07-23-2010 08:12 PM
When using OnLive with the IPS feature of the RVS4000 enabled, I receive many "DDOS_TYPE_UDP_FLOOD" messages in my IPS log.
I can't tell if this is a false positive or what but I can not use OnLive when the IPS feature is enabled because of all the skipping (I attribute to IPS blocking).
Solved! Go to Solution.
07-26-2010 11:26 AM
If you are just getting these alerts whenever running OnLive, it most likely is a false positive. The IPS module
might be detection too many UDP packets at once as an attack on the router and stopping the traffic, resulting in stopping OnLive.
07-26-2010 11:26 AM
If you are just getting these alerts whenever running OnLive, it most likely is a false positive. The IPS module
might be detection too many UDP packets at once as an attack on the router and stopping the traffic, resulting in stopping OnLive.
07-26-2010 11:30 AM
That was my guess.
I think a new IPS signature is in order...
Could you report this so it will hopefully be addressed?
07-26-2010 11:32 AM
I can definitely raise this issue to the appropriate people.
07-26-2010 11:32 AM
Thank you.
07-27-2010 08:06 AM
The developers have responded that the UDP flood alert is actually not generated by the IPS module at all. It is most likely coming from the firewall module instead. Can you help pinpoint this by leaving IPS on, disabling "DoS Protection" under Firewall and running OnLive? Also, what firmware version are you running on your RVS4000? Thanks.
07-27-2010 09:05 AM
I will test that setup when I get home.
I'm running firmware v1.3.2.0
Thank you for your continued support, I really appreciate it.
07-27-2010 04:41 PM
Silky smooth with out the DoS option in the firewall module.
Nothing logged either.
Hope this can be fixed so that I can re-enable this feature soon.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: