NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
vwwanted
Mar 30, 2016Aspirant
DoS attack, Teardrop or derivative, Ping of Death, strange non-DHCP IP address connected to wifi
I'm getting lots of Dos attacks logged in my C3000 modem/router. They appear to be coming from inside my network, from my wifi. I keep seeing a device attached to my wifi with an IP address of 1.1.15...
fqm889
Apr 21, 2017Initiate
I also have this problem. My iPad always have this ip address associated with its MAC address. I'm using C3000 with Comcast.
By looking into this problem I realized that it's not hacking.
The fact is that NETGEAR is not supporting IPV6 well. It's mistaking part of the ipv6 address in ipv6 packets as the src and dst of ipv4 packets.
The ipv6 packat is something like this
| --- 32 bit --- | Info
| --- 32 bit --- | Info
| --- 32 bit --- | source ip e.g. 1111:2222
| --- 32 bit --- | source ip e.g. 3333:4444
| --- 32 bit --- | source ip e.g. 5555:6666
| --- 32 bit --- | source ip e.g. 7777:8888
| --- 32 bit --- | destination ip e.g. 9999:aaaa
| --- 32 bit --- | destination ip e.g. bbbb:cccc
| --- 32 bit --- | destination ip e.g. dddd:eeee
| --- 32 bit --- | destination ip e.g. ffff:0000
While ipv4 is like this
| --- 32 bit --- | Info
| --- 32 bit --- | Info
| --- 32 bit --- | Info
| --- 32 bit --- | source ip e.g. 111.222.111.222
| --- 32 bit --- | destination ip e.g. 000.111.000.111
| --- 32 bit --- | options
Netgear is mistaking the line 4 and 5 of an ipv6 packet, which are part of the ipv6 address, as the src and dst of an ipv4 packet.
The source and destination ip addresses in my log is exactly part of my ipv6 address, which is in heximal, of my iPad.
You can verify that by yourself.
ipv6 address:
xxxx:xxxx:aabb:ccdd:eeff:gghh:xxxx:xxxx
Change aa bb cc dd ee ff gg hh from heximal to decimal AAA BBB CCC DDD EEE FFF GGG HHH
Then you can find that AAA.BBB.CCC.DDD is your source and EEE.FFF.GGG.HHH is your destination of 'DoS' packets.
PGillard
Jul 01, 2017Guide
Might you be able to point me towards a more detailed set of steps to follow to fix the ipv6 issue?
thank you
Paul