Can anyone help with this? we found when client's use our game servers the router ips reports DDOS_TYPE_UDP_FLOOD here some of what we are seeing and some time our own lan ip sometime show's up in the list we host gaming servers and teamspeaks servers
Robert, I'm not an expert in this area, but IPS is detecting these UDP datagrams as an attack. I take it that these hits are from your game customers. If nothing else, it will definitely be a performance hit because your router is busy handling these instead of ignoring them.
You have to determine if it is safe to turn off IPS (do you have back-end firewall security?), and additionally, if you use it, make sure you have the latest version, which I believe is 1.50. Look in the information section under IPS on your router for the version #.
Thank you AJ for the help we turn off ips and everything is working good we are running Signature Version: 1.42 Firmware Version: V188.8.131.52 we are a non profit we supply servers to over 800 kid's through out the world all free services we are new to all this.... how do we update to 1.50 and a link to download it .....
You're welcome, and I think what you are doing for the kids is great.
The 1.50 download is here in Cisco's support area. It is a little hard to navigate to, but once you get there, just download the zip file and extract the 2 files that are in it. Read the readme file and then use the IPS menu on the router to navigate to the file and update the signatures that it describes to block attackers.
If you can't find it, google "RVS4000_WRVS4400N_IPS_Signature_v1.50.zip"
Once you install it, check the log to see if it is still triggering against these (it probably will because there are so many simultaneous UDP packets from different IPs.). There may be a way in the Firewall portion of the router to enable these UDP connections, but that kindof bypasses the concept of IPS. It is going to be a decision for you to make, whether to keep it enabled or not. If you have a good firewall on your server(s) behind the router, then you can probably disable it, but my feeling is it is best to stop intruders at the front gate, not at the kitchen door. In this case, you don't really know for sure if they are friend or foe when they are at that front gate, so you have to let them in the house, otherwise the IPS "alarm" will keep going off.
For now, I'd say give the update a shot. You have nothing to lose and you can always turn it off later.
If you still can't find it, get it, or otherwise have a problem, just reply and I'll be more than glad to help.
I am a sw engineer, the original author of Computer Associates CA-Unicenter Security, and not affiliated with Cisco other than I have several of these routers.
HI Recently I have perched 10 Cisco SG350 28 port gigabit poE switches for my running project . I would like to create my data and voice vlan in the same port where the PC will connect with the phone set.i configured my Dhcp on mikrotik cloud core ro...
Small business owners are willing to try new ways to protect and grow their businesses by innovating, taking risks and pushing boundaries - and technology is a valuable tool to help drive that success.
Learn how Cisco helps small businesses think big and...
This document is attempt to recreate content of original document created by famous @Patrick Born. Cisco has considered to destroy such valuable document for an unknown reason.Cisco SPA series phones and ATAs can use certificate-authenticated HTTPS (SSL) ...
Stay up to date with monthly on-line briefings. Join Customer Connection to register for briefings presented by Cisco product managers who share technical deep-dive product presentations with interactive Q&A.
Catch up on previous new small business p...