Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 3698 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dos Attack AP 100

Edgar_Quintana

Hi,

 

My enviroment,

 

XG125 HA 17.0.8 version

 

i´ve some AP 100 configured by DHCP, for example 192.168.157.221 and XG LAN is 192.168.157.70.

 

At realtime console I can se events like this even no clients connected:

 

2018-07-05 07:10:29 DoS Attack Denied 0 lag0 192.168.157.221 192.168.157.70 8472 8472 UDP 0

 

 

Any ideas?

 

Regards



This thread was automatically locked due to age.
  • 0

    Hi,

    please post your firewall rules in detail. That does look like one of your internal devices is searching for something?

    Ian

  • 0 in reply to rfcat_vk

    Hello,

     

    Looking at the logs it looks like you have configured some wireless network with Clint traffic as "Sepeeate Zone". If yes, then you will need to add a DoS bypass rule as following.

     

    Src IP: *  or AP IP if you have reserved the IP address on your DHCP server

    Src Port: 8472

    Dst IP: Primary XG IP (192.168.157.70)

    Dst Port: 8472

    Proto: UDP

     

    This traffic is used to tunnel and separate traffic from your LAN interface.

     

    Regards, Ronak.

  • 0

    Hi Edgar_Quintana ,

    You may check the ARP table for the device IP address and associated MAC address ,otherwise you may need to configure a different zone if you wish Isolation between Wired and Wireless Network. 

    DDOS attack is check when pass though the XG interfaces and unless you know the Port or function of the application usig that port , it is not recommended to bypass it.