Business Community > Omada > Question about the attack log
< Omada

Question about the attack log

Question about the attack log

Question about the attack log
Question about the attack log
Yesterday - last edited 9 hours ago
Model: Omada Cloud-Based Controller  
Hardware Version:
Firmware Version:

Hello friends!

 

I have an ER605 v2.0 and an SG3428 v2.30 switch, and I use Omanda Cloud on Linux.

 

For quite some time now, I've noticed that some Omanda logs don't show the IP address, in most logs to be exact.

 

Logs like the one below appear frequently, and it's not infrequent; out of nowhere, months go by without this type of record, and when it starts, it shows these records for months, but it doesn't show me the IP address so I can see where it's coming from:

Attack Detected on Gateway Warning ROUTER detected multi-connections ICMP Flood attack and dropped 374 packets.

 

This other record shows an external IP address.

Flood Attack Detected on Gateway Warning ROUTER detected stationary source TCP SYN Flood attack and dropped 218 packets. (Attack-Source=2xx.2xx.1xx.1xx).

 

Is the reason the IP address isn't showing up due to a configuration issue?

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:Question about the attack log-Solution
9 hours ago - last edited 9 hours ago

Hi  @MarceloMT 

Thanks for posting here.

This is because the router detected and successfully blocked malicious attacks on the corresponding WAN port.

The IP is the source of the attack.

It is recommended that you contact your Internet Service Provider to locate and further block this attack.

Wish you a happy life and smooth network usage!  >Omada US Enterprise Beta Program Launch< >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
Recommended Solution
  0  
  0  
#2
Options
2 Reply
Re:Question about the attack log-Solution
9 hours ago - last edited 9 hours ago

Hi  @MarceloMT 

Thanks for posting here.

This is because the router detected and successfully blocked malicious attacks on the corresponding WAN port.

The IP is the source of the attack.

It is recommended that you contact your Internet Service Provider to locate and further block this attack.

Wish you a happy life and smooth network usage!  >Omada US Enterprise Beta Program Launch< >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
Recommended Solution
  0  
  0  
#2
Options
Re:Question about the attack log
58 minutes ago

  @Vincent-TP 

 

Hello friend, thank you for your reply.

 

I understand that in the log below, I see an IP address, I know it's an external attack, so far so good.

Flood Attack Detected on Gateway Warning ROUTER detected stationary source TCP SYN Flood attack and dropped 218 packets. (Attack-Source=2xx.2xx.1xx.1xx).

 

However, what's worrying me is this other log below which doesn't show any IP address. I don't know if it's an external or internal attack.

Attack Detected on Gateway Warning ROUTER detected multi-connections ICMP Flood attack and dropped 374 packets.

 

Shouldn't these logs show the originating IP address, regardless of whether it's an external or internal attack, to help solve the problem?

  0  
  0  
#3
Options

Information

Helpful: 0

Views: 77

Replies: 2

About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.