NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi
I'm getting lots of Dos attacks logged in my C3000 modem/router. They appear to be coming from inside my network, from my wifi. I keep seeing a device attached to my wifi with an IP address of 1.1.153.128. I've block it several times, but have seen its MAC address change and it re-connects. I've since blocked all new devices from connecting through access control. I had started investigating this because we were having severe connectivity problems to the internet. Does anyone know what this rogue device might be? I suspect that it might be an iPhone connected to the wifi.
88 Replies
I'm have the same issue on my C3700. The Network address 123.9.33.0 comes up under mine and my wifes Iphone. The Iphones keep the IP issued by DHCP but the IP under connected devices show it being that IP. What is going on here?
I dumped my Netgar in favor of a Surfboard SB6190 Cable Modem with a Asus wifi Router. Works perfectly with no drops or issues. I will NEVER be buying Netgear again. You would think they would monitor these posts and chime in, but, crickets.
- Calling them isn’t any better. I mean I shouldn’t have to go through line after line of WireShark to look at packets.
We have a C3700 router and I've noticed that a lot of times during ther day my wifi connection stops working. I turned wifi of and back on for affected devices and it works for about 15 minutes before it reapears.
I just checked the logs and found multiple DOS attack messages (Tear Drop and Ping of Death).
From everything i've read, it seems like its a known issue with NetGear. I guess I will do better research for my next router.
If you can turn off the wifi and it fixes the problem, you can just get a access point and connect it to the netgear.
I have the same problem with a C7000. Very tired of it. Of course, its an iPhone changing into an IP address in Austin, Texas and bombing DDoS attacks on everything from the Department of Defense to Bejieng.
Question is, I have high speed Comcast. Does anyone know if any Arris modem will handle 300 MBPS and show the connected devices by MAC and IP address AND show logs for attacks? Their manuals are terrible. I want to abandon Netgear, but not if another brand has the same issue and worse yet, cannot show it to youi.
Appreciate your input.
~Bob
C7000-100NAS
Firmware Version
V1.01.23Hello,
I'm getting the same results here as everyone based on recent logs. Yesterday, it sent my download speed for the games I was installing on my XBOX to a crawl, which prompted me to look at the router and found out it was tagging the iPhones only? Is this something with Netgear product / firmware or is this really something that has to do with the Apple phones? Any help or resolution would be appreciated...
[DoS attack: Teardrop or derivative] from 0.0.73.208, port 0
this morning the bad IP jumped from my son's iPhone SE to mine because it was first iPhone turned on today so the 4.128.... was tied to mine.
here's a few of the 100's of entries each day:
DoS attack: Ping Of Death] from 4.128.19.160, port 0 2 Wed Dec 13 06:13:27 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Teardrop or derivative] from 4.128.19.160, port 0 2 Wed Dec 13 06:13:25 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Illegal Fragments] from 4.128.19.160, port 0 1 Wed Dec 13 06:13:16 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Ping Of Death] from 4.128.19.160, port 0 2 Wed Dec 13 06:13:16 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Teardrop or derivative] from 4.128.19.160, port 0 1 Wed Dec 13 06:13:16 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Illegal Fragments] from 4.128.19.160, port 0 1 Wed Dec 13 06:13:16 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Teardrop or derivative] from 4.128.19.160, port 0 1 Wed Dec 13 06:12:06 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Ping Of Death] from 4.128.19.160, port 0 3 Wed Dec 13 06:12:06 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Teardrop or derivative] from 4.128.19.160, port 0 2 Wed Dec 13 06:11:23 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Ping Of Death] from 4.128.19.160, port 0 1 Wed Dec 13 06:11:16 2017 53.253.195.127:0 4.128.19.160:0 [DoS attack: Teardrop or derivative] from 4.128.19.160, port 0 7 Wed Dec 13 06:11:15 2017 53.253.195.127:0 4.128.19.160:0 I have no clue. I've taled to teir III at Apple and Netgear and neither one of them could answer my quetions. So, I'm going to ditch the Netgear and grab an Arris to see if the issue is resolved.
I have Comcast, but is it safe assume it's not tied to just them and others with non-Comcast service are experiencing the same
I got rid of my Motorola model because of this issue. I switched to Surfboard 6190 and have had Zero issues for 2 months now. There is NO fix to this issue and I'd advise everyone ot Dump their Netgear model. I find it hard to believe their tech support doesn't read this forum or acknowledge the issue, but they are 100% silent on this topic. So, my best avdice is to get new equipment.
I purchased at Motorola MG7550 to test if it was a modem or a Comcast issue. The issues disappeared immediately upon installing the modem!! Recommend you do not waste any more time on the issue and spend the money to solve the problem. Netgear support is horrendous!
Wow that is pretty sad, if thats the answer to this issue? End up being the equipment, not understanding why Netgear hasn't put out something? Wonder if anyone tested out their iphone by resetting it back to factory setting and checking the results? Is the status the same?
Same issue here, although it seems only the Apple devices are being associated with the public IP behind all the public attacks. It also only seems to assoicate with wifi devices. I have turned off all apple devices and currenly only have a Windows laptop on the wifi and the public attacks have stopped and no macs are associated with the public IP. I currently have three devices plugged in (not on wifi) and they have never "grabbed" that public IP. This is the public IP that devices have been getting 128.60.129.150. They have been attacking all random public IPs. I did a factory reset on the wifi router but that didn't do anything. I just don't understand why apple devices are only affected?! See the screenshot and it shows the "source" as that 128 which hops from the Apple mac adddresses only.
Wow it will be 2 years since this message for this to be fixed. I new firmware will be out soon to fix the Dos Attacks.
I wanted to thank member ccunni3812 for the post tited "DoS attack and random ip addresses for iPhone"
I was having a similar problem with my IPad. As soon as my IPad was connected to my WiFI, I received DOS attacks - teardrop and SYN Flood. I had wiped my IPAD several times but it still came back. Finally I figured out a few things.
I have my Apple device backed up and may have inadvertently backed up the "bug". So everytime I download my backup, I got the bug again. I think I saved the bad website in my favorites. Since the DDOS attacks only happened when the wifi was turned on in my IPAD, I did the following:
- Changed the admin password on my router (yes I know, rookie move to not have done it in the first place).
- Turned on Access Control
- Deleted all unnecessary websites saved in my favorites on my IPad.
- Under Wan Setup, added the check mark to Disable port scan and Dos Protection from the router.
- Watched my logs
I will continue to watch my logs on a regular basis to make sure the steps taken above continue to work. Honestly, I am just so happy to have my IPad back.
For those of us who are a bit technically challenged...see attached picture which explains this post:
