Any reason not to enable DoS Defense in my router?
Solution 1:
It means the router has to maintain additional state and do additional work on each packet. And how can it really help in the case of a DoS? All it can do is drop a packet that you have already received. Since you've already received it, it has already done the damage by consuming your inbound Internet bandwidth.
Solution 2:
One reason to not enable the DoS Defense setting is that trying to protect systems from DOSed will spike the CPU of the router/firewall causing a DoS itself.
Solution 3:
An old thread I know, but I've just had to turn off the DoS defences on my Draytek 2850 home router to prevent some connection problems (almost everyone's in-bound bandwidth dropped to 0). Oddly enough, when all the kids are using their iPhones, PCs and chatting on Skype, etc. it triggers the DoS defences!
My guess is that there's so much traffic going in both directions that the router thinks it's under attack from the outside and shuts down. Turning off the UDP flood defence didn't do a complete fix so I turned off the SYN and ICMP defences too. (If you had to turn off both SYN and ICMP flood protection then I think the router was doing a very good job unless you are running a server or servers on your network) - SYN and ICMP requests are sent to servers during connection initiation, then the client devices receive a SYN-ACK back from the server.
Hey presto - no more connection issues. Of course, I'll turn the defences back on and better-tune the values (measured in packets/second), but I've been trying to nail this problem for ages and it was quite a shock to find out the real cause.
I hope this helps someone else.
Solution 4:
Yes, absolutely, turn it on.
If this is implemented correctly your firewall's engine should inspect each packet. Once it's determined to drop this traffic as part of a DoS attack, it should install a rule into hardware and silently drop the traffic instead of processing it again and again. Where it will still fall on it's face is a distributed attack, but I suggest you turn this on.
What kinds of services is that server hosting?