NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi
I'm getting lots of Dos attacks logged in my C3000 modem/router. They appear to be coming from inside my network, from my wifi. I keep seeing a device attached to my wifi with an IP address of 1.1.15...
That IP, 128.60.129.150, is showing inside, on my lan. For whatever reason the Netgear ARP table associates it with our Apple devices. It changes each time it wants to scan to whatever random Apple device we have online. That "device" is then targeting random public IPs. You can see them clearly in the logs. I only started investigating the due to my 1.4TB of data usage this month. That usage may or may not be realated but something is very odd here. Netgear factory reset does not do anything. ISP does not have a newer firmware version. I have a Vizio tv, Roku, desktop computers (I disabled IPv6), ipads and iphones. I had an HP wifi printer that I've unplugged as well and a Windows laptop unplugged as well. I even setupIP reservations on all the devices (just to try something!), and the 128 IP still associated with one of the Apple devices with an IP reservation.
I should also mention I even changed the IP of the router and have a 128 bit administrator password.
Just with my iphone and ipad on the wifi network there is no "malicious" activity. My devices do not show up in the netgear genie as having a public IP. If my wife or kids add their iphones or ipads then it starts almost instantly. One of the connected apple devices will show up with the public IP and the logs will show that public IP attacking random public IPs. Its always one device, never more than one at a time. Definately something apple related but I can't find what is different about my two devices compared to all of theirs. We looked for apps they have that i don't and also device settings. Could not isolate the difference. Its driving me crazy! No issues with anything wired.
Also should be noted that all throughout the day when no one was here, no iphones at home, there was no malicious activity. There were three ipads at home all day. The malicious activity stopped and started at the moment the last person with an iphone left home and returned home. When I did a test at night with just those three ipads (to confirm they were not the issues) the malicious activity started again , although not mine. So i think that just confirms if the ipads are asleep that nothing is "calling out". All the other ipads and iphones by themselves on the network cause these attacks when in use, but never my own ipad and iphone.............