Orbi WiFi 7 RBE973
Reply

DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

damianinpa
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

I have the same issue and even posted a new thread about this.  As far as I know, there is no fix.  I have searched all over the internet and quite a few people complain about this.  In my case, my daughters Iphone shows up in the router page with a WAN IP and I see DOS attacks.  This causes drops for all devices on my network for about 1 minute.  It happens randomly, but, almost every day.  I love the way there is no response at all from Netgear.  Do they not monitor their own forums?  At least acknowledge the issue.  So, I decided to buy a Surfboard 6190 Model and Asus Wireless router.  I'll be hooking up next week and hopefully, this issue will be behind me.  Everything I read online states this is Netgear bug with IOS devices and Ipv6 packet interpretation.  And of course you can't even turn off IPV6 on the C7000.  That is pathetic.   

Model: C7000|Nighthawk - AC1900 WiFi Cable Modem Router
Message 26 of 89
larrycatoe
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

I'm have the same issue on my C3700. The Network address 123.9.33.0 comes up under mine and my wifes Iphone. The Iphones keep the IP issued by DHCP but the IP under connected devices show it being that IP. What is going on here?

Message 27 of 89
damianinpa
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

I dumped my Netgar in favor of a Surfboard SB6190 Cable Modem with a Asus wifi Router.  Works perfectly with no drops or issues.  I will NEVER be buying Netgear again.  You would think they would monitor these posts and chime in, but, crickets. 

 

Message 28 of 89
larrycatoe
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

Calling them isn’t any better. I mean I shouldn’t have to go through line after line of WireShark to look at packets.
Message 29 of 89
jandawood
Aspirant

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

We have a C3700 router and I've noticed that a lot of times during ther day my wifi connection stops working. I turned wifi of and back on for affected devices and it works for about 15 minutes before it reapears.

 

I just checked the logs and found multiple DOS attack messages (Tear Drop and Ping of Death).

 

From everything i've read, it seems like its a known issue with NetGear. I guess I will do better research for my next router.

Model: C3700|N600 Cable Gateway Docsis 3.0
Message 30 of 89
SamirD
Prodigy

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

If you can turn off the wifi and it fixes the problem, you can just get a access point and connect it to the netgear.

Message 31 of 89
Bob94301
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

I have the same problem with a C7000. Very tired of it. Of course, its an iPhone changing into an IP address in Austin, Texas and bombing DDoS attacks on everything from the Department of Defense to Bejieng.

 

Question is, I have high speed Comcast. Does anyone know if any Arris modem will handle 300 MBPS and show the connected devices by MAC and IP address AND show logs for attacks? Their manuals are terrible. I want to abandon Netgear, but not if another brand has the same issue and worse yet, cannot show it to youi.

 

Appreciate your input.

 

~Bob

Message 32 of 89
PGillard
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

gave up and bought a motorola mg7550 . Instant fix.  easy to set up and control. 

 

Will never buy netgear again.  tech support in non existant. Have had bad experiences with there switches also.

 

 

 
Message 33 of 89
Bob94301
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

Thanks. I just downloaded the manual and no mention of viewing logs and what they contain nor viewing connected devices and their IP addresses. I assume it must have these features, but not documented if so.

 

Message 34 of 89
filmjbrandon
Initiate

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

So, fqm889 is completely correct, and I can verify this as well.

 


@fqm889 wrote:

 

 

ipv6 address:

xxxx:xxxx:aabb:ccdd:eeff:gghh:xxxx:xxxx

Change aa bb cc dd ee ff gg hh from heximal to decimal AAA BBB CCC DDD EEE FFF GGG HHH

Then you can find that AAA.BBB.CCC.DDD is your source and EEE.FFF.GGG.HHH is your destination of 'DoS' packets.

 

I am seeing the same IP source to multiple target addresses, and this now makes sense because the first 3 fields of ipv6 will always be the same as would the first three numbers of an IPv4 address like "192.168.0.X" on the private network.

 

The target number is the fourth field of the IPv6 address that's allocated to my device, and different devices will show different numbers here.  Also, this part of the address is dynamic and changes over time, so it looks like the target changes every few days.  Targets because of the randomness of IP addresses have appered to be benign things like a random mobile device, or addresses of goverment or banking organizations in other countries.  In fact, as demonstrated by fmq889 none of these addresses are actually being reached from my network.

 

I would also like to add that ipv6 also provides for allocating 2 addresses for every device, and only the 2nd address or privacy extension/temporary address is tripping up the router.

 

In any case, I am wondering if the performance issues I see are related, and perhaps the router is trying to filter/block or otherwise uses resources tracking all these seeminly malignant calls, when they are actually perfectly legit traffic passing through the network.

 

I hope that Netgear will fix, but perhaps we all who are seeing this should try to contact them directly and let them know of the issue rather than hope they monitor user forums.

Model: C7000|Nighthawk - AC1900 WiFi Cable Modem Router
Message 35 of 89
JollyRoger72
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

is there any solution to this? I am having the same problem

Message 36 of 89
Left4Dead2
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

C7000-100NAS

Firmware Version 

V1.01.23

 

Hello,

 

I'm getting the same results here as everyone based on recent logs.  Yesterday, it sent my download speed for the games I was installing on my XBOX to a crawl, which prompted me to look at the router and found out it was tagging the iPhones only? Is this something with Netgear product / firmware or is this really something that has to do with the Apple phones?  Any help or resolution would be appreciated...

 

[DoS attack: Teardrop or derivative] from 0.0.73.208, port 0

Model: C7000|Nighthawk - AC1900 WiFi Cable Modem Router
Message 37 of 89
JollyRoger72
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

this morning the bad IP jumped from my son's iPhone SE to mine because it was first iPhone turned on today so the 4.128.... was tied to mine.

 

 

here's a few of the 100's of entries each day:

 

DoS attack: Ping Of Death] from 4.128.19.160, port 02Wed Dec 13 06:13:27 201753.253.195.127:04.128.19.160:0
[DoS attack: Teardrop or derivative] from 4.128.19.160, port 02Wed Dec 13 06:13:25 201753.253.195.127:04.128.19.160:0
[DoS attack: Illegal Fragments] from 4.128.19.160, port 01Wed Dec 13 06:13:16 201753.253.195.127:04.128.19.160:0
[DoS attack: Ping Of Death] from 4.128.19.160, port 02Wed Dec 13 06:13:16 201753.253.195.127:04.128.19.160:0
[DoS attack: Teardrop or derivative] from 4.128.19.160, port 01Wed Dec 13 06:13:16 201753.253.195.127:04.128.19.160:0
[DoS attack: Illegal Fragments] from 4.128.19.160, port 01Wed Dec 13 06:13:16 201753.253.195.127:04.128.19.160:0
[DoS attack: Teardrop or derivative] from 4.128.19.160, port 01Wed Dec 13 06:12:06 201753.253.195.127:04.128.19.160:0
[DoS attack: Ping Of Death] from 4.128.19.160, port 03Wed Dec 13 06:12:06 201753.253.195.127:04.128.19.160:0
[DoS attack: Teardrop or derivative] from 4.128.19.160, port 02Wed Dec 13 06:11:23 201753.253.195.127:04.128.19.160:0
[DoS attack: Ping Of Death] from 4.128.19.160, port 01Wed Dec 13 06:11:16 201753.253.195.127:04.128.19.160:0
[DoS attack: Teardrop or derivative] from 4.128.19.160, port 07Wed Dec 13 06:11:15 201753.253.195.127:04.128.19.160:0
Model: C3000|N300 Cable Gateway Docsis 3.0
Message 38 of 89
larrycatoe
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

I have no clue. I've taled to teir III at Apple and Netgear and neither one of them could answer my quetions. So, I'm going to ditch the Netgear and grab an Arris to see if the issue is resolved.

Message 39 of 89
JollyRoger72
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

I have Comcast, but is it safe assume it's not tied to just them and others with non-Comcast service are experiencing the same

Message 40 of 89
larrycatoe
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

I have Spectrum so I'm quite sure it is a hardware/software issue with the equipment. That is the only thing I can think it could be.

Message 41 of 89
JollyRoger72
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

agreed, but why no one is addressing it is beyond me. I am ready to walk away from my device altogether and buy the Motorola 7540.

Message 42 of 89
Bob94301
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

I have downloaded both the Mootorola and Arris user Guides and do not see where you can tell the IP and MAC address of the connected devices and the log showing the DDoS attacks like Netgear shows. If you can I would switch. If someone could confirm would be great.

 

I am also not confident in the explanation of what is happening here. Mine has been for years, always the same iPhone IP address change to the same Austin Texas IP and changes daily who is targeted from Mercedes Germany to the Dept of Defemnse to China. Does not seem random at all.

 

 

 

Message 43 of 89
JollyRoger72
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

I looked this morning and the IP I am getting assigned is tied Daimler Chrysler as well in Stuttgart.  The 4.128... jumps from iPhone to iPhone in my household but it is constantlty the source of my network bogging down to where I can't even send out a ping. Only a reboot stops it. I have tried factory reset as well.

 

I am a novice, I am learning everyday and I have no clue what's truly happening. but I see 100's of lines in the logs with this IP 4.128...and it's only this same IP everyday that gets assigned to my one of phones.

 

Message 44 of 89
filmjbrandon
Initiate

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

I don’t think it would be random as it’s basically the ipv6 DHCP allocation that decides. The only remedy I see is disabling DDOS logging.

As more devices use ipv6 this becomes a bigger issue so I think Netgear should fix!
Model: C7000|Nighthawk - AC1900 WiFi Cable Modem Router
Message 45 of 89
damianinpa
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

I got rid of my Motorola model because of this issue.  I switched to Surfboard 6190 and have had Zero issues for 2 months now.  There is NO fix to this issue and I'd advise everyone ot Dump their Netgear model.  I find it hard to believe their tech support doesn't read this forum or acknowledge the issue, but they are 100% silent on this topic.  So, my best avdice is to get new equipment. 

 

Message 46 of 89
PGillard
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

I purchased at Motorola MG7550 to test if it was a modem or a Comcast issue. The issues disappeared immediately upon installing the modem!! Recommend you do not waste any more time on the issue and spend the money to solve the problem. Netgear support is horrendous!

 

 

 

 
Message 47 of 89
Left4Dead2
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

Wow that is pretty sad, if thats the answer to this issue?  End up being the equipment, not understanding why Netgear hasn't put out something?  Wonder if anyone tested out their iphone by resetting it back to factory setting and checking the results?  Is the status the same?

Message 48 of 89
Left4Dead2
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

thanks damianinpa,

 

i have to agree with what your saying, i think its also has to do with certain apps being used too.  i tried latching my work iphone 6 to do some testing, and funny thing is that it changed the ip address briefly and went away.  i used 2 work apps and hardly nothing else, and it appeared to be functioning as normal, when checking the logs.  i noticed with certain social apps, it logs the errors immediately from another iphone being tested, which is constantly being used daily and has a ton of other apps.  i feel its a cause for concern, thinking the that phone has been infected some how instead of the work phone due to its limited apps and usage.  the other iphone is acting like some malicious program hiding behind those social apps, causing all these errors?  hopefully, your test on the other replacement routers work out.

Message 49 of 89
JollyRoger72
Guide

Re: DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

update: 

 

I turned off the Router Mode on the c3000 and it rebooted itself. I added the Linksys N750 via the CD it came with and the setup could not have been easier. My speeds are amazing now! Regularly getting 115mbs upload speeds vs the 30 I was getting when i was just using the c3000 for both modem and router. no more conflicts with iphones and randomly assigned IPs.

Message 50 of 89
Top Contributors
Discussion stats
Announcements

Orbi WiFi 7