no plugin loaded from another IP with same results.
I obviously did not launch nmap targeting the router I try to administrate, since it says distributed, I expected to see other IP in addition to mine, but only the specific IP i'm using at the moment of browsing gets blocked as it appears in the logs.
On my side, local router says there is only one connection from my local computer to the remote Zyxel router.
How do I configure ADP to not block me over normal usage of the WebGUI ?
When I connect to a vpn 100 router to manage it remotely, I get kicked out after few minutes.
Upon investigation, the ADP functionality bans my IP with reasons of tcp-flood (53) and distributed port scanning (33).
All flood detection rules are configured to 1000 paquets per seconds, could a normal usage of google chrome generate more than 1000 paquets per seconds while browsing the webgui ?
I tried to use a private browser tab with no plugin loaded from another IP with same results.
I obviously did not launch nmap targeting the router I try to administrate, since it says distributed, I expected to see other IP in addition to mine, but only the specific IP i'm using at the moment of browsing gets blocked as it appears in the logs.
On my side, local router says there is only one connection from my local computer to the remote Zyxel router.
How do I configure ADP to not block me over normal usage of the WebGUI ?
0
Comments
-
For me I just set TCP portscan to action none and inactivate (flood) IP flood.0
-
This defeat the whole purpose of ADP to disable it.0
-
Your not disabling all of it.
TCP port scan can not tell a legit connection to a scan which would be possible if it sees the TCP SYN and waits for the ACK if no ACK then it sees it as a port scan but thats not how it works.
0
Categories
- All Categories
- 395 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 82 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 914 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 415 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight