Archer C2300 HW version 2.0: false DDoS attack problems
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hi!
I have some problems lately with the router: suddenly my main workstation computer gets disconnected, other clients on the network are not affected.
Last time this happened was today during a zoom-meeting that had some connection problems, it tried to reconnect. First time it reconnected successfully, the second time I lost Internet connection from this computer.
Logging in to the router from another computer (with full Internet access), I had a look at what was going on. The problem is indicated only in the System log, as a "ICMP-FLOOD Attack", apparently my main workstation was pointed out and the router shut it down from the network.
These problems have occurred more often lately, the only solution seems to be a re-booting of the router which is very inconvenient.
In the firmware verison I'm using now (the latest according to the router: 1.1.1 Build 20200918 rel. 67850(4555)), there are only three on-off swithes in the Advanced-Security-Antivirus section: for "Malicious content filter", "Intrusion prevention system", "Infected device quarantine". The treshold settings described in the C2300 manual for different DDoS attacks are not available in this firmware version, only these three switches.
Moreover, there is no way to see what clients that have been captured in these DDoS-filter, it does not show up in the history in the Anitivirus section - only in the system log as I said above.
In the original firmware version it was easy to lower the sensitivity for DDoS attacks, also easy to pull a client out of the blacklist/quarantine.
What do you suggest as solution to this? Should I wait for a new firmware version or is it possible to revert back to the earlier, "non-TrendMicro" firmware version that the unit was shipped with?
Many thanks!
