Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1295
Views
0
Helpful
2
Replies

RV345 Continues to display BCAP errors in webfilter after SYN-FLOOD attack

MichaelNeumann6393
Level 1
Level 1

‎02-24-2021 01:36 PM

I posted this originally as a reply: here

 

RV345 VPN Router having firmware version 1.0.03.20 and signature version 2.0.0.0015 and also have an active security license having the same issues described. Here is a breakdown including dates of my logs starting with the oldest first.

 

5 Lines worth of -> 2021-01-11T06:25:54-08:00 <warning>kernel: [5776214.983379] FIREWALL SYN-FLOOD:IN=eth2 OUT

 

34 LInes of webfilter messages

 

10 Lines worth of -> 2021-01-18T12:47:30-08:00 <error>Webfilter: BCAP server error (704): Invalid major or minor version

5 Lines worth of -> 2021-01-19T05:23:23-08:00 <warning>kernel: [6463664.482667] FIREWALL SYN-FLOOD

 

Then 1150 lines worth of BCAP server errors and 38 lines of other messages.

------------------------------------------------------------------------------------------------------

     After contacting TAC support, only thing confirmed is that we were attacked  and according to TAC support the last layer of defense held for both attacks. Nothing regarding what to do about the on-going errors, and as we are a SMB I still had to address ownership's need of seeing CAM feeds from the DVR from offsite and securing our network. I have filled out the online form for umbrella, emailed Scott Hume (Spiceworks member), and spoke with a TAC support manager regarding getting a quote for umbrella and have heard nothing. So, contacted our ISP about this and the solution they suggested is adding another gateway (modem) that does not have a static IP. This was completed yesterday, where the static IP handles the CAM feeds and the additional modem is DHCP handling everything else.

 

Additional steps taken:

  • I have upgraded to signature version 2.0.0.0016
  • followed that up with re-uploading firmware version 1.0.03.20
  • logged into router -> accessed the smart licensing manager to refresh license state successfully

Since both registration and license authorization had same date and time, I thought I would check the logs

 

Well, starting from an empty log: here is what was listed

2021-02-24T12:41:08-08:00 <error>smart_agent: SA-ERROR: Recover OOC entry time and grace expiration time in TS failed.
2021-02-24T12:40:09-08:00 <error>Webfilter: BCAP server error (704): Invalid major or minor version
2021-02-24T12:39:46-08:00 <warning>Webfilter: cloud_calbk URL request processing done. Yet to finish 0 requests in current batch.
2021-02-24T12:39:46-08:00 <warning>Webfilter: WF_ALLOW: Cloud lookup req for url 'ocsp.quovadisoffshore.com' failed
2021-02-24T12:39:46-08:00 <error>Webfilter: Cannot read HTTP header
2021-02-24T12:34:10-08:00 <error>Webfilter: BCAP server error (704): Invalid major or minor version
2021-02-24T12:34:10-08:00 <error>Webfilter: Last message 'BCAP server error (7' repeated 1 times, supressed by syslog-ng on router0DF68A
2021-02-24T12:28:09-08:00 <error>Webfilter: BCAP server error (704): Invalid major or minor version
2021-02-24T12:22:09-08:00 <error>Webfilter: BCAP server error (704): Invalid major or minor version
2021-02-24T12:16:27-08:00 <error>Webfilter: BCAP server error (704): Invalid major or minor version
2021-02-24T12:15:53-08:00 <notice>system: device booted with active firmware version: 1.0.03.20
2021-02-24T12:15:52-08:00 <notice>system: argument:all
2021-02-24T12:15:52-08:00 <notice>system: ##Checking lanwancheck work around Here
2021-02-24T12:15:14-08:00 <notice>VPN-passthrough: IPSEC-Passthrough: Disabled PPTP-Passthrough: Disabled L2TP-Passthrough: Disabled
2021-02-24T12:15:10-08:00 <warning>Webfilter: WF POLICY modified: name 1stPolicy bEnable 1 bWebreputation 1, ipgrp NONE,sched NONE
2021-02-24T12:15:10-08:00 <notice>Webfilter: WF POLICY added: name 1stPolicy, bEnable 1 bWebreputation 1 etc..
2021-02-24T12:15:10-08:00 <warning>Webfilter: WF POLICY modified: name SolarWinds bEnable 1 bWebreputation 0, ipgrp NONE,sched NONE
2021-02-24T12:15:10-08:00 <notice>Webfilter: WF POLICY added: name SolarWinds, bEnable 1 bWebreputation 0 etc..
2021-02-24T12:15:10-08:00 <notice>Webfilter: Webfilter enabled
2021-02-24T12:15:09-08:00 <alert>Webfilter: Webfilter application damonized successfully !!!!
2021-02-24T12:15:09-08:00 <alert>Webfilter: Webfilter application damonizing !!!
2021-02-24T12:15:09-08:00 <error>Webfilter: Calling poller creation .
2021-02-24T12:14:56-08:00 <error>smart_agent: SA-ERROR: Recover OOC entry time and grace expiration time in TS failed.
2021-02-24T12:14:44-08:00 <warning>kernel: [ 174.140678] fp_netfilter_pre_routing: 119 callbacks suppressed
2021-02-24T12:14:39-08:00 <notice>system: argument:
2021-02-24T12:14:37-08:00 <warning>kernel: [ 167.442047] fp_netfilter_pre_routing: 106 callbacks suppressed
2021-02-24T12:14:36-08:00 <notice>system: #Checking lanwancheck work around Here
2021-02-24T12:14:34-08:00 <critical>xl2tpd: setsockopt recvref[30]: Protocol not available
2021-02-24T12:14:25-08:00 <notice>mwan3: Primary/Next Primary interface wan1, is UP
2021-02-24T12:14:12-08:00 <alert>system: domain name= and hostname=router0DF68A configured
2021-02-24T12:13:51-08:00 <notice>netifd: Interface 'wan1' has link connectivity
2021-02-24T12:13:50-08:00 <notice>netifd: Interface 'wan2' has link connectivity loss
2021-02-24T12:13:48-08:00 <notice>netifd: Interface 'wan1' has link connectivity loss
2021-02-24T12:13:48-08:00 <notice>netifd: Interface 'wan2' has link connectivity
2021-02-24T12:13:48-08:00 <notice>netifd: Interface 'wan1' has link connectivity

Still no change in BCAP error status and unless there are additional reports, there will not be any escalation or resolution for this issue. Will it be possible to even consider going with umbrella given the issues described here? and can I get contacted from sales with an engineer to get a quote for the additional features we need to achieve NIST SP 800-171 compliance?

 

Based on what I have seen so far, I probably need to consider other alternatives and will be surprised if anything occurs to move forwards to continue to use CISCO hardware for our networking needs.

 

Any advice or suggestions will be appreciated and thanks for any time and effort spent on this discussion

Best Regards, Michael Neumann from J&K Manufacturing, Inc.

 

If @1st you don't succeed, then try something else and remember the best design is the simplest one that works.
8 people had this problem
Labels:
Preview file
5 KB
0 Helpful
2 Replies 2

Jean-Claude Lefebvre Jr
Level 1
Level 1

‎03-24-2021 12:10 PM

I have the very same issue.

 

This Router has been a source of headaches ever since day 0.

0 Helpful

masc1
Level 1
Level 1
In response to Jean-Claude Lefebvre Jr

‎03-31-2021 02:37 AM - edited ‎03-31-2021 02:37 AM

I have the same issue... Please cisco tell us how to avoid this.

 

Thank you

0 Helpful
Customers Also Viewed These Support Documents