I recently found a DoS Defense setting in my DrayTek Vigor 2830 router, which is disabled as default. I'm running a very small server on this network and I take it very serious to have the server up and running 24/7.
I'm a bit unsure if the DoS Defense could cause me any kind of problems. I haven't experienced any DoS attacks yet, but I would like to avoid possible attacks. Is there any reason not to enable the DoS Defense setting?
It means the router has to maintain additional state and do additional work on each packet. And how can it really help in the case of a DoS? All it can do is drop a packet that you have already received. Since you've already received it, it has already done the damage by consuming your inbound Internet bandwidth.
One reason to not enable the DoS Defense setting is that trying to protect systems from DOSed will spike the CPU of the router/firewall causing a DoS itself.
An old thread I know, but I've just had to turn off the DoS defences on my Draytek 2850 home router to prevent some connection problems (almost everyone's in-bound bandwidth dropped to 0). Oddly enough, when all the kids are using their iPhones, PCs and chatting on Skype, etc. it triggers the DoS defences!
My guess is that there's so much traffic going in both directions that the router thinks it's under attack from the outside and shuts down. Turning off the UDP flood defence didn't do a complete fix so I turned off the SYN and ICMP defences too. (If you had to turn off both SYN and ICMP flood protection then I think the router was doing a very good job unless you are running a server or servers on your network) - SYN and ICMP requests are sent to servers during connection initiation, then the client devices receive a SYN-ACK back from the server.
Hey presto - no more connection issues. Of course, I'll turn the defences back on and better-tune the values (measured in packets/second), but I've been trying to nail this problem for ages and it was quite a shock to find out the real cause.
I hope this helps someone else.
Yes, absolutely, turn it on.
If this is implemented correctly your firewall's engine should inspect each packet. Once it's determined to drop this traffic as part of a DoS attack, it should install a rule into hardware and silently drop the traffic instead of processing it again and again. Where it will still fall on it's face is a distributed attack, but I suggest you turn this on.
What kinds of services is that server hosting?
Yes. It can turn "Denial of Service protection" into just "Denial of Service" from the outside Internet, even without any attacks.
In my case with ASUS RT-AC58U it made home HTTP(S) and FTP(S) servers to respond very slowly to half the requests even with a single outside client, or even not respond at all and timeout after several succesful connections. E.g. I open a page and half of the images are missing, and a click to the next page hangs for a minute.
I tried to setup various cover-up measures for years, like a file-caching reverse proxy (nginx) on my VPS, caching DNS server, even just storing home router's dynamic IP in /etc/hosts. VPS itself worked good, but connectivity to home back-end never improved until i disabled the "DoS Protection" in home router.
A daily backup using duplicity from my VPS to home PC via FTP(S), which makes a new connection for each file, might skip some diff files, take anywhere from half an hour to 10+ hours or not finish at all that day. Now it consistently takes 1.5 minutes for 4-5 folders via FTPS with "DoS Protection" disabled.
Although my other backup scripts with lftp, which use a single FTPS connection for a bunch of files at once, worked acceptably enough even with "DoS Protection" enabled.
Yes because it saves network from malicious attacks.
False Positives: In some cases, router DoS defence algorithms mistakenly classify genuine traffic as an attack and stop it. This may cause services to be interrupted or prevent authorised users from using your network. To reduce false positives, it's crucial to carefully configure and monitor the DoS defence settings.
Performance Impact: Enabling DoS defence on your router may use up system resources. The overall performance of your network may be impacted, depending on the specific implementation and the level of protection set. Increased protection may result in slower throughput or higher latency. Make sure the performance effect is appropriate for the demands of your network by evaluating it.
Advanced Attacks: Although DoS defense measures are successful against simple and medium-level attacks, complex attacks may still find a way around the barriers. Remember that determined attackers may use more sophisticated strategies, necessitating additional security measures beyond what your router can offer.
If the DoS attack doesn't kill your pc first, the heat generated from DoS protection will kill your router. If your that concerned about security then don't use the internet.
It is better to protect every individual device on your network with a properly set firewall and av, when not using the net turn off your wifi use it like you would your tap water.
