NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi
I'm getting lots of Dos attacks logged in my C3000 modem/router. They appear to be coming from inside my network, from my wifi. I keep seeing a device attached to my wifi with an IP address of 1.1.15...
C7000-100NAS
Firmware Version
V1.01.23
Hello,
I'm getting the same results here as everyone based on recent logs. Yesterday, it sent my download speed for the games I was installing on my XBOX to a crawl, which prompted me to look at the router and found out it was tagging the iPhones only? Is this something with Netgear product / firmware or is this really something that has to do with the Apple phones? Any help or resolution would be appreciated...
[DoS attack: Teardrop or derivative] from 0.0.73.208, port 0
this morning the bad IP jumped from my son's iPhone SE to mine because it was first iPhone turned on today so the 4.128.... was tied to mine.
here's a few of the 100's of entries each day:
DoS attack: Ping Of Death] from 4.128.19.160, port 0 2 Wed Dec 13 06:13:27 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Teardrop or derivative] from 4.128.19.160, port 0 2 Wed Dec 13 06:13:25 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Illegal Fragments] from 4.128.19.160, port 0 1 Wed Dec 13 06:13:16 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Ping Of Death] from 4.128.19.160, port 0 2 Wed Dec 13 06:13:16 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Teardrop or derivative] from 4.128.19.160, port 0 1 Wed Dec 13 06:13:16 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Illegal Fragments] from 4.128.19.160, port 0 1 Wed Dec 13 06:13:16 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Teardrop or derivative] from 4.128.19.160, port 0 1 Wed Dec 13 06:12:06 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Ping Of Death] from 4.128.19.160, port 0 3 Wed Dec 13 06:12:06 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Teardrop or derivative] from 4.128.19.160, port 0 2 Wed Dec 13 06:11:23 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Ping Of Death] from 4.128.19.160, port 0 1 Wed Dec 13 06:11:16 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Teardrop or derivative] from 4.128.19.160, port 0 7 Wed Dec 13 06:11:15 2017 53.253.195.127:0 4.128.19.160:0 I have no clue. I've taled to teir III at Apple and Netgear and neither one of them could answer my quetions. So, I'm going to ditch the Netgear and grab an Arris to see if the issue is resolved.
I have Comcast, but is it safe assume it's not tied to just them and others with non-Comcast service are experiencing the same
I have Spectrum so I'm quite sure it is a hardware/software issue with the equipment. That is the only thing I can think it could be.
I have downloaded both the Mootorola and Arris user Guides and do not see where you can tell the IP and MAC address of the connected devices and the log showing the DDoS attacks like Netgear shows. If you can I would switch. If someone could confirm would be great.
I am also not confident in the explanation of what is happening here. Mine has been for years, always the same iPhone IP address change to the same Austin Texas IP and changes daily who is targeted from Mercedes Germany to the Dept of Defemnse to China. Does not seem random at all.
I looked this morning and the IP I am getting assigned is tied Daimler Chrysler as well in Stuttgart. The 4.128... jumps from iPhone to iPhone in my household but it is constantlty the source of my network bogging down to where I can't even send out a ping. Only a reboot stops it. I have tried factory reset as well.
I am a novice, I am learning everyday and I have no clue what's truly happening. but I see 100's of lines in the logs with this IP 4.128...and it's only this same IP everyday that gets assigned to my one of phones.