Over the past month, I've been getting numerous DoS attack log entries on my Nighthawk AC1900 Router. I've contacted my ISP, the ISP of the attacking IP address, and Apple, and no one has an answer. Here are some of the log entries:
Description Count Last Occurrence Target Source
| DoS attack: Teardrop or derivative] from 2.1.99.144, port 0 | 2 | Fri May 19 09:00:14 2017 | 13.12.192.224:0 | 2.1.99.144:0 |
| [DoS attack: Ping Of Death] from 2.1.99.144, port 0 | 5 | Fri May 19 08:59:43 2017 | 13.12.192.224:0 | 2.1.99.144:0 |
| [DoS attack: Illegal Fragments] from 2.1.99.144, port 0 | 3 | Fri May 19 08:29:30 2017 | 13.12.192.224:0 | 2.1.99.144:0 |
The source (attacker's) IP address IS NOT ON MY NETWORK. I traced it to the Nantes region of France. The Target (victim's) IP addresses I've seen have been traced to the US Postal Service, the US Army Communications Command, as well as several US and international unversities (including Drexel in the US and McGill in Canada). These log entries only occur when certain devices are connected to the network. When and attach happens, I check attached devices and the attackers IP address is showing the devices in question. The only devices that allow these attacks are an iPhone6 and an AppleTV 4th gen. I have other Apple products (iPhone5S, Mac, Macbook, iPad2, AppleTV 3rd gen.) and a Windows PC connected to the network but and those have never been affected.
How can I block the IP address 2.1.99.144 from accessing my network without blocking the devices in question? Will a VPN prevent the attacker from infiltrating a device on my network?
