3Com Wireless 11g router - web page problems

I've just got a 3Com Wireless 11g Firewall Router (model 3CRWE754G72-A).
I've upgraded the firmware to 1.24.

Many web pages fail to load completely, that is, the images fail to load
and the text loads at a crawl. The logs are full of "**SYN Flood to
Host**" entries, which appear to show up in sync with this problem and
contain the IP address of the offending website.

Disabling the firewall fixes this totally - everything runs snappily and
without missed images. Obviously, I'd rather not run without a firewall.

Anyone else seen this problem?

--
My email address is (E-Mail Removed)

PGP key available on request


Xmas

In an earlier contribution to this discussion,
Xmas <(E-Mail Removed)> wrote:

> I've just got a 3Com Wireless 11g Firewall Router (model
> 3CRWE754G72-A). I've upgraded the firmware to 1.24.
>
> Many web pages fail to load completely, that is, the images fail to
> load and the text loads at a crawl. The logs are full of "**SYN
> Flood to Host**" entries, which appear to show up in sync with this
> problem and contain the IP address of the offending website.
>
> Disabling the firewall fixes this totally - everything runs snappily
> and without missed images. Obviously, I'd rather not run without a
> firewall.
>
> Anyone else seen this problem?

No, mine is Software Version 1.11 - and seems to work fine.

As a matter of interest, why you you update the firmware? Was it ok
previously?
--
Cheers,
Tim
______
Please reply to newsgroup. Reply address is invalid.

(E-Mail Removed) wrote:
[Firewall blocking web pages loading properly]
> No, mine is Software Version 1.11 - and seems to work fine.
>
> As a matter of interest, why you you update the firmware? Was it ok
> previously?

I updated it in a vain attempt to fix the problem - thought it must be a
bug in the firewall code.

It's a weird problem but one I can replicate every time. If I turn on
the firewall then my internet access slows to a crawl and web pages stop
loading properly, if I turn the firewall off then all is well. Bizarro.

I'm not using any proxies or anything funky like that.

Baffling.

--
My email address is (E-Mail Removed)

PGP key available on request

"Xmas" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> (E-Mail Removed) wrote:
>
> I updated it in a vain attempt to fix the problem - thought it must be a
> bug in the firewall code.
>
> It's a weird problem but one I can replicate every time. If I turn on
> the firewall then my internet access slows to a crawl and web pages stop
> loading properly, if I turn the firewall off then all is well. Bizarro.
>

The "Firewall" is incorrectly seeing a large number of outgoing connections
as a SYN flood - many people have the same problem. Just turn it off and
forget about it - "Firewalls" like the one in this 3COM consumer unit of
dubious benefit and usually cause more problems than they solve as you've
found out.

Incidentally most cheap domestic routers (including most 3COM units) use the
Allegro ROM pager toolkit for at least their HTTP interface and various
Allegro versions have been known to have serious security flaws exposing the
admin functions to all and sundry passing on the WAN port.

The usual security recommendations are to black hole forward the usual
suspects appearing on the WAN port to an unused internal IP address, (if
you're not already forwarding them to a real server of course) These include
telnet port 23 - and the usual http admin ranges which vary on 3COM products
but include ports 80, 81, 8080, 8081 and 443.

As the manufacturers don't generally publish which version of the toolkits
they use its safest to assume that your router may contain any of the bugs
and take appropriate action. I also disable Plug'n'Play as well - but NOT
ICMP pings as this can affect your automatic MTU calculation (if used).

However you can get too paranoid if you're not careful!

regards,
Zippy.

(E-Mail Removed) wrote:
> The "Firewall" is incorrectly seeing a large number of outgoing connections
> as a SYN flood - many people have the same problem. Just turn it off and
> forget about it - "Firewalls" like the one in this 3COM consumer unit of
> dubious benefit and usually cause more problems than they solve as you've
> found out.

Thanks Zippy, that's exactly what I needed to know. Not a duff unit,
then. I'll take your advice with regards to port forwarding common
services to a dead IP.
--
My email address is (E-Mail Removed)

PGP key available on request