NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
C7000-100NAS DoS attacks
Over the past month, I've been getting numerous DoS attack log entries on my Nighthawk AC1900 Router. I've contacted my ISP, the ISP of the attacking IP address, and Apple, and no one has an answer. Here are some of the log entries:
Description Count Last Occurrence Target Source
| DoS attack: Teardrop or derivative] from 2.1.99.144, port 0 | 2 | Fri May 19 09:00:14 2017 | 13.12.192.224:0 | 2.1.99.144:0 |
| [DoS attack: Ping Of Death] from 2.1.99.144, port 0 | 5 | Fri May 19 08:59:43 2017 | 13.12.192.224:0 | 2.1.99.144:0 |
| [DoS attack: Illegal Fragments] from 2.1.99.144, port 0 | 3 | Fri May 19 08:29:30 2017 | 13.12.192.224:0 | 2.1.99.144:0 |
The source (attacker's) IP address IS NOT ON MY NETWORK. I traced it to the Nantes region of France. The Target (victim's) IP addresses I've seen have been traced to the US Postal Service, the US Army Communications Command, as well as several US and international unversities (including Drexel in the US and McGill in Canada). These log entries only occur when certain devices are connected to the network. When and attach happens, I check attached devices and the attackers IP address is showing the devices in question. The only devices that allow these attacks are an iPhone6 and an AppleTV 4th gen. I have other Apple products (iPhone5S, Mac, Macbook, iPad2, AppleTV 3rd gen.) and a Windows PC connected to the network but and those have never been affected.
How can I block the IP address 2.1.99.144 from accessing my network without blocking the devices in question? Will a VPN prevent the attacker from infiltrating a device on my network?
3 Replies
I'm having similar problems. I'll be watching to see what the community responses are.
It may be false reports as some type of app could be causing these logs to show up since you said its only when 2 devices are on the network.
DarrenM
Stumbled across this while researching the same problem.
What I have going on is random drops of PS Vue streaming. Analysis of the router log shows these coincide with the same sort of things described here.
We have four Apple devices, and the IPv4 addresses that the "attacks" come from are "generated" from the Apple IPv6 "function" of those devices. I've seen addresses that belong to Tokyo City Hall, various places in the US and even one in China. Every time, they have an IPv6 address associated with an Apple device here. There's no method, so far as I can tell, to "disable" this either on the devices themselves or in the router. I've allocated static IPs to all four devices, but it still happens. I'm wondering if having an IPv4 - only "access point" behind the router and connecting the Apple devices only to it might be the answer?
