Recent TCP no-Flag attacks
Recent TCP no-Flag attacks
Starting a few days ago, I have been receiving many, "Router/Gateway detected TCP no-Flag attack and dropped x packets" warnings. Yesterday, I received (33). As of 10:13 today, I've received (15). I don't know where these errors are coming from and do not know why they started recently after many months of no occurrences.
My full list of Omada equipment is in my signature. Any suggestions are welcome.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi All,
Please follow the post below for the available solution:
Solution to ER605 V1 1.3.0 Firmware Got Many Logs of "TCP no-Flag attack" Issue
- Copy Link
- Report Inappropriate Content
I can confirm that I have the same in the log on two different sites with ER605v1, it appeared on both sites when I upgraded to the latest firmware.
I only have two sites with ER605v1 so it's a bit strange, I don't know if it's a real attack or a bug.
30-60 warnings a day with 100-200 blocked packets
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Same thing happening here. Started April 29, but only four times from then until May 27. On May 27, I started getting them about once every half hour. I'll follow this thread. Hopefully, someone finds the cause and resolution.
- Copy Link
- Report Inappropriate Content
@Wild-Wanderer I went back through my logs and found that my TCP no-Flag attacks started with multiple events daily on 27 May too. As an aside, I installed TL-R605 firmware v1.3.0 Build 20230511 on 17 May. So, in my case anyway, it doesn't seem to have a direct correlation with the increase in the TCP no-Flag attacks. in fact, I installed a pre-release version (v1.3.0 Build 20230424) on 28 April too.
- Copy Link
- Report Inappropriate Content
lflorack wrote
I installed TL-R605 firmware v1.3.0 Build 20230511 on 17 May. So, in my case anyway, it doesn't seem to have a direct correlation with the increase in the TCP no-Flag attacks.
Agreed. I just installed v1.3.0 today (29 May).
- Copy Link
- Report Inappropriate Content
The router currently does not support finding the source IP
so there isn't much you can do with it. it just detects and block TCP no-flag attack if that connection fits the rules.
i don't think you should worry about it. if that bothers you, you can edit your log system.
if you want to know what is no-flag attack or should I worry about it? you need some lessons on TCP handshake and understand how internet works.
no big deal as long as your internet is find and stable when these occur.
if you encounter an unstable network, and these alerts pop up at the same time, you need to consider if your IP is exposed/leaked during day to day net surfing. someone's attacking you. to fix this, sometimes you need help from your isp instead of the router. router can block but it increases the burden and potentially causes performance issues.
- Copy Link
- Report Inappropriate Content
Hello @lflorack,
Thank you so much for taking the time to post the issue on TP-Link community!
To better assist you, I've created a support ticket via your registered email address, and escalated it to our support engineer to look into the issue. The ticket ID is TKID230547909, please check your email box and ensure the support email is well received. Thanks!
Once the issue is addressed or resolved, welcome to update this topic thread with your solution to help others who may encounter the same issue as you did.
Many thanks for your great cooperation and patience!
- Copy Link
- Report Inappropriate Content
Same here. Started may 27.
All devices have latest firmware and OC200 has 5.9.32
Thx for help
- Copy Link
- Report Inappropriate Content
The email with ticket# has been received from support and responded to.
- Copy Link
- Report Inappropriate Content
Can i do something about this beside of being worried?
I added Starlink as second ISP to my ER605. I think the warnings started around that time.
Any help is welcome.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3462
Replies: 17
Voters 0
No one has voted for it yet.