ER7212PC - "Router Detected TCP SYN packets attack and dropped xxx packets" every ten minutes.
Hello everyone!
I have this setup (all device on the latest firmware):
Modem from my net provider - ER7212PC v1 (Router) - TL-SG2008P v3 (Switch) - EAP245(EU) v3 (Access Point)
Omada version: 5.8.36
In the Omada Controller under the Log section i got this alert every ten minutes:
"Router Detected TCP SYN packets attack and dropped ~100-300 packets" every ten minutes." - nothing more, no IP or MAC or any useful info.
What can i do with this or this is a bug in the Omada Controller?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@Tedd404 Thank you for your constructive comment…
Yes, I read the forum post that you linked and no, that is not the solution to this phenomenon.
I used the grcDOTcom "Shield up" service to request the examination of the ports and there it was, that although they are not open, they are not well configured, because they do not block the incoming requests but reject them.
So the solution was in this forum post:
Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test. [Case Closed] - Business Community (tp-link.com)
After I set this up, my alert line cleared up.
- Copy Link
- Report Inappropriate Content
did you read the forum or simply post without even searching it?
why do you think it is a bug?? it is a normal log reflex that is being blocked.. god..
this thread is just 3 posts below your new thread. so you don't even read it?
https://community.tp-link.com/en/business/forum/topic/636216
- Copy Link
- Report Inappropriate Content
@Tedd404 Thank you for your constructive comment…
Yes, I read the forum post that you linked and no, that is not the solution to this phenomenon.
I used the grcDOTcom "Shield up" service to request the examination of the ports and there it was, that although they are not open, they are not well configured, because they do not block the incoming requests but reject them.
So the solution was in this forum post:
Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test. [Case Closed] - Business Community (tp-link.com)
After I set this up, my alert line cleared up.
- Copy Link
- Report Inappropriate Content
it is not blocking if you uncheck it... NVM. i am giving a fix to the root cause. you chose another way to "bypass" it. that's fine.
you can even turn off the alert in the log. why not this way?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Getting this exact same message in the log every 10 minutes...was the root cause ever determined by anyone?
- Copy Link
- Report Inappropriate Content
Hi @rainman12
Thanks for posting in our business forum.
rainman12 wrote
Getting this exact same message in the log every 10 minutes...was the root cause ever determined by anyone?
It was there all the time. The log did not show this before. Same thing for the DHCP log which displays its interaction even though there is zero issue with it.
If you have any issues like this in the future, please take a look at the label where we update the solutions and troubleshooting guides.
If you want to find out the root cause, please use Wireshark and mirror your WAN connection to capture any traffic that meets the "TCP SYN reset".
- Copy Link
- Report Inappropriate Content
Information
Helpful: 4
Views: 4049
Replies: 6