Recent TCP no-Flag attacks

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Recent TCP no-Flag attacks

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Recent TCP no-Flag attacks
Recent TCP no-Flag attacks
2023-05-29 14:18:24 - last edited 2023-06-02 03:13:40
Model: OC200   ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.30

Starting a few days ago, I have been receiving many, "Router/Gateway detected TCP no-Flag attack and dropped x packets" warnings.  Yesterday, I received (33).  As of 10:13 today, I've received (15).  I don't know where these errors are coming from and do not know why they started recently after many months of no occurrences.  

 

My full list of Omada equipment is in my signature.  Any suggestions are welcome.

(1) TL-R605 v1.0 Router/Gateway (1) OC200 v1.0 Controller (1) TL-SG2210P v3.20 POE Switch (2) TL-SG2218 v1.0 POE Switch (3) EAP245 v3.0 Access Point (1) EAP225-Outdoor v1.0 Access Point
  0      
  0      
#1
Options
1 Accepted Solution
Re:Recent TCP no-Flag attacks-Solution
2023-06-02 10:08:00 - last edited 2023-06-02 10:08:04

Hi All,

 

Please follow the post below for the available solution:

Solution to ER605 V1 1.3.0 Firmware Got Many Logs of "TCP no-Flag attack" Issue

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
Recommended Solution
  0  
  0  
#17
Options
17 Reply
Re:Recent TCP no-Flag attacks
2023-05-29 16:39:14

  @lflorack 

 

I can confirm that I have the same in the log on two different sites with ER605v1, it appeared on both sites when I upgraded to the latest firmware.
I only have two sites with ER605v1 so it's a bit strange, I don't know if it's a real attack or a bug.
  30-60 warnings a day with 100-200 blocked packets

 

  0  
  0  
#2
Options
Re:Recent TCP no-Flag attacks
2023-05-29 16:50:46

  @lflorack 

 

Ditto for me...  Started May 27th and still happening.

 

OmadaLinux v5.13.10 R605 V1:1.3.0 - Build 20230511 R.51317 SG2008P V1:V1.0.8 Build 20230602 R.73473 SG2008P V3:V3.0.5 Build 20230602 R.73473 3 x EAP245 V3:V5.1.0-Build 20230104 R.79433
  0  
  0  
#3
Options
Re:Recent TCP no-Flag attacks
2023-05-29 17:55:25

Same thing happening here. Started April 29, but only four times from then until May 27. On May 27, I started getting them about once every half hour. I'll follow this thread. Hopefully, someone finds the cause and resolution. 

Controller: OC200 V1 Router: ER605 v1.0 AP: EAP610 (US) v1.0
  0  
  0  
#4
Options
Re:Recent TCP no-Flag attacks
2023-05-29 20:08:06 - last edited 2023-05-30 12:44:20

  @Wild-Wanderer I went back through my logs and found that my TCP no-Flag attacks started with multiple events daily on 27 May too. As an aside, I installed TL-R605 firmware v1.3.0 Build 20230511 on 17 May.  So, in my case anyway, it doesn't seem to have a direct correlation with the increase in the TCP no-Flag attacks.  in fact, I installed a pre-release version (v1.3.0 Build 20230424) on 28 April too.

(1) TL-R605 v1.0 Router/Gateway (1) OC200 v1.0 Controller (1) TL-SG2210P v3.20 POE Switch (2) TL-SG2218 v1.0 POE Switch (3) EAP245 v3.0 Access Point (1) EAP225-Outdoor v1.0 Access Point
  0  
  0  
#5
Options
Re:Recent TCP no-Flag attacks
2023-05-29 21:30:32

 

lflorack wrote

  I installed TL-R605 firmware v1.3.0 Build 20230511 on 17 May.  So, in my case anyway, it doesn't seem to have a direct correlation with the increase in the TCP no-Flag attacks. 

Agreed. I just installed v1.3.0 today (29 May). 

Controller: OC200 V1 Router: ER605 v1.0 AP: EAP610 (US) v1.0
  0  
  0  
#6
Options
Re:Recent TCP no-Flag attacks
2023-05-30 02:07:41

  @lflorack 

The router currently does not support finding the source IP

so there isn't much you can do with it. it just detects and block TCP no-flag attack if that connection fits the rules. 

i don't think you should worry about it. if that bothers you, you can edit your log system.

 

if you want to know what is no-flag attack or should I worry about it? you need some lessons on TCP handshake and understand how internet works.

no big deal as long as your internet is find and stable when these occur. 

if you encounter an unstable network, and these alerts pop up at the same time, you need to consider if your IP is exposed/leaked during day to day net surfing. someone's attacking you. to fix this, sometimes you need help from your isp instead of the router. router can block but it increases the burden and potentially causes performance issues.

ScReW yOu gUyS. I aM GOinG hoMe. —————————————————————— For heaven's sake, can you write and describe your issue based on plain fact, common logic and a methodologic approach? Appreciate it.
  0  
  0  
#7
Options
Re:Recent TCP no-Flag attacks
2023-05-30 02:56:48

Hello @lflorack,

 

Thank you so much for taking the time to post the issue on TP-Link community!

 

To better assist you, I've created a support ticket via your registered email address, and escalated it to our support engineer to look into the issue. The ticket ID is TKID230547909, please check your email box and ensure the support email is well received. Thanks!

Once the issue is addressed or resolved, welcome to update this topic thread with your solution to help others who may encounter the same issue as you did.

 

Many thanks for your great cooperation and patience!

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#8
Options
Re:Recent TCP no-Flag attacks
2023-05-30 07:11:32

  @Hank21 

Same here. Started may 27. 

All devices have latest firmware and OC200 has 5.9.32

Thx for help

 

  0  
  0  
#9
Options
Re:Recent TCP no-Flag attacks
2023-05-30 13:44:10

  @Hank21 

The email with ticket# has been received from support and responded to.

(1) TL-R605 v1.0 Router/Gateway (1) OC200 v1.0 Controller (1) TL-SG2210P v3.20 POE Switch (2) TL-SG2218 v1.0 POE Switch (3) EAP245 v3.0 Access Point (1) EAP225-Outdoor v1.0 Access Point
  0  
  0  
#10
Options
Re:Recent TCP no-Flag attacks
2023-05-30 19:55:31 - last edited 2023-05-30 19:59:18

  @sl9999 

Can i do something about this beside of being worried?

I added Starlink as second ISP to my ER605. I think the warnings started around that time.

Any help is welcome.

 

 

  0  
  0  
#11
Options