Menu
What's new
By:
Filters Better Search

DoS Protection from Asus Firewall - on or off?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Jack Yaz

Jack Yaz

Part of the Furniture
Just wondering if there's any point this being on, since I imagine any serious DDOS will drop the CPU like a bad habit anyway.
 
I read merlin saying it slows down the cpu with extra rules, and load but that's confusing since net gear has theirs on by default and it was still fast.
So I'm not entirely sure how it could hurt, id say test it.
 
Last edited:
From the man himself RMerlin
"Enabling the DoS protection will add firewall rules that will limit connection attempts (from a port scanner for example) and ICMP PINGs to a maximum of 1 per second. This will add some extra processing on the router as it will need to track the rate of each incoming connection, so it can degrade throughput performance under higher loads.

The default is "Disabled", and this is usually fine that way for a home router. If someone was attempting to truly DoS you, chances are your connection would still be flooded to the point of being unusable, so this setting is of limited usefulness. Someone pointing a few dozens of gigabits of flood at you through a DDoS will take you offline no matter what protection your router has."
https://www.snbforums.com/threads/rt-n66u-noob-questions.8122/
 
Vexira said:
From the man himself RMerlin
"Enabling the DoS protection will add firewall rules that will limit connection attempts (from a port scanner for example) and ICMP PINGs to a maximum of 1 per second. This will add some extra processing on the router as it will need to track the rate of each incoming connection, so it can degrade throughput performance under higher loads.

The default is "Disabled", and this is usually fine that way for a home router. If someone was attempting to truly DoS you, chances are your connection would still be flooded to the point of being unusable, so this setting is of limited usefulness. Someone pointing a few dozens of gigabits of flood at you through a DDoS will take you offline no matter what protection your router has."
https://www.snbforums.com/threads/rt-n66u-noob-questions.8122/
Click to expand...
Thanks, I've now set to disabled.
 
no problem, though if it is the case, I'm not sure why netgear has their enabled by default.
 
The performance impact is probably not even measurable with modern router's CPUs.
 
So it's fine to enable on the 88u?
 
netware5 said:
@RMerlin, does RT-N66U CPU fall into the "modern router's CPUs"?
Click to expand...
im going to specualte hes refering to the arm cpus not the mips, keep in mind i coud be wrong, my basis is that arm platform router cpus are running the trend micro software where as mips cant.
 
netware5 said:
@RMerlin, does RT-N66U CPU fall into the "modern router's CPUs"?
Click to expand...

Yes. The mentioned impact is more for pre-wifi days, where we had 200 MHz CPUs handling our traffic. Unless of course you run a very busy 1 Gbps link, in which case it might perhaps be measurable. I doubt anyone ever measured the latency introduced by a single iptables rule, so I'm just going by gut feeling here.
 
i stand corrected, so in that case a router like the gt 5300 should basically have the smallest amout of cpu interrupt with dos protection enabled?
 
Vexira said:
i stand corrected, so in that case a router like the gt 5300 should basically have the smallest amout of cpu interrupt with dos protection enabled?
Click to expand...

Yes, unless you're having that very busy 1 Gbps link hooked to it (and by busy, I mean with lots of new connections, since DoS rules should only be processed on new connections).
 
Jack Yaz said:
Just wondering if there's any point this being on, since I imagine any serious DDOS will drop the CPU like a bad habit anyway.
Click to expand...
Using it will give you stutters in games like CS:GO.
I've tried it, it's only "good" if you're not gaming or streaming on a low bandwidth.
 
Boggy said:
Using it will give you stutters in games like CS:GO.
I've tried it, it's only "good" if you're not gaming or streaming on a low bandwidth.
Click to expand...
That's odd to me Netgear has Thiers on and when I had Thier router it was perfectly fine oddthey must have some sort of black box code to get that working smoothly.
 
You must log in or register to reply here.

Similar threads

Q
[Feature Request] Schedule DoS Protection state and/or whitelist option
Replies
5
Views
582
ColinTaylor
C
B
Firewall lan - vpn?
Replies
0
Views
509
blast
B
C
RT-AX86U 3004.388.8_2 . pet feeder app cannot connect to wifi why?
Replies
6
Views
480
Aiadi
A
K
Asus router as adblock/firewall server (but not acting as a router) between modem and mesh routers
Replies
7
Views
387
Tech9
Tech9
Skyview
RT-BE88U WiFi After Power Cycle
Replies
4
Views
318
WTOram
W
Similar threads
Thread starter Title Forum Replies Date
Q [Feature Request] Schedule DoS Protection state and/or whitelist option Asuswrt-Merlin 5
Z Asus AX88u slow on 2.4ghz wifi on certain devices Asuswrt-Merlin 9
A Wireguard server on Asus AX58U Asuswrt-Merlin 2
PR3MIUM WireGuard removing OpenVPN on ASUS Routers ? Asuswrt-Merlin 2
A Asus 58U same ssl cert on Chrome iOS Asuswrt-Merlin 0
A Asus RT AX58U - security link Asuswrt-Merlin 0
A Duckdns on Asus merlin router Asuswrt-Merlin 1
P Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware Asuswrt-Merlin 9
M 802.1q VLAN tagging menu missing for WAN interface (Asus RT-AX86U Pro) Asuswrt-Merlin 4
N WiFi issues with latest version 388.8_2 on ASUS RT-AX88U Asuswrt-Merlin 7

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 796 (members: 23, guests: 773)
Top