Orbi WiFi 7 RBE973
Reply

C6300 DoS attack ICPM Flood Attacks

msearhart
Tutor

C6300 DoS attack ICPM Flood Attacks

I've been having lots of issues with loss of wifi over the last few months.  Lots of T3 and T4 errors and having to reboot my router multiple times a day.  Cable guys finally came out after the 2nd time and found the issue with a bad wire on the outside.  They fixed it and we haven't had any events logged since or any major outages!  Woohoo!  The only issue now is that since i had been motitoring event logs and logs for a while now, I realized that i've been getting a lot of flood attacks.  Most times I don't even notice them but a few times I could tell they happened because everything slowed down and a few devices lost connectivity (not all, is that normal?).  I looked up the IP addresses and they come from all over the place.  China, Czechia, Russia, Switzerland, Hong Kong, South Korea, Canada, and sometimes from the US - mostly universities??  University of Wisconsin, Univrsity of Southern California.  After the attacks the logs show multiple [DHCP IP: (XXX.XXX.X.XX)] to MAC address (Is this our devices coming back online?) Is there anyway to stop these?  Is it anything I should be worried about?  Sometimes I also get Port Scans but they don't happen as often.  Thanks for any suggestions.

Model: C6300|AC1750 Cable Modem Router Docsis 3.0
Message 1 of 2
FURRYe38
Guru

Re: C6300 DoS attack ICPM Flood Attacks

Have your ISP change your WAN IP address. 

Logs are just reporting whats happening and as long as the modem is working, your ok. The system is blocking and reporting whats going on. 

Message 2 of 2
Top Contributors
Discussion stats
  • 1 reply
  • 1222 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi 770 Series