Syn Attack and Router dropping Internet

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Syn Attack and Router dropping Internet

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Syn Attack and Router dropping Internet
Syn Attack and Router dropping Internet
2024-10-07 01:59:50 - last edited a week ago
Model: ER8411  
Hardware Version: V1
Firmware Version: 1.2.1

Arris G54 - Bridge mode, firewall turned off.

IPv4/IPv6 DNS Relay is enabled

DHCP Server is not enabled

Omada Hardware Controller OC200 2.0 EAP783(US) v1.0 Firmware 2.16.3 Build 20240620 Rel.81038 Controller Version 5.14.26.23

JetStream 24-port Switch SG3428XPP-M2 v1.20 Firmware 1.20.3

Omada BE2200 EAP783(US) v1.0 Firmware 1.0.10

Omada VPN Router ER8411 v1.0 Firmware 1.2.1

 

AP and Controller are plugged into the switch.

 

Switch is plugged into the router:

Switch ports: 17, 19, 20, 23, 25, 26

to

Router ports: 8, 9, 10, 11, 2, 3

 

Router is plugged into the Arris 10G port from router port 4

 

Wired LANS are setup as Interfaces.

EAP ACLs map WLANs to respective LANs

No Gateway ACLs

 

I keep having these issues:

1. Notifications of "Port Blocked Warning Jetstream SG3428XP...'s port Tw1/0/21 was blocked." - The LAN to WAN ports on the switch keep getting blocked. To the point of about 9,000 warning over the last month.

2. "Detected TCP SYN packets attack and dropped XXX packets." The SYN 'attacks' keep happening at a regular 10 minute interval 24/7. This seems to be a common issue posted to the forums several times. I firmly believe this is something on the local side of the network.

3. Router keeps loosing connection to the modem.

Power cycling the Router gets it to reconnect to the modem.

 

Turning off:

Multi-Connections TCP SYN Flood and

Block TCP Scan with RST

 

Stops the SYN attach notifications.

 

There are no conflicting sub-nets.

 

Loopback detection is turned on for the Switch.

 

I turned on Spanning Tree: STP to see if that would help. It did not stop any of the issues.

 

I used the Arris G54 in model/router mode prior to adding the Omada setup without any of these issues. It stayed connected 100% without dropping randomly.

 

I can't find any useful information in the logs... I have read through numerous forums to see if anyone else has any answers/solutions.

 

I initially upgraded to the Omada stack due to my spouse and I both working from home. We work for different Healthcare systems that require us to use VPNs out. We work for different companies so I wanted to beef up the hardware for our internet.

  0      
  0      
#1
Options
2 Reply
Re:Syn Attack and Router dropping Internet
2024-10-07 04:53:44

  @HuntyBadger 

 

if you have connected switch port 17, 19, 20, 23, 25, 26 to router port 8, 9, 10, 11, 2, 3 you are probably asking for problems, what is the point of that?

 

  0  
  0  
#2
Options
Re:Syn Attack and Router dropping Internet
2024-10-07 23:06:17 - last edited 2024-10-07 23:16:20

  @MR.S Initially I was going to direct specific LANs through the ports so I could regulate them. Each time I attempt to segregate a LAN to a specific port>WAN. It doesn't seem to work. Sort out the two Work from Home LANs from the IoT and my Lab LAN that has test servers.

 

I have noticed that the switch is using only Port 25. The others don't show activity. Currently on the router, only port 4 is plugged into the modem.

  0  
  0  
#3
Options