- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
DOS attack UDP port scan from private network address
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have been getting non-stop DOS attack: UDP port scan from a private network address, is it some device in my network that is causing this issue? Can anyone guide me on how to identify the culprit device?
Example of the log shown
[DoS Attack: UDP Port Scan] from source: 169.254.32.5, port 35834, Wednesday, August 18, 2021 11:36:38
[DoS Attack: UDP Port Scan] from source: 169.254.32.5, port 34617, Wednesday, August 18, 2021 11:36:09
[DoS Attack: UDP Port Scan] from source: 169.254.32.5, port 41504, Wednesday, August 18, 2021 11:35:41
[DoS Attack: UDP Port Scan] from source: 169.254.32.5, port 46924, Wednesday, August 18, 2021 11:35:11
[DoS Attack: UDP Port Scan] from source: 169.254.32.5, port 54570, Wednesday, August 18, 2021 11:34:40
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is called a "Link Local" IP address, which is created by a device when it is unable to get an IP from the network using DHCP.
I would start with the Orbi web interface Attached Devices display All of the devices shown with valid IP addresses (usually starting with 192.168.1) can be ruled out. Are there any other devices connected to the network that are not on the Attached Devices list?
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is called a "Link Local" IP address, which is created by a device when it is unable to get an IP from the network using DHCP.
I would start with the Orbi web interface Attached Devices display All of the devices shown with valid IP addresses (usually starting with 192.168.1) can be ruled out. Are there any other devices connected to the network that are not on the Attached Devices list?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: DOS attack UDP port scan from private network address
A more technical approach would be to activate the feature on the debug page to Enable LAN/WAN Packet Capture.
(http://orbilogin.net/debug.htm)
If you are able to capture some of these "attacks", then a tool such as Wireshare (free for Windows, Linux, Mac) will provide the MAC address that is sending the packets. Put that into an on-line tool to identify which company manufactured the network card in the device.
(I like to use https://www.wireshark.org/tools/oui-lookup.html
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: DOS attack UDP port scan from private network address
Wow, i have too many devices connected. I think the culprit might be the yeelight with WIFI connection for home automation. Seems like one of the light is not connected to the wifi. Let me try turning them off to see if it will solve this issue.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: DOS attack UDP port scan from private network address
Yup, after turning off that light, the DOS attach UDP scan is gone. Thanks!
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more