dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
1849
flipper96
join:2003-01-21
germany

flipper96

Member

ADJUSTING STRICT SMC FIREWALL RULES

* DoS Detect Criteria:

Total incomplete TCP/UDP sessions HIGH: 500 session
Total incomplete TCP/UDP sessions LOW: 450 session
Incomplete TCP/UDP sessions (per min) HIGH: 450 session
Incomplete TCP/UDP sessions (per min) LOW: 400 session
Maximum incomplete TCP/UDP sessions number from same host: 99
Incomplete TCP/UDP sessions detect sensitive time period: 1000 msec.
Maximum half-open fragmentation packet number from same host: 99
Half-open fragmentation detect sensitive time period: 10000 msec.
Flooding cracker block time: 30 sec.

please test extensively

Y
hpkuo
join:2001-04-29
Cupertino, CA

hpkuo

Member

What is the benefit of these new seetings?

Mem
join:2002-01-03
Nashville, TN
·Google Fiber
·AT&T FTTP

Mem to flipper96

Member

to flipper96
I have noticed that SMC now has relaxed only two settings on SPI for the vbr/vwbr according to the FAQ. Why increase the first seven and decrease the last?

FAQ- CAn't get to some sites after enabling the firewall
Access is being blocked because the Barricade sees it as a SYN Flood attack.

Sensitivity for detecting abnormal TCP and UDP flows including SYN Flood is determined by parameters 'Maximum incomplete TCP/UDP sessions number from same host' and 'Incomplete TCP/UDP sessions detect sensitive time period'. The default values are 10 sessions for every 0.3 second.

Adjust the two parameters to loosen the sensitivity of SPI.
Remember that loosening SPI sensitivity also lowers the system security level.

Example:
Maximum incomplete TCP/UDP sessions number from same host: 30
Incomplete TCP/UDP sessions detect sensitive time period: 750 msec
flipper96
join:2003-01-21
germany

flipper96

Member

these settings are mainly recommended and tested for the badly engineered but popular emule/edonkey.

not needed for overnet or normal websurfing.

30s blocking are enough, remember you cant administrate it if your host is blocked.

we tested these setting so far bombing the wan port at 10mbits with all known attacks. none brought it down .

Y

pleekmo
Triptoe Through The Tulips
Premium Member
join:2001-09-14
Manchester, CT

pleekmo to flipper96

Premium Member

to flipper96
Though not part of an "extensive test", I instituted these rules in my firewall for my SMC 7004VBR and when I came home this evening my e-mail client could not connect and I could not surf the Internet (browser time-outs, I think).

Interestingly enough, AOL, MSN Messenger, Furthur, and GetRight were still working fine.

Finally had to perform a hard reset of the router.

Going to revert to using essentially stock firewall settings, I think.
flipper96
join:2003-01-21
germany

flipper96

Member

no, sir

that has nothing to do with firewall settings.

this is an old known problem with smc firmwares >1.2.

perform a soft reset, itll be fine then.

Y

pleekmo
Triptoe Through The Tulips
Premium Member
join:2001-09-14
Manchester, CT

pleekmo

Premium Member

So, in other words, implement those rules above, but perform a soft reset as I had not done before?
and1pinoy
join:2002-08-15

and1pinoy to flipper96

Member

to flipper96
so this is for emule users? and it'll keep my internet from going dead?
and1pinoy

and1pinoy

Member

the changes dont help. i still lose connection and a soft reset doesnt help neither.

Ben G
@net.uta.at

Ben G to flipper96

Anon

to flipper96
Hi flipper!

You said, ... this is an old known problem with firmwares > 1.2

I have to reset my SMC 7004 VBR everytime I want to connect with the internet. Automatically disconnecting works fine, but reconnecting after a while is only possible after a reset.

Is there a solution to fix this problem (except waiting for a firmware upgrade), or is it the best, to change the router?

Thanx, Ben