NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

EyepSix's avatar
EyepSix
Follower
Oct 31, 2020

DoS attack, Teardrop or derivative, Ping of Death, strange IPv6 Parsing Solution

I have found a solution to this two year old, unresolved problem:

 

https://community.netgear.com/t5/Cable-Modems-Routers/DoS-attack-Teardrop-or-derivative-Ping-of-Death-strange-non-DHCP/td-p/1067681/highlight/true

 

Summary of problem:

Router logs will show DoS attack, Teardrop or derivative, Ping of Death coming from a strange IP address.  When you trace this IP, it will be weird from a foreign country.

 

The router will keep dropping connection due to these assumed D-DoS attacks.

 

Problem has not seen a firmware fix in two years.

 

 

Root Cause:

fqm889identified the root cause as firmware bug, where Netgear mis-parses IPv6 address.

 

ipv6 address:

xxxx:xxxx:aabb:ccdd:eeff:gghh:xxxx:xxxx

Change aa bb cc dd ee ff gg hh from heximal to decimal AAA BBB CCC DDD EEE FFF GGG HHH

Then you can find that AAA.BBB.CCC.DDD is your source and EEE.FFF.GGG.HHH is your destination of 'DoS' packets.

 

User fduate has provided a graphical represenation in the attached PNG photo.

 

 

Solution:

Self-assigned IPv6  addresses are causing this issue, and this is resolved by enabling DHCP for IPv6. 

 

Navigate to:

Admin Panel > Advanced Tab > Advanced Setup > IPv6 > IP Address Assignment

 

Then click "Use  DHCP server".

Copy "Router delegated prefix" (The value usually ending in /64)

Paste previous value in "Start IP Address" and edit last three characters "/64" to "3/60".

Click "Apply" and reboot.

 

Enjoy!

 

 

 

 

 

3 Replies

  • craigdelgado0's avatar
    craigdelgado0
    Aspirant
    Nov 08, 2020

    The LAN delegated prefix and the Start Address are the same except the "1" in front of the "/64" on the start address.  When I try to change that to "3/60" I get an error that says "the start address is incorrect".  I also tried to copy the LAN delegated prefix and change the last three to "3/60" as instructed, but same result.  Doesn't seem to work on the C7000 modem/router.

     

     

    • phipperdee's avatar
      phipperdee
      Aspirant
      Feb 04, 2021

      Has anyone gotten this, or some other solution to work? Checking all the forums, it looks like this issue has existed for over 4 years. Endless DOS attacks from iPhone due to IP address glitch. Only solution: replace with different brand?