Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1475
Views
0
Helpful
5
Replies

RV320 massive SYN Flooding attacks?

martinmpet
Level 1
Level 1

‎10-09-2013 12:58 PM

Hi

I have purchased a RV320 small business router for my home office, but i am experiencing massive SYN Flooding attacks when clients connect to my ftp and when rsync backup is performed.

My equipment consists of

Cisco RV320 Router running v1.1.0.09 (2013-07-04, 13:28:17) FW
Synology DS212 Nas

Setup
Cisco RV320 Router with static IP 192.168.1.1
WAN1 is used and configured with an static WAN IP

DHCP Range from 192.168.1.100 to 149

Port Range Forwarding Table

FTP[TCP/21~21] to IP 192.168.1.2

FTP Range[TCP/55536~55543] to IP 192.168.1.2

Rsync UDP[UDP/873~873] to IP 192.168.1.2

Synology DS212 Nas with static IP 192.168.1.2

Each time a user connects to my ftp server, I get a lot of these errors.
This is just a small sample of the log

[HACK] SynFlooding Attack

IN=eth1 OUT=eth0 SRC=xx.xxx.xx.xxx DST=192.168.1.2 DMAC=e0:2f:6d:75:34:d9 SMAC=00:13:72:52:16:5c LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=16112 DF PROTO=TCP SPT=45496 DPT=21 WINDOW=8192 RES=0x00 SYN URGP=0


The same happens when an rsync backup is running on my DS212

2013-10-05, 12:11:15

[HACK] SynFlooding Attack

IN=eth1 OUT=eth0 SRC=xx.xxx.xxx.xx DST=192.168.1.2 DMAC=e0:2f:6d:75:34:d9 SMAC=00:13:72:52:16:5c LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=42649 DF PROTO=TCP SPT=36846 DPT=873 WINDOW=5840 RES=0x00 SYN URGP=0

If more information is needed please let me know

Any ideas why this happens?

Thanks
Martin

Labels:
0 Helpful
5 Replies 5

Marc Nagao
Cisco Employee
Cisco Employee

‎10-11-2013 01:19 PM

Martin,

If you haven't already, please contact support so we can take a look.

Appreciate it sir.

Marc

0 Helpful

martinmpet
Level 1
Level 1
In response to Marc Nagao

‎10-13-2013 11:45 AM

Hi Marc

I will do, thanks

0 Helpful

martinmpet
Level 1
Level 1

‎10-16-2013 01:29 PM

Maybe a stupid question, how do I create a support ticket?

If I click on the link "contact us" then I chose


Open a Technical Support Request here

But it require the following as you can read

Your login ID is not set up to access the TAC Service Request Tool (TSRT).

To obtain access, add all of your Cisco service contract numbers to your profile by going to the

Cisco Profile Manager - Request to Insert Contracts

. If you are a Cisco Partner or a customer with a Service Access Management Administrator, please contact that resource to obtain access to your service contracts.  You may use the

Service Access Management Tool

to find your Service Access Management Administrator.

Unsure of your contract number? Your

Cisco Partner

, Reseller or Cisco Services representative can help provide a complete list of your service contracts.

The TAC Service Request Tool (TSRT) is designed to support contract-entitled services only at this time. For urgent issues or warranty service please contact the

Cisco Technical Assistance Center

via telephone.

See

Cisco Global Technical Services Quick Start Guide for additional assistance. Your login ID is not set up to access the TAC Service Request Tool (TSRT).

To obtain access, add all of your Cisco service contract numbers to your profile by going to the Cisco Profile Manager - Request to Insert Contracts. If you are a Cisco Partner or a customer with a Service Access Management Administrator, please contact that resource to obtain access to your service contracts.  You may use the Service Access Management Tool to find your Service Access Management Administrator.

Unsure of your contract number? Your Cisco Partner, Reseller or Cisco Services representative can help provide a complete list of your service contracts.

The TAC Service Request Tool (TSRT) is designed to support contract-entitled services only at this time. For urgent issues or warranty service please contact the Cisco Technical Assistance Center via telephone.

See Cisco Global Technical Services Quick Start Guide for additional assistance.

0 Helpful

cindy toy
Level 7
Level 7
In response to martinmpet

‎10-17-2013 07:31 AM

Hi Martin,

Since you are within warranty, the best way to open a case is to call the Small Business Support Center and speak with an engineer.  They will help you open a case.  The phone numbers in your area are located here: https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Regards,
Cindy Toy
Cisco Small Business Community Manager
for Cisco Small Business Products
www.cisco.com/go/smallbizsupport
twitter: CiscoSBsupport

Regards, Cindy If my response answered your question, please mark the response as answered. Thank you!
0 Helpful

Michiel Beenen
Level 3
Level 3

‎10-17-2013 06:00 AM

Best advice on this, disable SPI Firewall and DDOS prvention and this will be fixed.

In fact i also notice the router is a bit faster with those both disabled.

0 Helpful
Customers Also Viewed These Support Documents