Computer Interfacing
Discussions about interfacing and electronics
 

Configure Speedtouch intrusion detection

How to increase rate limits on the Speedtouch routers


 

       Computer Interfacing Forum Index -> Long distance networks
Author Message
lammert
Site Admin



Joined: 13 Mar 2007
Posts: 145
Location: Netherlands and Kazakhstan

Jan 12, 2010 1:25 pm

I am running some of my computers as public NTP servers. These NTP servers provide accurate time to anyone who wants to connect to them via the Network Time Protocol. One of those servers is located behind a Speedtouch ADSL modem, and since that computer was serving time to the internet, I noticed a few periods per day where all NTP and DNS traffic was coming to a standstill. NTP traffic being halted is not a big problem, but when your internal network can't connect to DNS servers on the internet, surfing is also not possible anymore. I knew that the internet connection itself was not the problem because established connections with for example SSH continued to work.

After some digging in the diagnostic screens of my Speedtouch modem, I realized that the udp_rate_limiting statistic had an unusual value. Because both NTP and DNS traffic use the low overhead UDP protocol, the Intrusion Detection was probably kicking in and blocked all UDP traffic when it reached a certain threshold level. Manuals and the Internet didn't give a solution to the problem and the web interface to my ADSL modem had no option to fine tune the Intrusion Detection settings. The only things I could find were posts on the internet which suggested to turn the firewall or Intrusion Detection in the modem completely off, but that wasn't what I wanted to do. I therefore connected with telnet to the modem and looked in the advanced settings for a solution. The following applies to my Speedtouch 716. On your modem the settings may be differently named, or not present at all.

I first went to the Intrusion Detection settings with the command ids. I typed the command help and received the following response:

Code:
{Administrator}[ids]=>help
Following commands are available :

config           : Display/Modify IDS configuration.
clear            : Clear IDS statistics.

Following command groups are available :

parser          pattern         signature       threshold 


There seems to be a threshold sub menu so I typed threshold to enter it. A new request for help answered with:

Code:
{Administrator}[ids threshold]=>help
Following commands are available :

list             : Display IDS thresholds.
modify           : Modify IDS threshold.
clear            : Reset IDS thresholds.


Typing list revealed the source of my problem:

Code:
{Administrator}[ids threshold]=>list
index  name                      window           limit  scaling
-----------------------------------------------------------------
   1.  ids frag sweep                 1              10  disabled
   2.  ids scan                      20              20  enabled
   3.  ids flood                      2             100  disabled
   4.  ids tcp rate                   1             200  disabled
   5.  ids udp rate                   1             200  disabled
   6.  ids icmp rate                  1             200  disabled
   7.  ids ip rate                    1             200  disabled


200 requests (per minute?) is not enough for a busy NTP server so I decided to increase that value with the following command

modify index=5 limit=9999

Now the settings were modified to

Code:
{Administrator}[ids threshold]=>list
index  name                      window           limit  scaling
-----------------------------------------------------------------
   1.  ids frag sweep                 1              10  disabled
   2.  ids scan                      20              20  enabled
   3.  ids flood                      2             100  disabled
   4.  ids tcp rate                   1             200  disabled
   5.  ids udp rate                   1            9999  disabled
   6.  ids icmp rate                  1             200  disabled
   7.  ids ip rate                    1             200  disabled


After the command saveall to store the new settings, I exited the router with exit.

Problem solved.
mike
Guest







Sep 23, 2013 10:35 am

why are you even using this when you can use LAN? Smile
tazy
New User



Joined: 10 Nov 2014
Posts: 1


Nov 10, 2014 5:43 am

I noticed a few periods per day where all NTP and DNS traffic was coming to a standstill. NTP traffic being halted is not a big problem, but when your internal network can't connect to DNS servers on the internet, surfing is also not possible anymore. I knew that the internet connection itself was not the problem because established connections with for example SSH continued to work....!






-------------------
tZy

       Computer Interfacing Forum Index -> Long distance networks
Page 1 of 1



Running on php BB © 2001, 2009 php BB Group
   Lammert Bies     Interfacing     Sitemap     Forum