[SNMP] DoS detected

Don't miss a thing. Post your questions and discussion about other uncategorized NAS features here.
johnripper
Experience counts
Posts: 1357
Joined: Sun Aug 14, 2011 5:13 am

Re: [SNMP] DoS detected

Post by johnripper » Wed Aug 14, 2013 10:19 pm

Update to QTS 4.0.2

teunie
New here
Posts: 4
Joined: Wed Aug 14, 2013 8:50 pm

Re: [SNMP] DoS detected

Post by teunie » Thu Aug 15, 2013 2:07 am

It's a EC1279U-RP and as far as I can see 3.8.3 build0426 is the latest firmware for this device.

dmitryfromchel
Starting out
Posts: 11
Joined: Tue Jan 15, 2013 11:50 am

Re: [SNMP] DoS detected

Post by dmitryfromchel » Wed Dec 11, 2013 3:57 pm

1279U-RP 4.0.5
We use "the dude" monitoring software, and we have same problem.

damago1
New here
Posts: 4
Joined: Thu Dec 30, 2010 3:10 pm

Re: [SNMP] DoS detected

Post by damago1 » Mon Mar 31, 2014 5:38 pm

I have the same problem. It's just on the top of other SNMP related problems.

1) On QNAP TS-419U the MIB downloaded from the device cannot be imported to MIBBROWSER because it shows errors:

2) Trying discovery with SNMPWALK triggers DOS warnings and probably does not return the whole tree, because different OID's work (found somewhere on the net) than actually returned from SNMPWALK.

3) the template definitions for ZABBIX found on the net work only in part. The

.1.3.6.1.4.1.24681.1.2.3.0 (system memory) works ok, returns "240 MB"

but the

.1.3.6.1.4.1.24681.1.3.1.0 (cpu usage) does not work.

the same for other OIDs. Some work, some not, and you canot get the correct OID's because MIB is unloadable, system not responding properly to SNMPWALK and no info on the company page with correct OIDS.

Frustrated.

User avatar
schumaku
Guru
Posts: 43664
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: [SNMP] DoS detected

Post by schumaku » Tue Apr 01, 2014 12:55 am

Welcome to the QNAP NAS Community Forum!

damago1 wrote:1) On QNAP TS-419U the MIB downloaded from the device cannot be imported to MIBBROWSER because it shows errors
No problems loading the attached NAS.mib (in a zip archive) in the iReasoning MIB Browser 9.0 Build3520 (Personal Edition) - no errors. This MIB table was retrieved from a current QTS 4.1 Build 20140319 (closed Beta), but has not changed for a longer time now - as per my records it's very similar to earlier mibs.

damago1 wrote:2) Trying discovery with SNMPWALK triggers DOS warnings and probably does not return the whole tree, because different OID's work (found somewhere on the net) than actually returned from SNMPWALK.
Lower the query rate for now: The SNMP DoS is triggered when querying more than 300 items per second. Don't know how real that is for monitoring.

Starting from QTS 4.1 Build 20131226, two configurable items "EnableDetectDDoS" and "MaxPacketPerSecond" can be added to the [SNMP] section in uLinux.conf to control SNMP DDoS.

The default value of EnableDetectDDoS is TRUE.
The default value of MaxPacketPerSecond is 300.

If customers want to disable DDoS, set EnableDetectDDoS to FALSE.
If customers want to enlarge the number of packets, set MaxPacketPerSecond to what they want.

Remember restart SNMP after change the setting.

damago1 wrote:3) the template definitions for ZABBIX found on the net work only in part.
About as vague to reference some 3rd party names or not providing a firmware version in place on your NAS.

damago1 wrote:.1.3.6.1.4.1.24681.1.2.3.0 (system memory) works ok, returns "240 MB"
but the
.1.3.6.1.4.1.24681.1.3.1.0 (cpu usage) does not work.


No firmware information makes this a pretty much useless report. Historically, QNAP had returned text (OctetString) as part of the SystemInfo (.1.3.6.1.4.1.24681.1.2) OID position, this was extended by SystemInfoEx (.1.3.6.1.4.1.24681.1.3) - well possible some earlier firmware does have a few issues - he what I get from a TS-419P II using the firmware referenced above:

Name/OID: SystemCPU-Usage.0 (.1.3.6.1.4.1.24681.1.2.1.0); Value (OctetString): 8.40 %
Name/OID: SystemCPU-UsageEX.0 (.1.3.6.1.4.1.24681.1.3.1.0); Value (Integer): 8

Don't know - never had an issue with loading the mib file, thus I was able to discover a bunch of SNMP related issues, and almost "force" QNAP to add the SNMP DoS controls for the coming firmware.

Some patience might be required here.

Regards,
-Kurt.
You do not have the required permissions to view the files attached to this post.

Alphasite
New here
Posts: 2
Joined: Sun Apr 27, 2014 10:10 am

Re: [SNMP] DoS detected

Post by Alphasite » Sun Apr 27, 2014 10:21 am

I have a TS-212P with 4.0.7. Any way to disable SNMP DoS detection in that model?

User avatar
schumaku
Guru
Posts: 43664
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: [SNMP] DoS detected

Post by schumaku » Mon Apr 28, 2014 1:07 am

Alphasite wrote:I have a TS-212P with 4.0.7. Any way to disable SNMP DoS detection in that model?
Once it's updated to QTS 4.1.0 (currently Release Candidate 2) the controls as lined out before can be used.

Add two configurable items "EnableDetectDDoS" and "MaxPacketPerSecond" in [SNMP] in uLinux.conf for SNMP DDoS.

The default value of EnableDetectDDoS is TRUE.
The default value of MaxPacketPerSecond is 300.

If customers want to disable DDoS, set EnableDetectDDoS to FALSE.

[~] # setcfg SNMP EnableDetectDDoS FALSE

If customers want to enlarge the number of packets, set MaxPacketPerSecond to what they want.

[~] # setcfg SNMP EnableDetectDDoS TRUE
[~] # setcfg SNMP MaxPacketPerSecond 1200

Remember to restart SNMP after change the setting.

roosta
Getting the hang of things
Posts: 58
Joined: Wed Nov 13, 2013 5:06 pm

Re: [SNMP] DoS detected

Post by roosta » Wed Sep 13, 2017 6:18 pm

This problem has resurfaced since 4.3.3.0299

I have a back-up UPS attached over SNMP and get 1 warning per day since upgrading. Why? I don't understand what it is or how to fix....

TS-870 Pro
No settings have changed on UPS or SNMP...

RoOSTA

User avatar
FizzNuts
Getting the hang of things
Posts: 65
Joined: Thu Jan 07, 2016 5:12 am

Re: [SNMP] DoS detected

Post by FizzNuts » Wed May 16, 2018 10:46 pm

I have the same issue, starting with 4.3.4.0569 Build 20180501 on TS-453A. I use Paessler PRTG monitoring app, have imported the qnap MIB for the sensors, yet here we are getting these alerts. We need to be able to whitelist IP addresses.
Jesse

Model: TS-453A 16GB FW: 4.3.3.0404 Build: 20171213
Disks: [RAID-5] 4 x 3TB HGST DeskStar NAS
Media Boxes: XBOX One, Yamaha Aventage Receiver

Post Reply

Return to “Miscellaneous”