cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1091
Views
0
Helpful
7
Replies

RVS4000 IPS & OnLive

DJX995
Level 3
Level 3

When using OnLive with the IPS feature of the RVS4000 enabled, I receive many "DDOS_TYPE_UDP_FLOOD" messages in my IPS log.

I can't tell if this is a false positive or what but I can not use OnLive when the IPS feature is enabled because of all the skipping (I attribute to IPS blocking).

1 Accepted Solution

Accepted Solutions

jagor
Level 1
Level 1

If you are just getting these alerts whenever running OnLive, it most likely is a false positive. The IPS module
might be detection too many UDP packets at once as an attack on the router and stopping the traffic, resulting in stopping OnLive.

View solution in original post

7 Replies 7

jagor
Level 1
Level 1

If you are just getting these alerts whenever running OnLive, it most likely is a false positive. The IPS module
might be detection too many UDP packets at once as an attack on the router and stopping the traffic, resulting in stopping OnLive.

That was my guess.

I think a new IPS signature is in order...

Could you report this so it will hopefully be addressed?

I can definitely raise this issue to the appropriate people.

Thank you.

The developers have responded that the UDP flood alert is actually not generated by the IPS module at all. It is most likely coming from the firewall module instead. Can you help pinpoint this by leaving IPS on, disabling "DoS Protection" under Firewall and running OnLive? Also, what firmware version are you running on your RVS4000? Thanks.

I will test that setup when I get home.

I'm running firmware v1.3.2.0

Thank you for your continued support, I really appreciate it.

Silky smooth with out the DoS option in the firewall module.

Nothing logged either.

Hope this can be fixed so that I can re-enable this feature soon.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: