Webswitch 1216H Support in English > Configuration, Webswitch 1216H

RC-1216H Webpage connection

<< < (2/5) > >>

Check that the router has the latest firmware if it has Try to change the router, There are lot of bad routers out there, specially those which are comming from the ISP with the subscription, I doub't we can do anything just for your setup as it's OK in the rest of the world.

73 de mike

Jan (Microbit):

I am still not convinced that this is a problem concerning the web servers of RC-1216H/1216H. The IP stack used is a well known stack which has worked well in almost every  case, so I do not think there are latency problems etc in it.

As for the Javascript timeouts the change I made was so that a new request is newer issued until the previous has got a reply. Doing so I figured that it would better adopt to slow responses.

What is strange is that your ADSL modems "chokes" by those periodically HTTP requests. It seems to me like Mike said that the router/modem isn't able to release its resources fast enough and so gets filled up by "lingering" requests.


Finally I've found the problem!
The SteppIR webpage tries to send continuously some Ethernet packets to the remote webserver of the RC-1216H.
For some reasons the sending source port will be incremented for every packet.
Modern routers have a port scanning blocker (so called DoS protection). Unfortunately my remote router misinterprets the continuous flow of incrementing source port IP-packets as a DoS attack and blocked the traffic after a certain time. I had to disable the DoS protection of my remote router.
I couldn't use the SteppIR remote rig if If I hadn't analyzed the problem by myself with Wireshark. Unfortunately I cannot find any words about disabling DoS or similar statement in any user manual.

Kind regards

Jan (Microbit):
Still I find it strange that it reacts to increasing source ports, not destination ports as the browser sends the AJAX requests to the same port, unlike something which does a real port scan.

Hi Jan

The reaction of my router makes absolutely sense to me.
As described in several documents concerning the DoS attack the TCP and UDP based packet flooding attack tools sometimes alter source and/or destination port numbers to make reacting with packet filtering by service more difficult [e.g. "Trends in Denial of Service Attack Technology"].

At my point of view nowadays state of the art routers have to block increasing source port numbers unless this function is disabled. My new router has the option to disable the DoS firewall. Maybe a short statement in the RC-1216 user manual would make sense to point that out.



[0] Message Index

[#] Next page

[*] Previous page

Go to full version