DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi

Initiate

Apr 21, 2017

I also have this problem. My iPad always have this ip address associated with its MAC address. I'm using C3000 with Comcast.

By looking into this problem I realized that it's not hacking.

The fact is that NETGEAR is not supporting IPV6 well. It's mistaking part of the ipv6 address in ipv6 packets as the src and dst of ipv4 packets.

The ipv6 packat is something like this

| --- 32 bit --- | Info

| --- 32 bit --- | source ip e.g. 1111:2222

| --- 32 bit --- | source ip e.g. 3333:4444

| --- 32 bit --- | source ip e.g. 5555:6666

| --- 32 bit --- | source ip e.g. 7777:8888

| --- 32 bit --- | destination ip e.g. 9999:aaaa

| --- 32 bit --- | destination ip e.g. bbbb:cccc

| --- 32 bit --- | destination ip e.g. dddd:eeee

| --- 32 bit --- | destination ip e.g. ffff:0000

While ipv4 is like this

| --- 32 bit --- | Info

| --- 32 bit --- | source ip e.g. 111.222.111.222

| --- 32 bit --- | destination ip e.g. 000.111.000.111

| --- 32 bit --- | options

Netgear is mistaking the line 4 and 5 of an ipv6 packet, which are part of the ipv6 address, as the src and dst of an ipv4 packet.

The source and destination ip addresses in my log is exactly part of my ipv6 address, which is in heximal, of my iPad.

You can verify that by yourself.

ipv6 address:

xxxx:xxxx:aabb:ccdd:eeff:gghh:xxxx:xxxx

Change aa bb cc dd ee ff gg hh from heximal to decimal AAA BBB CCC DDD EEE FFF GGG HHH

Then you can find that AAA.BBB.CCC.DDD is your source and EEE.FFF.GGG.HHH is your destination of 'DoS' packets.

Forum Discussion