Should I enable ASUS DoS Protection

[Col8eral]

I notice in my Asus RT-AC88U under Firewall>General there is an option to enable DoS protection. The default is sett o "No". Is there any reason I shouldn't enable this feature?

Many thanks

 

[degrub]

are you running a server that talks across the internet ( ie through the router to the WAN ) ?
If not, don't bother.
If you are, are you a likely target ?
if not, don't bother.
If you are, why are you messing with consumer equipment ?
You can turn it on if you like. it likely won't matter.

 

[Col8eral]

Hi and thanks for the response. I dont use a server, so perhaps I'll leave it switched off.

 

[System Error Message]

Hi and thanks for the response. I dont use a server, so perhaps I'll leave it switched off.

unlike what the guy above said, DoS protection is for both the router and devices behind it. Enable it regardless of whether or not you run a server. Disable it if you are stress testing the router to see if it survives a lot of load.

 

[RMerlin]

DOS protection will throttle certain types of packets such as SYN to 1 per second max.

 

[Netbug]

I have always had it enabled and it's never been an issue for me, i don't see why you wouldn't enable it, i mean it says it will increase routers workload but i have never noticed a difference on both rt-ac68u and rt-ac86u so i keep it enabled, anything that offers any kind of extra protection, as long as it doesn't make doing things that should be easy, very difficult or impossible then i generally i am all for it and that does not apply in this case, enable it and forget about it

 

[Col8eral]

I have enabled it. It hasn't increased any load on the router. I'll just leave I enabled and forget about it.

 

[Thermaltake]

I kind of noticed a little more load on CPU when it's enabled, but nothing major or to be concern.

 

[badtoast]

Hi, I recently purchased my own domain and am using Cloudflare as my DNS nameserver in order to take advantage of IP proxying, DDoS protection, and other services they offer. I am hosting various applications on my Synology NAS for external access and most work great. However, I found that the Synology DSM page in particular was loading extremely slow, sometimes it would not load at all. I tried a lot of different things from modifying Cloudflare options, to changing Synology security settings, tweaking nginx proxy manager...to no avail. The only thing I have found that has worked is disabling the Asus DoS protection.

My question is, if I am going to leave the Asus DoS protection disabled, is there any other alternatives or additional DoS protection I should or could use? Or is the protection offered by Cloudflare and the Synology enough?

On the router front, I have AiProtection on and I have Adamm00's Skynet firewall installed/enabled as well. Any insights or suggestions appreciated!

 

[Deepcuts]

DoS protection on consumer grade routers coupled with usualy slow internet access is just marketing.
Sort of like security in airports. There just to make you feel safer, but in reality does jack squat on top of large queues and unnecessary frisks.

 

[follower]

DoS protection on consumer grade routers coupled with usualy slow internet access is just marketing.
Sort of like security in airports. There just to make you feel safer, but in reality does jack squat on top of large queues and unnecessary frisks.

Not only DoS Protection but also all of security features on consumer grade routers. AiProtection? Kidding me? It's just Placebo effect. But a lot of users still believe that those features can protect them.

 

[Clark Griswald]

Casa Griswald uses DoS and AiProtrection (see sig).

 

[sfx2000]

DOS protection will throttle certain types of packets such as SYN to 1 per second max.

Should add -- DOS protection applies to inbound packets from the WAN side.

No impact, and it's a good thing to enable in any case...

 

[majika]

IMHO OFC you should enable it.. Regardless of public facing WAN services running or otherwise. Hackers will still be scanning & looking for weakness even if they are simply probing.

It does exactly what it say's on the tin... it stops/slows down attacks. AiProtect also does a fine job, 2-way IDP in particular has protected me from multiple hacking attempts. "SSH Bruteforce" & "Remote code executions attempts" to name but a few..
Is it as powerful as Snort? nope, BUT IMHO I would rather have some protection rather than no protection..

Also, its really helpful to protect against drive-by download webpages too.. Plus, the captured logs attacks protected against are tracked with timestamps AND by ATTACKER_SRC_IP Very useful. Its faster for me to check my AiProtect stats page in the router UI than to wither crawl through 1000 lines of syslog events..

Lastly, if like me you actually check / monitor syslog or have Asus pipe out its syslog events to another server, like I have setup Syslog Server running on my NAS and notice all those SYN/UDP "Denied" entries that is IDP in effect. Plus using this method you can setup alerts for kernel/debug/error/alarm or warnings etc.. Very informative and helps protect my network.

It rate limits attackers active scans of your network. its why you see ip addresses from scanners spaced out to try and avoid detection.

As for the "enabled verses disabled debate due to increased resource usage" I find that running AiProtect and DDoS protection, When enabled its well within nominal bounds. IDK specifically if all computational needs get off loaded to cpu stack or if it is done in RAM or not? all I know is that consumer grade or not it works very well.. It provides a good coverage against basic script kiddies and offers a great baseline which at the very least protect from older CVE vulnerabilities. I'm currently using this as a second line defence in my homelab.. is a no brainer, definitely not a placebo.. I say this as I do not rely on it 100% its part of the mix I use... underneath CF Tunnels and policy based routing etc etc.

 

[KMcCMedia]

are you running a server that talks across the internet ( ie through the router to the WAN ) ?
If not, don't bother.
If you are, are you a likely target ?
if not, don't bother.
If you are, why are you messing with consumer equipment ?
You can turn it on if you like. it likely won't matter.

I am running Plex server. It is just for me and a few friends. Also using OVPN for remote access to my files at home, because I'm too cheap to spend a lot of money on big Dropbox or another cloud storage service. Using consumer products, because this is still a home and not an enterprise.... So,,,, now, what do you think? DOS protection? ASUS routers definitely clog up when more services are enabled...

 

[jerry6]

never used it not going to start using it now