first, I find icmp packet len 64020 (6,4 MB) , in router,
is this (i think it is) DDOS attack ?!
than i decide to block every packet over 1500,
can this be problems for some normal traffic ?
becouse, i see some packet over 1500, but not much.
btw, we used PPPoE , with MTU/MRU 1492/1492, over wire and wireless.
i make rules for !0-1500 log and drop, but rules log and drop 1498 , 1486 ?!
is this bug ?
v3.6
are you sure it’s ICMP? in support you wrote us that it’s UDP …
first i see traffic from 1 users (i think it is virus) to internet , and this are ICMP (upload) len 64020, (pic1) , he reinstall OS, and this traffic is gone.
than I block packages over 1500, after that, I see package over 1500 in log on 3-4 routers, and this are UDP (i think p2p) , from 1600-5000 leng. (some are in pic2)
and only 4-5 users have this traffic,
many users used p2p 100% of time on net , but never have this traffic (over 1500).
is it safe to block this packages with >1500 len , but with no effect on normal used of internet ?
you can’t block them, because they will arrive in fragments
I wish to block only possible virus , ddos, etc…
and i make rule: all !0-1500 drop …
and router is droping this packages, on pic2.
I wonder, is I block normal traffic to users ?
because , I do not wish to block normal traffic.
MT support tell me: You can block ICMP >1500 for sure, but don’t recommend to do it for other traffic.
cross posting in support and forum is not a good idea, because you talk to the same person in two places.
I known,
but I think maybe some MT users have some idea for this.