DoS on LuCI or bad configuration (19.07.2) R7800

I've read that LuCI is now client rendered on 19.07.2 to relieve the router from servicing the whole page content.

Now that my router is fully configured, I've tried some tests from external sources to probe my firewall. I'm using Gibson Research Corporation ShieldsUp! (the All Service Ports sub-option) to probe my router.

While running the test that probe 1056 ports, LuCI becomes unresponsive and sometimes times out. That would mean that someone running a scan from the outside could potentially create a DoS attack on the GUI. The CLI remains unaffected.

I'm using luci-ssl package and SQM is on. Firewall is configured to DROP from WAN. I have the feeling that LuCI might be running at too low priority. Anybody noticed this same behaviour?

1 Like

I've noticed this too. Seems fine if you reject instead of drop, but then you can't be stealth on the port scan. Don't know why it happens.

You are right! Changing to DROP prevent the DoS. This probably has to do with the fact that DROP ignores sending a response, thus causing the sender to retry multiple times maybe, and REJECT is clearly answered back, so no need to retry.