Can anyone help with this? we found when client's use our game servers the router ips reports DDOS_TYPE_UDP_FLOOD here some of what we are seeing and some time our own lan ip sometime show's up in the list we host gaming servers and teamspeaks servers
Robert, I'm not an expert in this area, but IPS is detecting these UDP datagrams as an attack. I take it that these hits are from your game customers. If nothing else, it will definitely be a performance hit because your router is busy handling these instead of ignoring them.
You have to determine if it is safe to turn off IPS (do you have back-end firewall security?), and additionally, if you use it, make sure you have the latest version, which I believe is 1.50. Look in the information section under IPS on your router for the version #.
Thank you AJ for the help we turn off ips and everything is working good we are running Signature Version: 1.42 Firmware Version: V22.214.171.124 we are a non profit we supply servers to over 800 kid's through out the world all free services we are new to all this.... how do we update to 1.50 and a link to download it .....
You're welcome, and I think what you are doing for the kids is great.
The 1.50 download is here in Cisco's support area. It is a little hard to navigate to, but once you get there, just download the zip file and extract the 2 files that are in it. Read the readme file and then use the IPS menu on the router to navigate to the file and update the signatures that it describes to block attackers.
If you can't find it, google "RVS4000_WRVS4400N_IPS_Signature_v1.50.zip"
Once you install it, check the log to see if it is still triggering against these (it probably will because there are so many simultaneous UDP packets from different IPs.). There may be a way in the Firewall portion of the router to enable these UDP connections, but that kindof bypasses the concept of IPS. It is going to be a decision for you to make, whether to keep it enabled or not. If you have a good firewall on your server(s) behind the router, then you can probably disable it, but my feeling is it is best to stop intruders at the front gate, not at the kitchen door. In this case, you don't really know for sure if they are friend or foe when they are at that front gate, so you have to let them in the house, otherwise the IPS "alarm" will keep going off.
For now, I'd say give the update a shot. You have nothing to lose and you can always turn it off later.
If you still can't find it, get it, or otherwise have a problem, just reply and I'll be more than glad to help.
I am a sw engineer, the original author of Computer Associates CA-Unicenter Security, and not affiliated with Cisco other than I have several of these routers.
Hi every one!!!When you are configuring a remote VPN connection, there
are some steps that are lost on the path. Here you can see those steps.
A) In your Cisco device: 1. Ensure you don´t have any rule denying the
traffic between the device and the remote...
** Update **These and a number of other issues have been addressed in
SRP520 MR3. Please see https://supportforums.cisco.com/docs/DOC-13853
for details on how to access this code.There have been a number of
reports of the SRP500 becoming unresponsive afte...
STANDARDSOURCECOMMENTSEthernet RJ-45 connector pin number12345678IEEE
802.3afusing data pairsRXDC+RXDC+TXDC-sparespareTXDC-sparespareIndustry
Standard for Embedded POE(used by Cisco Catalyst Switches)IEEE
802.3afusing spare pairs RXRXTXDC+DC+TXDC-DC-Indus...