SMC7904WBRA-N causes excessive SYN-Floods

[deoshermes]

I used to have an SMC7904WBRA router/ADSL2+ modem and used uTorrent without any problems and could have 10-15 active torrents with the standard 'Bandwith' settings applied in uTorrent. Suddenly about a half a year ago I started experiencing huge SYN floods that interreupted my internet connection, sometimes the router got in some loop of some sort and couldn't even access it over the network by browsing to 192.168.2.1

The only option was to restart the router; this I had to do that often, the on/off button on the router broke so I needed to buy a new router.

This was the slightly newer version SMC7904WBRA-N router/ADSL2+ modem. At first I could run 10-15 torrents in utorrent just like with my prior modem, but soon it started experiencing SYN floods again, and a lot of them. The upside is that this modem could restart itself most of the time so I dont need to turn it on and off again manually every single time.

But now I am really starting to get sick of this behavior. I have tried lowering the number of connections, global, maximum per torrent and upload slots. global download and upload rate both limited to about 80% of my max speeds.

I tried disabling my router firewall, windows firewall, enabling DMZ for the pc I use uTorrent on, and all the things recommended in the "IF YOU HAVE SPEED ISSUES READ HERE FIRST" post.

Even if I set the router firewall settings to low detection criteria, it gets SYN floods, UDP floods and Smurf attacks. I don't think someone is attacking me:

#1 Just last Friday my ISP changed my IP address

#2 if I close uTorrent I get no SYN floods, never

So I think uTorrent is causing these interruptions and I really don't know what to do anymore. I only use uTorrent on my Desktop computer with W7 ultimate 64bit, Intel i7 920, 6GB Kingston DDR3, 640GB WDC Green running AVG and Windows Firewall which allows uTorrent.

I also have two laptops and another desktop, but the problem also occurs when they are powered off. I have a Synology DS207+ NAS that runs 24/7 and I am pretty sure it is not the cause of the problem.

Current settings uTorrent: Bandwith:

Max upload: 80

alternate upload: unchecked

Max download: 800

global max connections: 50

max number connected peers per torrent: 25

upload slots: 4

additional slots: unchecked

Connection:

I disabled UPnP port mapping

disabled NAT-PMP port mapping

disabled randomize port

enabled add Windows Firewall exception

NO Proxy

My ADSL speed: max 20Mbit down (in reality about 10Mbit) and 1Mbit up

ISP: Online B.V. (Netherlands) formerly known as Orange and Wanadoo

In advanced

set bt.connect_speed to 4

set bt.tcp_rate_control to false

set bt.transp_disposition to 5

net.max_halfopen to 50

Using NAT I forward the proper port to my computer with static IP, tests in uTorrent turn out well, port is open and I receive incoming connections. Network status is green. DHT disabled Private trackers also work.

The infamous SMC firewall settings:

connection policy:

Fragmentation half-open wait: 20 secs

TCP SYN wait: 30 secs

TCP FIN wait: 5 secs

TCP connection idle timeout: 3600 secs

UDP session idle timeout: 30 secs

H.323 data channel idle timeout 180 secs

DoS detect criteria:

total incomplete TCP/UDP sessions HIGH: 300 session

total incomplete TCP/UDP sessions LOW: 250 session

incomplete TCP/UDP session per min HIGH: 250 session

incomplete TCP/UDP session per min LOW: 200 session

Max incomplete TCP/UDP sessions number from same host: 10

Incomplete TCP/UDP sessions detect sensitive time period: 300 msec

maximum half-open fragmentation packet number from same host: 30

half-open fragmentation detect sensitive time period: 10000 msec

flooding cracker block time: 300 sec

Even when I disable "SPI and Anti-DoS firewall protection" in the Intrusion Detection Feature section the internet connection gets interrupted.

RIP detect is diabled

Discard Ping to WAN Interface is enabled.

SPI section:

Packet Fragmentation, TCP Connection, UDP session, FTP Service, H.323 Service, TFTP Service

ALL Enabled

I am really tired of walking to my router every 10-15 minutes or so and resetting the thing and would like to solve this. If unable I will just buy another router, even if this one is only about 2 months old. It's annoying when I want to access my computer from a remote location and find out the connection is down.

Could someone please help? I read other posts about the same problem I am having (SMC + torrent) but am unable to find a proper solution like the proper settings for the SMC firewall and/or uTorrent?

Thanks!!

[Switeck]

Have you tried asking the makers of the router?

...Because the router seems over-aggressive in blocking.

set bt.connect_speed to 4

net.max_halfopen to 50

Still pretty high for halfopen (it defaults to 8!)...and lowering bt.connect_speed to 1 would at least be the lowest rate for it.

set bt.transp_disposition to 5

Disabling Bandwidth Management (uTP) in Preferences, BitTorrent (in uTorrent v2.x) sets bt.transp_disposition to 21. Or are you using an old version of uTorrent?

[deoshermes]

thanks

FYI: I can change all the values/settings in the router. So if I should try change any value, you could propose something.

I did contact SMC technical support, but am still waiting for a reply

what do those things actually do??

bt.connect_speed

net.max_halfopen

bt.transp_disposition

when I reset net.max_halfopen the value changes to 100!! so I don't thinkg 8 is default.

I run uTorrent 2.0 (build 18620) and Bandwith Management has been disabled all the time. Can't remember if it ever was enabled.

[DreadWingKnight]

when I reset net.max_halfopen the value changes to 100!! so I don't thinkg 8 is default.

It used to be the default, but someone with some bad information decided to change the default without realizing the implications of doing so.

[deoshermes]

okay,

I changed the value to read 8.

but still the connection popped and the router resetted itself two times already.

I think I should change some values in the router Firewall settings for DoS but I don't know what to change?

Any advice?

[DreadWingKnight]

Turn all the extra firewall and hack detection functions off. The NAT being provided by the router will be enough protection.

[deoshermes]

As i wrote before:

even when I turn the firewall off, I still get disconnected etc...

That's the part I don't get... How can the router drop the internet connection and restart itself based on incoming connections when its firewall is disabled? It shouldn't be able to detect SYN, UDP floods and Smurf attacks?!

I find it also very weird that this problem just started to occur about 6-7 months ago, while I never changed any settings in my old SMC Barricade. Everything worked fine, I could even run more active torrents and downloads than recommended for my internet speed. Then suddenly, out of the blue, I started experiencing SYN floods. Maybe this has to do something with uTorrent, a new version or something. I don't get how it could suddenly have started to occur.

[Switeck]

uTorrent v2.0 and later uses uTP by default. It also uses Teredo/IPv6 and native IPv6 heavily (if present.) That alone could push marginal routers over the edge and/or may trigger the router's flood protection.

[deoshermes]

okay, so what do you mean to say?

Can I disable IPv6 somewhere? I disabled it for my Lan Connection in Windows. Doesn't that mean uTorrent is also unable to use it?

And what if I downloaded an older version of uTorrent? Maybe I should try that and see if the problem persists.

Btw, I stumled on something else: it may be the router overheating due to the 'many' connections. So I could go for a router with a better heatsink and one that allows more connections, or I could buy a better heatsink and replace the one in my router.

Honestely, I don't think it should be the heat. This problem occured spontaneously and I have had my prior router for 4-5 years now and in the first few never experienced this problem. The new router I bought a few months ago immediately started giving me this trouble.

[Switeck]

uTorrent v2.0.3 and later has an advanced feature to disable IPv6.

Did you have Resolve IPs enabled in Peers window/tab? (right-click in that window to check)

If that was enabled, every peer/seed that connects to you will have a whois done on it whenever you check the Peers window/tab.

[deoshermes]

Yeah, I tried installing the new version in which IPv6 is disabled by default. I also disabled all the local peer, peer exchange, resolve IP etc, basically everything that influenced bandwith etc.

I downgraded to uTorrent 1.7.1 and the router still kept rebooting frequently. Then I decided to also downgrade the firmware from the router to the shipping firmware. This didn't solve anything so I went one version up and the problem disappeared temporary. The router didn't reboot, uTorrent ran 14 torrent (6 leeching, 8 seeding) on full speed and with many connections. I slowly increased the number of global connections and per torrent and still the router didn't reboot. Then I installed the newest version of uTorrent again and the problem came back, so I just downgraded again. I think I had an uninterrupted internet connection for about 5 to 6 hours.

Just now, when I started to work from my laptop using a wireless connection, as I opened up a few web pages and MSN the router rebooted again. Maybe this was just a onetime peek that caused the incident. I will keep testing the limits to find out what exactly is causing the reboot.

But as for now I can conclude that both downgrading uTorrent and SMC firmware helped.

[Switeck]

Can that router use DD-WRT or some other 3rd party firmware?

[deoshermes]

I'm not sure. Didn't find examples on the inet so far of people running DD-WRT on SMC thingies.

But so far I haven't had problems anymore with my router. It looks like downgrading the SMC firmware and uTorrent worked.

[r3dligh7]

I'm not sure. Didn't find examples on the inet so far of people running DD-WRT on SMC thingies.

But so far I haven't had problems anymore with my router. It looks like downgrading the SMC firmware and uTorrent worked.

hello Deoshermes! I've got the same problem as you had, may I ask you which firmware did you used? Thank you!

[deoshermes]

@r3dligh7

I use v0.92 now.

v0.90 had the problem that with file sharing software the router would get into a never ending loop, therefor congesting the internet traffic. v0.92 apparently had that fixed, still isn't ideal but works best: if recognizes the loop and simply restarts itself while also reducing the times it gets into the loop in the first time. I also downgraded uTorrent to 1.7.1 because using v2 in correspondence with the downgraded router didnt do it.

Now it's only sometimes during the day my router restarts because the settings in my uTorrent client are still pretty high and only causes a restart with many connected peers (200+) + high use of bandwith (80%+).

My uTorrent 'Bittorrent settings:

global maximum: 250

maximum peers per torrent: 40

upload slots: 3

all additional features disabled.

the global max could be set to 150, and peers per torrent to 20-30 for 'better router performance'

But right now everything is back to normal, I had the 'router restart problem' from time to time with this router in the past before I apparently upgraded it to v0.97 some time ago. I also had it with my older SMC Barricade router, but that one couldn't do an automatic restart after it landed in a neverending loop and had to be manually reset every time that happened.

Hope these downgrades will also solve the problem for you.

[DreadWingKnight]

Given the severity of the security hole that is patched in 2.0.4, I would highly recommend against using any version prior to it.

This is over and above the fact that old versions of uTorrent are unsupported normally.

[deoshermes]

that's true, but if the new version gives me all that trouble I find it better then not to use it at all. uTorrent becomes unusable because it makes the router reboot continuously, it can't even last 5 minutes without rebooting. So something that normally takes 15 minutes to download would then take 3 hours or longer.

Having said that; I rather use an older version or I don't use any version at all...

[DreadWingKnight]

And you have no way to turn off this flood protection?

All it seems to be protecting you from is your ability to use the internet.

[deoshermes]

Yes, the flood protection as is the whole firewall in the router is turned off. The flood protection is part of the firewall; even when it's turned off I get SYN, UDP floods etc.

uTorrent v2 apparently does something weird while making connections, which congests the traffic after it gets in the never ending loop. This was fixed in the SMC firmware v0.92 but in combination with uTorrent v2 it still reboots regularly which is a pain in the ass while surfing.

[Switeck]

"uTorrent v2 apparently does something weird while making connections"

uTorrent v2 and later makes a *LOT* of UDP packets because uTP uses UDP.

The router then detects that as "UDP floods".

Disabling uTP, Resolve IPs, IPv6 (in advanced settings), and even both kinds of DHT should drop the amount of UDP packets uTorrent creates to ZERO. (You may still get UDP incoming from peers/seeds though on uTorrent's listening port.)

[deoshermes]

Yeah,

Switeck; thanks for the suggestions. I already tried those settings, but it still makes my internet connection unusable. I even changed a couple of more advanced settings, but no luck. The solution I use now is the most stable one so I will stick to it for now.

[paintball9]

So is it an actual reboot, or just a large delay in traffic. Eg does uTorrent continue to function when the router 'goes down'.

[Switeck]

Did you ask the maker/s of the router about these problems?

[deoshermes]

Yes, but they don't provide any help if the product has not been registered with them within 30 days of purchase.

I registered the product after 2 months.

So much for customer support...

[Switeck]

And they don't have a message forum to communicate with others that have the same products?