DDOS protection on ASUSWRT-Merlin

[pirx73]

Hello colleges.

Have been wondering what exactly DDoS Protection setting does in case of my router - RT-AC68U.
I understand what is DDoS and basic means of prevention but my question is - how it works in my router?
Tooltip only warns that router load will increase (obviously) but it does not gives any information what actions router will perform if DDoS Protection is enabled.
Maybe someone here knows? At least in broad sense? Is it worth enabling?

 

[Make WiFi Great Again]

I dont know but whenever i have tried to enable it i got massive slowdowns in web browsing and transfer of files between computers, printing etc...

 

[ColinTaylor]

It activates rules in the firewall that rate limits certain types (SYN, RST, ICMP) of incoming traffic. See the iptables SECURITY chain.


P.S. Can you please remove the "Release" prefix from your thread title as you are not announcing a new release of something. Thanks.

 

[pirx73]

Done. Sorry about that tag. I did not looked into iptables because i assumed it is something more sophisticated and connected to TrendMicro engine thus closed source.

 

[Unisoft]

I dont know but whenever i have tried to enable it i got massive slowdowns in web browsing and transfer of files between computers, printing etc...

I didn't on the AC86U and AX86U I have now with it enabled. Must be a processor/memory capability thing as obviously faster in these models.

 

[QasusAnon]

It activates rules in the firewall that rate limits certain types (SYN, RST, ICMP) of incoming traffic. See the iptables SECURITY chain.

Asus explains DoS protection at How does DoS protection work? | Official Support | ASUS Global.

It doesn't say if it's a good thing/bad thing (just a feature) and is not enabled by default. In times past I have enabled it, thinking "why not?".

Though recently reading some of @L&LD's recommendations I see that he recommends disabling it. So recently I did.

Ultimately does it matter? And if so when would it matter?

 

[eibgrad]

IMO, you're better off to NOT enable it. And if you find yourself under attack, contact your ISP. He is *much* better equipped to manage it than your lowly router. In fact, he may already be protecting you! He has just as much reason to prevent it as you.

 

[QasusAnon]

IMO, you're better off to NOT enable it. And if you find yourself under attack, contact your ISP. He is *much* better equipped to manage it than your lowly router. In fact, he may already be protecting you! He has just a much reason to prevent it as you.

I vaguely remember someone in times past making that argument about NOT having your consumer router try and handle such attacks. That answer makes sense to me!