I already submitted the bug with logs from my syslog server. Can anyone else confirm this issue? I'm performing an 'All Service Ports' port scan from the ShieldsUP website. Once the scan starts my router reboots within 5-15 seconds - every time.
Looks like I found the culprit.
I have logging turned up all the way (high and enabled x3) and going to my syslog server. It appears that if the router can't keep up with the the traffic and logging it reboots. Can someone else confirm this?
I would really like to be able to log everything but this is definitely an exploitable side effect of having logging enabled so I have turned it off for now.
Is there a way to put in a configurable 'clutch' mechanism so that if the router does get overloaded with port scans and logging it just logs a warning that says something like, "Due to resource overload, only X number of logs per second will be recorded for the next X number of seconds"(?)
Thanks.
I already submitted the bug with logs from my syslog server. Can anyone else confirm this issue? I'm performing an 'All Service Ports' port scan from the ShieldsUP website. Once the scan starts my router reboots within 5-15 seconds - every time.
I already submitted the bug with logs from my syslog server. Can anyone else confirm this issue? I'm performing an 'All Service Ports' port scan from the ShieldsUP website. Once the scan starts my router reboots within 5-15 seconds - every time.
Joined: 24 Feb 2013 Posts: 1634 Location: Belgrade
Posted: Thu May 05, 2016 19:47 Post subject:
alceryes wrote:
Looks like I found the culprit.
I have logging turned up all the way (high and enabled x3) and going to my syslog server. It appears that if the router can't keep up with the the traffic and logging it reboots. Can someone else confirm this?
I would really like to be able to log everything but this is definitely an exploitable side effect of having logging enabled so I have turned it off for now.
Is there a way to put in a configurable 'clutch' mechanism so that if the router does get overloaded with port scans and logging it just logs a warning that says something like, "Due to resource overload, only X number of logs per second will be recorded for the next X number of seconds"(?)
Thanks.
why don't you use remote logging? no router can handle so much writings... you can have 1000 attacks in 1 second...
For what it's worth, I had this same problem some years back with my old WRT610N (Broadcom). Too much traffic from the GRC port scan with logging set to high (and sending to a local instance of Wallwatcher) would cause the router to reboot. I don't think this is specifically related to DD-WRT, it's just too much to process at once. _________________ Netgear R7000: v3.0-r54248 std (11/29/23)
EdgeRouter-X: EdgeOS v2.0.9-hotfix 7
I have syslogging turned on and firewall logging set to Low.
Logging is local.
I just ran the All Service Ports scan three times in a row, and monitored logging and RAM.
Nothing was logged, and RAM usage only increase by 1 to 2%, and then released when the test was done.
I am using the same build, different router.
Confirmed.
With logging set to Low (Low and Enabled x3) I can perform the ShieldsUP test fine and nothing is logged on my syslog server (remote logging). I didn't even see the 1-2% increase on memory usage.
It seems that setting it to medium or high floods the routers memory faster than it can send the logs to my syslog server. So it's just a hardware limitation not a bug.
Could someone test medium or high firewall logging with a router that has 64 or 128MB? If it's just the limited amount of RAM causing the issue I may be upgrading.
Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Fri May 06, 2016 17:51 Post subject:
dont "upgrade" cause a poorly designed port checker causes a crash..the med/high settings when logging everything are ridiculous & broken its nothing but a deluge of spam. 512mb ea8500 sometimes crashes there too if all are logging at high. it also wastes lots of cpu, like lots of cpu thst could be going into nat performance, vpn etc. _________________ LATEST FIRMWARE(S)
BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
dont "upgrade" cause a poorly designed port checker causes a crash..the med/high settings when logging everything are ridiculous & broken its nothing but a deluge of spam. 512mb ea8500 sometimes crashes there too if all are logging at high. it also wastes lots of cpu, like lots of cpu thst could be going into nat performance, vpn etc.
Okay, sounds good.
If it's just a flood of garbage (broken?) that will even reboot a 512MB router that's good enough for me. I have Exchange, FTP, and web services going through this router. It's a dev environment but is still being used regularly so I don't want the router rebooting with some occasionally heavy WAN-LAN activity (sustained 30Mb+ for minutes at a time).