2
Votes

Disabling LED should also disable the DNS query DoS attack (100k requests/mo)

 
2
Votes

Disabling LED should also disable the DNS query DoS attack (100k requests/mo)

Disabling LED should also disable the DNS query DoS attack (100k requests/mo)
Disabling LED should also disable the DNS query DoS attack (100k requests/mo)
2024-06-13 13:56:27 - last edited 2024-06-13 14:07:13
Model: Deco M4  
Hardware Version:
Firmware Version:

I've gotten a Deco M4 from my ISP with my subscription as a bonus.
This AP caused me to blow through a DNS server rate limit resulting in my account being disabled, permanently.

I managed to finally figure out that the cause was the AP doing a DNS request every 10 seconds (100k/mo, 1.2M/y) just to turn an LED red if something were to happen.
This is highly undesirable. This "feature" actually did cause a service to be denied due to sheer volume, so i will refer to it as a DoS attack as this is the shortest and also correct technical term.
Smartphones have similarly functioning connectivity-checking, but are nowhere near as aggressive as every ten seconds, and will thus not result in a DoS attack.

According to these posts the function of this DNS DoS attack is just the status LED:
https://community.tp-link.com/en/home/forum/topic/214828 Reply #5
https://community.tp-link.com/en/home/forum/topic/221608 Reply #4
These topics are about the exact same issue that i am talking about, maddening amounts of DNS queries to 6 of the "most popular" domains which results in a de-facto Dos attack on the DNS server.

These replies are from the same account containing the same copy-pasted text. According to this TP-link employee the sole purpose is to turn an LED red.
Disabling the LED entirely through the app does not stop these checks from happening though, nor does it make them less aggressive!

My feature request is for TP-link to push firmware updates to all devices which use this aggressive connection checking to enable users to configure this feature.
Ideally the user would be able to turn this "feature" off, and also change the interval to a more sane value than 10 seconds for when the LED is desirable but response time is less important than not doing a DoS attack on the DNS server.
New devices should also not have this feature added to them without the possibility to configure them in this way.

Furthermore i hate, HATE, the fact that this deco M4 access point is unable to be configured the normal way. I am an IT professional and this is the most user-unfriendly device i have come across because it requires an app, an account, and working internet connection before anything can be configured whatsoever.
I implore you to always, ALWAYS, leave useful configuration options in the web interface so that the bare minimum needed to configure the AP is a device connected to the AP, you knowing the AP's IP and login details.
I am fine with there being an app, but don't force a network engineer to go through this humiliating setup process. And to add insult to injury, there IS a web interface but you are only allowed to configure your timezone.
If this is done under the guise of user-friendliness, please keep in mind that IT professionals are users too. If need be, just hide all the useful options under an advanced-tab in an advanced tab, but DO NOT get rid of them entirely if you want IT professionals to have positive opinions of your products.
Don't sacrifice user-friendliness for the sake of user-friendliness.

As for me, i'm going to install custom firmware not made by TP-link on my AP's and i will make it a point to never ever get a device that can only be configured through an app (that requires an account) again. Also any good reputation TP-link had in my book due to my use of EAP330's for a small business customer has been shot by this ill-thought-out (blocked word meaning bad, worthless, or useless that is also used to describe trash. informalBritish).


Note: any attempt to interpret my issue as some misunderstanding on my part will be interpreted as an insult. I have done my due dilligence on this issue, i have seen the DNS logs, i have disconnected every other device in my network to rule those out, and i've found plenty of confirmation that this model of TP-link AP is doing what is described above.

These issues are by no means exclusive to the deco M4, but i cannot produce a list of all affected devices. Your engineers will know though, and unless they are the ones that came up with these "features" you should really listen to them

#1
Options
3 Reply
Re:Disabling LED should also disable the DNS query DoS attack (100k requests/mo)
2024-06-13 14:14:34

I have also contacted my ISP which has a history of partnering with TP-link for non-modem CPE (archer c7, deco m4, and future devices) to make sure they are aware of these issues.
They seem to take it seriously and have made a note for the team that picks these 3rd party devices.
Hopefully this results in my ISP not giving devices to customers in the future that force them to use an app, or have "features" like the DoS attack that the customer can't turn off (the ISP's employee was baffled that there was no option for this in the advanced tab in the app, and the fact that turning the LED off was considered "advanced").
This may result in user-unfriendly (TP-link) devices not being selected in the future, which would make me and other end-users very happy but could make TP-link very sad

#2
Options
Re:Disabling LED should also disable the DNS query DoS attack (100k requests/mo)
2024-06-13 15:02:37
can you changes your gateway 1.1.1,2 & 8.,8,8.8 that should block malware speed up your deco i recommend this on all routers tplink or deco it should improve your experience
#3
Options
Re:Disabling LED should also disable the DNS query DoS attack (100k requests/mo)
2024-06-14 07:50:17

  @tonyjp2022 I see you like google and cloudflare's DNS, but how exactly is that relevant to my issue or my post?
I can pick my own dns provider just fine, thank you

#4
Options