Router detected Large Ping attack and dropped 7 packets.
Hello everyone.
I have a new network infrastructure running a few days now in a new office under construction.
There I have 3 omada devices (Router, POE Switch and EAP) and a wired security system.
Today i added a Win10 laptop for a video conference and i have more than 10 alerts at omada's log like this one: "Router detected Large Ping attack and dropped 7 packets."
The same happened about 1 week before when added the security system in the network, but after it stopped. No other PC or other network device was connected to the network.
So is this normal, every time i add a new network device, or it is an attack?
Is this critical ? Is this a Ping attack?
Should i take care of these, or remove these alerts from omada's alert emails ?
Thanks
E.A
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
The logs need more information!
It really needs to have the Source IP and Destination IP. It would also be helpful to know which port/network it came from.
I am getting 10-15 of these per day without any details.
TP Link you really need an update for this!
- Copy Link
- Report Inappropriate Content
EDIT
- Copy Link
- Report Inappropriate Content
@btx I don't have any EAP's yet. I have an ER7602. I'm slowly adding to my network. A switch has been ordered and will get here soon. Then I will look at EAP's
- Copy Link
- Report Inappropriate Content
EDIT
- Copy Link
- Report Inappropriate Content
@btx It's a US version of the ER7206.
Model: ER7206 v1.0
Firmware Version: 1.2.1 Build 20220512 Rel.77113
I'm using the Software version of Omada Controller for now. Version 5.3.1
So far today I have had 11 notifications of: detected Large Ping attack and dropped xx packets.
I just updated the router from 1.2.0 to 1.2.1. We will see if that makes a difference.
- Copy Link
- Report Inappropriate Content
EDIT
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Another + 1 for getting some useful information in the logging - some form of details of the source are really a minimum requirement.
Currently the system holds up and tells you something happened, but that's it.
A few weeks back my router held up to a repeated syn flood attack pretty much for 48 hours constantly until someone got bored, but no clue in the logs as to the source.
Would have been nice to know and then put an explicit deny to an IP or network in the firewall.
I have asked and asked as have many to sort out the system being a bit more informative about what is going on, some of us like to know.
Come on TPLINK, details needed now and finish what is already there.
- Copy Link
- Report Inappropriate Content
I am a new TP-Link business partner and owner of 100 TP-Link Omada items. We currently have 6 sites running Omada mainly family homes and homes of doctors right now as we are still seeing what Omada can deliver. I am seeing these Large Ping attacks for every site and it would be great to see through the Omada app where they are coming from. If packet capture is required to troubleshoot then Omada should have this feature built in.
All Omada items are updated to the latest versions and this ping attack continues on like the plague.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 18
Views: 64140
Replies: 89