SENSE vs SYN Flood ??

Aspirant

SENSE vs SYN Flood ??

I'm still trying to figure out why my internet connection is either extremely slow or not working at all while SENSE is protecting my devices. I checked the router firewall log, and looks like this, what is my SENSE router (192.168.0.4) doing?

Firewall Log
 
Description Count Last Occurence    Target                          Source
 
SYN Flood  9   Fri Jul 21 18:55:48 2017    209.10.120.50:443   192.168.0.4:55312 
 
SYN Flood  13   Fri Jul 21 18:57:48 2017    40.114.149.220:443   192.168.0.4:38609 
 
SYN Flood  25   Fri Jul 21 19:04:58 2017    207.46.194.33:443   192.168.0.4:47526 
 
SYN Flood  39   Fri Jul 21 19:19:22 2017    216.58.211.142:80   192.168.0.4:48477 
 
SYN Flood  147   Fri Jul 21 19:38:20 2017    40.114.149.220:443   192.168.0.4:41081 
 
SYN Flood  163   Fri Jul 21 19:59:03 2017    34.249.153.67:8886   192.168.0.4:52101 
 
SYN Flood  108   Fri Jul 21 20:12:32 2017    216.58.211.131:443   192.168.0.4:36054 
 
SYN Flood  116   Fri Jul 21 20:31:10 2017    216.58.211.138:443   192.168.0.4:60576 
 
SYN Flood  1   Fri Jul 21 22:22:10 2017    193.110.109.216:80   192.168.0.4:43832 
 
SYN Flood  41   Fri Jul 21 22:30:38 2017    54.221.141.103:80   192.168.0.4:59130 
 
SYN Flood  1   Fri Jul 21 22:33:52 2017    185.33.223.215:80   192.168.0.4:59324 
 
SYN Flood  11   Fri Jul 21 22:35:11 2017    192.229.163.249:80   192.168.0.4:59521 
 
SYN Flood  17   Fri Jul 21 22:40:03 2017    93.184.216.34:80     192.168.0.4:58361 
 
SYN Flood  28   Fri Jul 21 22:42:56 2017    216.58.211.142:443   192.168.0.4:58505
1 ACCEPTED SOLUTION

Accepted Solutions
Aspirant

Re: SENSE vs SYN Flood ??

After removing all AVG maintenance tools & Norton Security from alla machines, all works fine. Oh, and removed firewall also from Cisco Cable Modem

View solution in original post

8 REPLIES 8
Superuser

Re: SENSE vs SYN Flood ??

Hello,

 

Sorry for my reply.

Because there maybe indeed something as trouble based on SENSE-router.

 

But .... also based on Google Search -> some of provided IPs ((at least, two of first ones)) related with AVG (?!); Does there possible that Firewall (by AVG) or their another software installed under your devices.

Or with another layer of network - there can be any security features as DDOS-protection or so?

 

If some of this "technologies" detected SENSE connection (check URL/website ratings/analyzing) as something suspicious - maybe they block it/ban it (for some time)?


Thanks.

Aspirant

Re: SENSE vs SYN Flood ??

AVG PC  TuneUp is the only product from AVG that is installed in few machines, and it does not have a firewall function in it. Instead, Norton Security is still in every machine, could that be the reason...?

FormerMember
Not applicable

Re: SENSE vs SYN Flood ??

Well wasn't one of the reasons for buying sense that you get the app for every device.

Also you could now just sell the remaining norton protection to someone, so it doesn't go to waste.

Also remove the avg products for a test to see if it helps with the problem.

Aspirant

Re: SENSE vs SYN Flood ??

Well, basically yes, but will not sell Norton license before I see that SENSE works... I will remove AVG PC TuneUp today from all machines, and disable Norton, to see if they have something to do with problems

Superuser

Re: SENSE vs SYN Flood ??


@Rider wrote:

AVG PC  TuneUp is the only product from AVG that is installed in few machines, and it does not have a firewall function in it. Instead, Norton Security is still in every machine, could that be the reason...?


Just as clarification -> I'm also only F-Secure user and this is only my own suggestions; Good if there will be normal and proper official response from F-Secure SENSE team (who definitely know how it works and about potential troubles);

 

Maybe - as it was suggested - you able to re-check with temporary "disable"-status (or so) for Norton Security (or potentially related features);

But....

Based on your another topic: https://community.f-secure.com/t5/F-Secure-SENSE/SENSE-whines-about-no-connection/td-p/96330

 

Where you noted "Cisco cable modem (EPC3825 Eurodocsis 3.0 / Sonera)" - I able to think that you able to re-check this point too;

Based on brief Google Search --> it possible that this certain unit can be as modem/router (?!) and with certain features (which can be activated or not) like DDOS protection and other 'firewall'-rules;

 

Also not clear - your information about "SYN Flood" under logs - comes from ?!?!;

I think that "this one who marked it as "SYN Flood" situation" -> most likely able to prevent "src" (SENSE Router - as I able to understand) to do this; And block/ban temporary or globally; More looks as "false positive" about SENSE design activities;

 

Thanks.

Aspirant

Re: SENSE vs SYN Flood ??

After removing all AVG maintenance tools & Norton Security from alla machines, all works fine. Oh, and removed firewall also from Cisco Cable Modem

View solution in original post

FormerMember
Not applicable

Re: SENSE vs SYN Flood ??

If you can and if you already haven't, you should also but cisco cable modem/cable modem's port in bridge mode so it doesn't interfere with sense at all.

Aspirant

Re: SENSE vs SYN Flood ??

Cisco's cable modem does not support bridge mode...