Home

Forums

Stories

Knowledge Base

Business Community > General Discussion > Question about the attack log

< General Discussion

Question about the attack log

MarceloMT

Sunday - last edited Wednesday

Posts: 5

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2025-05-22

Question about the attack log

Sunday - last edited Wednesday

Model: Omada Cloud-Based Controller

Hardware Version:

Firmware Version:

Hello friends!

I have an ER605 v2.0 and an SG3428 v2.30 switch, and I use Omanda Cloud on Linux.

For quite some time now, I've noticed that some Omanda logs don't show the IP address, in most logs to be exact.

Logs like the one below appear frequently, and it's not infrequent; out of nowhere, months go by without this type of record, and when it starts, it shows these records for months, but it doesn't show me the IP address so I can see where it's coming from:

Attack Detected on Gateway Warning ROUTER detected multi-connections ICMP Flood attack and dropped 374 packets.

This other record shows an external IP address.

Flood Attack Detected on Gateway Warning ROUTER detected stationary source TCP SYN Flood attack and dropped 218 packets. (Attack-Source=2xx.2xx.1xx.1xx).

Is the reason the IP address isn't showing up due to a configuration issue?

1 Accepted Solution

Vincent-TP

Wednesday - last edited Wednesday

Posts: 4671

Helpful: 469

Solutions: 1507

Stories: 0

Registered: 2024-06-22

Re:Question about the attack log-Solution

Wednesday - last edited Wednesday

Hi @MarceloMT

Thanks for the reply.

The first type involves attacks from a fixed source, while the second type comes from multiple sources; therefore, the IP addresses are not displayed.

Unfortunately, we don't have related config for now.

Wish you a happy life and smooth network usage! >Omada US Enterprise Beta Program Launch< >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<

Recommended Solution

5 Reply

Vincent-TP

Monday - last edited Wednesday

Posts: 4671

Helpful: 469

Solutions: 1507

Stories: 0

Registered: 2024-06-22

Re:Question about the attack log

Monday - last edited Wednesday

Hi @MarceloMT

Thanks for posting here.

This is because the router detected and successfully blocked malicious attacks on the corresponding WAN port.

The IP is the source of the attack.

It is recommended that you contact your Internet Service Provider to locate and further block this attack.

Wish you a happy life and smooth network usage! >Omada US Enterprise Beta Program Launch< >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<

MarceloMT

LV1

Monday

Posts: 5

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2025-05-22

Re:Question about the attack log

Monday

@Vincent-TP

Hello friend, thank you for your reply.

I understand that in the log below, I see an IP address, I know it's an external attack, so far so good.

Flood Attack Detected on Gateway Warning ROUTER detected stationary source TCP SYN Flood attack and dropped 218 packets. (Attack-Source=2xx.2xx.1xx.1xx).

However, what's worrying me is this other log below which doesn't show any IP address. I don't know if it's an external or internal attack.

Attack Detected on Gateway Warning ROUTER detected multi-connections ICMP Flood attack and dropped 374 packets.

Shouldn't these logs show the originating IP address, regardless of whether it's an external or internal attack, to help solve the problem?

Vincent-TP

Wednesday - last edited Wednesday

Posts: 4671

Helpful: 469

Solutions: 1507

Stories: 0

Registered: 2024-06-22

Re:Question about the attack log-Solution

Wednesday - last edited Wednesday

Hi @MarceloMT

Thanks for the reply.

The first type involves attacks from a fixed source, while the second type comes from multiple sources; therefore, the IP addresses are not displayed.

Unfortunately, we don't have related config for now.

Wish you a happy life and smooth network usage! >Omada US Enterprise Beta Program Launch< >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<

Question about the attack log

Question about the attack log

Information

Voters 0

Tags