NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi
I'm getting lots of Dos attacks logged in my C3000 modem/router. They appear to be coming from inside my network, from my wifi. I keep seeing a device attached to my wifi with an IP address of 1.1.15...
I have to disagree with your observations and opinion. Since day 1, the Netgear C7000 will CHANGE the connected IP of my iPhone to an IP address for an AT&T customer in Dallas Texas (I am in California and iPhone is on 192.168.etc). THIS ip in Dallas then attacks 's multiple other IP's sending DDoS and other pings of death to multiple IP's including the DOD, China, France, you name it. Can be anywhere. MANY times a day, every day.
Ony changes the iPhone. Never iPad, Kindle, etc.
Help clarify?
~Bob
As I mentioned before lot of these events are false positive events that generate these DoS attack, Teardrop or derivative and Ping of Death events in the event logs. As described by Netgear before devices like printers and etc. are generating discovery packets or fragmented multicast IPv6 packets which cause the Netgear Cable firewall to belive it is being DoS’d when in fact it isn’t.
Netgear has a firmware that fixes this issue but it will take time to roll it out as it has to go through certification with ISPs. So we just need to sit tight and wait for the ISPs to push the new firmware out to our devices.
As far as the iPhones and iDevices having strange non-DHCP IP address shown for them under the WiFi section on the C7000's "Attached Devices" page so looks like the issue here is related to IPv6 NAT64 feature which is a translation mechanism for algorithmically mapping IPv6 addresses to IPv4 addresses, and IPv4 addresses to IPv6 addresses. For more info on NAT64 feature you can check out RFC 6145 and 6146.
So basically what’s happening is that the IPv6 addresses associated with iPhone and other iDevices are benign translate to random IPv4 addresses as result of NAT64 feature and for some odd reason those addresses are being shown under attached devices leading us to belive that there is a non-DHCP address assigned to our device. Coincidently some of those IPs are valid addresses that show as being registered to valid 3rd parties and some are not.
So I do not think there is anything to worry about here just make sure that you go to your C7000 UI under Advanced --> Setup --> WAN Setup and uncheck Disable Port Scan and DoS Protection to enable the protection since by default it is disabled.
I agree its a false positive. Looking at the logs again, no "attacks" when no one is here.
Any idea if/when the new firmware will be deployed to Optimum Online? I’ve been dealing with this and very high corrected/uncorrectables for months and both your and their support have been abysmal. No one is willing to help and keeps telling me the other group is responsible for firmware updates. PLEASE help me out, I really enjoy the product but hope I didn’t waste $200 on a bad product. Thank you!