Solved: Cisco WRVS4400N - Intermittent freezing

Slopezorg · ‎10-08-2012

HI!

I have looked through the forum for answers to my problem, but does not look like I'll find it.

The problem:

Router randomly freezes.

When this happens:

- No IP/DNS

- No response to ping

- No contact at all (wifi or cable)

Works fine after reboot for some time.

General information:

Firmware Version:

V2.0.2.1-ETSI

Local log after reboot:

Oct 8 12:53:40 - ipsec0: no IPv6 routers present

Oct 8 12:53:43 - device br0 left promiscuous mode

Oct 8 12:53:43 - device eth1 left promiscuous mode

Oct 8 12:53:50 - [VPN Log]: shutting down

Oct 8 12:53:50 - IPSEC EVENT: KLIPS device ipsec0 shut down.

Oct 8 12:53:52 - [VPN Log]: Starting Pluto (Openswan Version cvs2006Jan12_11:29:56 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE@ECqImzhFD)

Oct 8 12:53:52 - [VPN Log]: @(#) built on May 10 2011:17:24:48:

Oct 8 12:53:52 - [VPN Log]: Setting NAT-Traversal port-4500 floating to on

Oct 8 12:53:52 - [VPN Log]: port floating activation criteria nat_t=1/port_fload=1

Oct 8 12:53:52 - [VPN Log]: including NAT-Traversal patch (Version 0.6c)

Oct 8 12:53:53 - [VPN Log]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)

Oct 8 12:53:53 - [VPN Log]: starting up 1 cryptographic helpers

Oct 8 12:53:53 - [VPN Log]: started helper pid=960 (fd:5)

Oct 8 12:53:53 - device eth1 entered promiscuous mode

Oct 8 12:53:53 - device br0 entered promiscuous mode

Oct 8 12:53:53 - [VPN Log]: Using KLIPS IPsec interface code on 2.4.27-star

Oct 8 12:53:53 - [VPN Log]: Changing to directory '/etc/ipsec.d/cacerts'

Oct 8 12:53:53 - [VPN Log]: Changing to directory '/etc/ipsec.d/aacerts'

Oct 8 12:53:53 - [VPN Log]: Changing to directory '/etc/ipsec.d/ocspcerts'

Oct 8 12:53:53 - [VPN Log]: Changing to directory '/etc/ipsec.d/crls'

Oct 8 12:53:53 - [VPN Log]: Warning: empty directory

Oct 8 12:54:01 - ipsec0: no IPv6 routers present

Oct 8 13:22:03 - hit KRIS_DDOS_TYPE=18

Oct 8 13:22:06 - hit KRIS_DDOS_TYPE=18

Oct 8 13:29:18 - hit KRIS_DDOS_TYPE=18

Oct 8 13:31:28 - hit KRIS_DDOS_TYPE=18

Oct 8 13:32:03 - hit KRIS_DDOS_TYPE=18

Oct 8 13:36:26 - hit KRIS_DDOS_TYPE=18

Oct 8 13:43:24 - hit KRIS_DDOS_TYPE=18

Oct 8 13:43:38 - hit KRIS_DDOS_TYPE=18

Oct 8 13:44:08 - hit KRIS_DDOS_TYPE=18

Oct 8 13:44:16 - hit KRIS_DDOS_TYPE=18

Oct 8 13:44:19 - hit KRIS_DDOS_TYPE=18

Oct 8 13:44:35 - hit KRIS_DDOS_TYPE=18

Oct 8 13:45:24 - hit KRIS_DDOS_TYPE=18

Oct 8 13:47:04 - hit KRIS_DDOS_TYPE=18

Oct 8 13:47:39 - hit KRIS_DDOS_TYPE=18

Oct 8 13:49:50 - hit KRIS_DDOS_TYPE=18

What is "hit KRIS_DDOS_TYPE=18" ?

Have seen alot of post asking about it, but nobody got an reply.

Does this have anything to do with the intermittent freezing?

Any more information needed to find solution to the problem, just ask.

Tom Watts · ‎10-08-2012

Hi Steven, DDOS is Distributed Denial of Service. It is an attack flag. It is most likely a false alarm. But, if this is the root cause of your router locking up, it is most likely the IDP engine failed or the KRIS has locked up.

The root cause is probably impossible to tell you. A few things you can try and also check

Disable the IPS and monitor for the logging and behavior
Disable the router firewall and monitor for the logging and behavior

Some possible causes may be

Condensation within your lines (coax cable, ISP wiring) or damaged ISP wiring (broken cable, poor strength)
Swap local LAN cat cables
A lot of UDP flood from within the LAN (this may hit DDOS counter on IPS or firewall)
You may have a modem/router combo device (from the ISP) that doesn't present packets well

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

Tom Watts · ‎10-08-2012

Hi Steven, DDOS is Distributed Denial of Service. It is an attack flag. It is most likely a false alarm. But, if this is the root cause of your router locking up, it is most likely the IDP engine failed or the KRIS has locked up.

The root cause is probably impossible to tell you. A few things you can try and also check

Disable the IPS and monitor for the logging and behavior
Disable the router firewall and monitor for the logging and behavior

Some possible causes may be

Condensation within your lines (coax cable, ISP wiring) or damaged ISP wiring (broken cable, poor strength)
Swap local LAN cat cables
A lot of UDP flood from within the LAN (this may hit DDOS counter on IPS or firewall)
You may have a modem/router combo device (from the ISP) that doesn't present packets well

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Slopezorg · ‎10-08-2012

Hi Thomas!

Have tried deactivation the IPS.

Seems to run just fin right now.

The Kris_DDOS is now gone from the log-file.

I will try the other tips if the problem comes back.

Thanks alot!

The company i bought it from, recommended i just buy new one....