NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

vwwanted's avatar
vwwanted
Aspirant
Mar 30, 2016

DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

I'm getting lots of Dos attacks logged in my C3000 modem/router. They appear to be coming from inside my network, from my wifi. I keep seeing a device attached to my wifi with an IP address of 1.1.15...
Security
Retired_Member's avatar
Retired_Member
Aug 14, 2016

While I'm glad to see I'm not the only one with this issue, it is unfortunate that there doesn't seem to be an answer.

I've been noticing intermittent network slowdown pretty recently, and when I've checked the logs I notice that an IP (34.8.16.0) has been causing DOS attack logs to various IPs.

It is also showing that IP address as my sister's iPhone on the network, while every other device has the standard local IP.

The rogue IP will also jump to my mother's iPhone when my sister's isnt connected.

I'm not sure what I can do to prevent this, but hopefully someone can help out.

jvillalba's avatar
jvillalba
Aspirant
Sep 18, 2016

I just had the exact same thing happening with -what I figured out- was my fiance's iPhone 6!  Her iPhone's IP address was spoofed and shown as a similar-looking IP to the one you mentioned under my router's 'attached devices' --> 33.1.152.0.  The strangest part about this happening is that I have manually assisgned all of the IP addresses to devices on my network AND I had enabled 'access control' so that no new devices/IP addresses can join the network.  

 

I reset her iPhone's network settings and then rejoined the network.  My router's 'attached devices' suddenly showed the correct IP 192.168.1.xx for her iPhone.  After 10-20 seconds, I clicked 'refresh' in the 'attached devices' section and the IP switched back to 33.1.152.0

So I tried blocking her iPhone from joining the network via 'Access Control' and that worked just fine.  I had her iPhone forget the network.  Then, I re-enabled network access for her iPhone and manually rejoined the WiFi network successfully.  After doing this, her iPhone maintained it's proper IP address. The DoS attacks stopped happening completely!  

 

About 45 minutes later I noticed my iPhone had stopped appearing in the 'attached devices' section even though my it still had an active conection to the Internet over WiFi.  I had my iPhone forget and re-join the network.  After doing this, my iPhone reappeared under 'attached devices' and it still maintained it's proper iPv4 address.   As soon as my iPhone reappeared under 'attached devices' my fiance's iPhone immediately reverted back to being shown as 33.1.152.0 -_-

 

Two Things:

*I know this can be spoofed, but I used a website to look up the location for 33.1.152.0 and it's listed as belonging to a US-based defense contractor

*the night this started happening, I walked by my Mac running OS X 10.6.11 and saw that someone was controlling my cursor/keyboard via remote access SSH.  I saw them open my bookmark for PayPal and they opened the 'send money to someone' page where my saved login info was just sitting there.  I disconnected my router from power, went to bed and I've spent all day today trying to figure out how that could have happened with no luck.

 

I would love any suggestions/input/feedback or a fix!  I just want the peace of mind that I’m not vulnerable to an attack.