- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
SSO and VPN attempt detected as Smurf DoS attack taking down Wifi
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSO and VPN attempt detected as Smurf DoS attack taking down Wifi
Hi,
I have an R7000 running the latest firmware (V1.0.9.88_10.2.88) that lately is showing some weird behavior. When I have two company laptops connected to the 5Ghz network and one attempts to log into VPN which makes a single sign on attempt with Microsoft Azure's Active Directory, it will take down my router's Wifi. The logs then show the entries below.
The timings of the VPN/SSO login attempt followed by the router's network loss correlates with the DoS Smurf attracks and when I reverse lookup those IP addresses it comes back as Microsoft and McAfee which seems related to those login attemps.
At times the router also looses connection when I am not trying to connect to VPN with similar DoS Smurf attacks in the log.
Assuming Microsoft and McAfee are not truly attacking my router, what could be causing this and how do I resolve this?
[DoS attack: Smurf] (1) attack packets in last 20 sec from ip [104.44.28.255], Wednesday, May 05,2021 06:50:31
[DHCP IP: (192.168.1.8)] to MAC address 0A:7D:26:60:7F:C7, Wednesday, May 05,2021 06:50:23
[DHCP IP: (192.168.1.6)] to MAC address 60:F6:77:48:E1:4E, Wednesday, May 05,2021 06:50:20
[DHCP IP: (192.168.1.5)] to MAC address 52:E7:8F:77:97:00, Wednesday, May 05,2021 06:50:15
[Admin login] from source 192.168.1.4, Wednesday, May 05,2021 06:48:28
[DoS attack: FIN Scan] (2) attack packets in last 20 sec from ip [161.69.122.115], Wednesday, May 05,2021 06:47:42
[DoS attack: ACK Scan] (1) attack packets in last 20 sec from ip [161.69.122.115], Wednesday, May 05,2021 06:47:30
[DoS attack: FIN Scan] (3) attack packets in last 20 sec from ip [161.69.122.115], Wednesday, May 05,2021 06:47:20
[Admin login] from source 192.168.1.4, Wednesday, May 05,2021 06:46:58
[DoS attack: FIN Scan] (1) attack packets in last 20 sec from ip [161.69.122.115], Wednesday, May 05,2021 06:46:53
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: SSO and VPN attempt detected as Smurf DoS attack taking down Wifi
> I have an R7000 running the latest firmware (V1.0.9.88_10.2.88) [...]
https://community.netgear.com/t5/x/x/m-p/2069376#M186506
> [...] it will take down my router's Wifi. [...]
"Wifi"? Are you complaining about a wireless problem, or a general
routing problem, or what, exactly? As usual, showing actual actions
(commands) with their actual results (error messages, LED indicators,
...) can be more helpful than vague descriptions or interpretations.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: SSO and VPN attempt detected as Smurf DoS attack taking down Wifi
I downloaded and applied the latest firmware online, didn't realize that when the router claims to have the latest version, it actually is not the latest version. Hopefully it will address the issue.
I can't tell whether it is a wifi issue our router issue. There are no error leds on when it happens and the broadcasted networks are no longer visible on any device.
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more