Message Detected Ping of Death attack.
i'm getting the message in system log:
2019-09-04 13:49:01 firewall[0]: <4> 05111025 Detected Ping of Death attack. Dropped 3 packets.
but i can't know where it comes from because it doesn't show me any data other than that, i would like to know how i can get this information.
I'm getting the message with often
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
DioCarvalho wrote
i'm getting the message in system log:
2019-09-04 13:49:01 firewall[0]: <4> 05111025 Detected Ping of Death attack. Dropped 3 packets.
but i can't know where it comes from because it doesn't show me any data other than that, i would like to know how i can get this information.
I'm getting the message with often
If you want to konw where it comes from, you need to capture the packets.
You can use wireshark to capture the packets and use the port mirror feature of the router. Just find the ICMP packets. (ping of death attack means the ICMP ping packets that smaller than 64 bytes or larger than 65535 bytes). Generally it comes from the packets that smaller than 64 bytes. When you capture the packets, the PC may shows 64 bytes. So find the ICMP packet that is 64 bytes or smaller. Then check the IP address to find where it comes from.
- Copy Link
- Report Inappropriate Content
I guess we are getting what we pay for, eh ?? A $60 router is not going to have all the features of a Cisco or Netgear router costing 10 times as much.
I started getting the "Pings of Death" too. I don't know where they are coming from - I assume it is a new marketing campaign from foreign "Bad Actors".
Doesn't seem to affect performance of the TL-R600, so I'm ignoring them. The router is doing its job and Dropping the packets.
If you have IPSEC tunnels between more than one TL-600, turn off Dead Peer Detection (DPD) or you may have issues with the connection dropping and reconnecting too much.
- Copy Link
- Report Inappropriate Content
Just installed r605 and started getting those msgs. Is it then safe to ignore it or something could be done do eliminate this?
- Copy Link
- Report Inappropriate Content
Sadly at the moment the SDN doesnt give enough information to diagnose the source / reason for these so personally.. I have just been ignoring them and deleting the alerts in mass when logged in
- Copy Link
- Report Inappropriate Content
I just upgraded the firmware on my R605 and the Detected Ping of Death attack are no longer showing, the release notes for the firmware say that this has been fixed.
Well happy with that.
- Copy Link
- Report Inappropriate Content
I've been having this issue on and off for nearly 2 years, finally got a resolution thanks to this post. I've removed the DPD option from both routers and will see how it goes.
Nice they fixed the issue on the R605 but no new firmware on the R600 to address this issue. Last firmware for this one was back in 2020 and the R605 addressed this in March of 2021.
- Copy Link
- Report Inappropriate Content
So even with DPD turned off and all options in Firewall > Attack Defense > Packet Anomoly turned all off, the VPN is still dropping.
On Router 1, when i try to refresh the VPn status, the progress bar goes about half way and stops and doesnt refresh. Router 2 doesnt have this issue. In the log file, Router 1 isn't displaying anything about the VPN tunnel but on Router 2, it keeps trying to initiate the IPsec tunnel. Router 1 has already been replaced once.
Any thoughts? The connection drops about once a week.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 17934
Replies: 7
Voters 0
No one has voted for it yet.