Router detected Large Ping attack and dropped 7 packets.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Router detected Large Ping attack and dropped 7 packets.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
88 Reply
Re:Router detected Large Ping attack and dropped 7 packets.
2023-01-01 12:20:40 - last edited 2023-01-01 12:29:18

  @Fae hi, my Omada controller is 5.7.6V and I still have no info about the ip of the equipment concerned by these attacks.

 

my equipments:

Controller OC300 V1.0 // Firmware Version 1.14.7 Build 20221206 Rel.60706

Router ER7206 v1.0 // Firmware Version 1.2.3 Build 20221104 Rel.41500

Switch TL-SG3428 v2.0 // Firmware Version 2.0.9 Build 20221021 Rel.62172

 

 

I checked well and all my equipment is up to date. How can I fix this?

  0  
  0  
#62
Options
Re:Router detected Large Ping attack and dropped 7 packets.
2023-01-01 12:47:43

  Hi @Nicduch 

 

I ran a test today - disconnected internet and both large ping and no-flag were still getting logged. Turning off all Apple devices on my wifi and the alerts stopped. You should try the same - it seems the alerts are generated by LAN side activity not from the WAN and specifically from Apple devices, 

 

Try the same test and let's see what happens for you.

 

happy new year 

Nicduch wrote

  @Fae hi, my Omada controller is 5.7.6V and I still have no info about the ip of the equipment concerned by these attacks.

 

my equipments:

Controller OC300 V1.0 // Firmware Version 1.14.7 Build 20221206 Rel.60706

Router ER7206 v1.0 // Firmware Version 1.2.3 Build 20221104 Rel.41500

Switch TL-SG3428 v2.0 // Firmware Version 2.0.9 Build 20221021 Rel.62172

 

 

I checked well and all my equipment is up to date. How can I fix this?

 

  0  
  0  
#63
Options
Re:Router detected Large Ping attack and dropped 7 packets.
2023-01-01 13:00:35
Hi @Lurk, Happy New Year too, I wish you all the best! Yes I forgot to say it but indeed the problem disappears if I disconnect my Apple devices (Apple TV and iPhone). The problem is present since the first day of the installation but I have much less errors than at the beginning
  0  
  0  
#64
Options
Re:Router detected Large Ping attack and dropped 7 packets.
2023-01-02 13:08:45 - last edited 2023-01-02 13:15:11

  @BravoMike31 I had the same today on the new ER7212PC Router. I'd like to see some more details included in the alert too. 

 

 

I needed to reset the Cloud service as i couldn't connect to it. It had blocked the service after the ping attack. I had to turn the enable button Off/On to reset it. The app told me there was an error connecting. All was running well before. Is it coming from TP-Links cloud service?

Archer MR600 V1 3G/4G ER7212PC v1.0 TL-SG2210P v5.0 4 x EAP653(EU) v1.0
  0  
  0  
#65
Options
Re:Router detected Large Ping attack and dropped 7 packets.
2023-01-02 13:29:59

after reboot, IP info is here. i don't know why...

  0  
  0  
#66
Options
Re:Router detected Large Ping attack and dropped 7 packets.
2023-01-02 16:19:19

I think it's because of the different router/gateway.

I am using the ER605, whose last firmware update is from 03/2022.

All other hardware components including the Omada SDN controller have received some updates since that time.

Best regards, Rainer
  0  
  0  
#67
Options
Re:Router detected Large Ping attack and dropped 7 packets.
2023-01-04 04:26:36

@Fae - Can you please advise when the firmware upgrade for the ER605 (TL-R605) v1 will be released to support the Source IP for Large Ping Attacks? The latest firmware is 1.2.1 (Published Date: 2022-06-15).

  0  
  0  
#68
Options
Re:Router detected Large Ping attack and dropped 7 packets.
2023-01-04 08:18:48

 After several test, only one apple device make ping attack.

this is an iphone 7 +
 

no problem with iphone 13 and apple tv 4k

  0  
  0  
#69
Options
Re:Router detected Large Ping attack and dropped 7 packets.
2023-01-06 19:13:45

  @Fae 

Thanks for the information on the message "Router detected Large Ping attack and dropped 7 packets."

 

I have recently set up a TP-Link Omada network on my farm to provide WiFi for a large area.

 

The interesting thing is, for years I've been running two TP-Link Google OnHub TGR1900 access points in a mesh configuration and they provided WiFi signals from my home to my barn 300' away. The signal was typically -65 to -55 dBm at the barn which was good enough to stream video and audio from a 1080p security camera and stream music. on a Google Mini Since Google is killing off support for these amazing consumer routers/APs and Google Home network management for the old devices I had to come up with a replacement. Apparently nobody makes a router/access point a powerful as these were.

 

Here is my setup:

T-Mobile 5G Home Internet as my WAN

Calyx Institute Internet service using an inseego 5G MiFi M2000 as my USB Modem providing two connections to the Internet in failover

Omada controller Model OC200 v2.0 HW version, Controller Version 5.7.6, Firmware Version 2.7.7 Build 20221206 Rel.58608

Omada ER605 Gigabit VPN Router/Firewall v2.6, Firmware Version: 2.0.1 Build 20220223 Rel.68551

Omada TL-SG2008P JetStream 8 port gigabit smart PoE+ switch, Firmware Version: 3.0.4 Build 20221130 Rel.42340

and 2 Omada EAP610-Outdoor(US) v1.0, WiFi 6 AX1800 access points, Firmware Version: 1.0.6 Build 20220415 Rel. 63538

 

I have read over the Omada Knowledgebase articles, router install and configure manual and the Help system in the Controller and can not find any logs that show source and destination IP for the Large Ping Attack or any other message. I agree not showing this information is a great shortfall in a firewall so I read with interest this statement in your post:

"Now it's confirmed that Omada Controller v5.6 will support showing the source IP of the detected "Large Ping Attack" or "Ping of Death Attack". which requires to upgrade the Router to the adapted firmware."

 

Do you, or does anyone here know either how to view the source and destination IP addresses associated with messages?

Is this information available only if you export the logs or ship them to a syslog server (neither of which I tried)?

I'd rather not mirror ports and run wireshark when this is a basic function of other firewalls that I have experience with (PaloAlto, Netscreen, Fortinet and SonicWall).

 

Thanks in advance.

Jeff

  0  
  0  
#70
Options
Re:Router detected Large Ping attack and dropped 7 packets.
2023-01-06 20:49:25

  @JeffPentz 

 

Hello Jeff,
As I can see from your hardware configuration, you basically use the same hardware as me.

Since your hardware, including the Omada controller, also has the latest firmware version, you will also have to wait for a firmware update for your ER605 router.

 

As long as the router is not able to pass the IP address to the controller, we will not be able to see the IP address in the controller either.
Best regards, Rainer
  0  
  0  
#71
Options