Ping Of Death
Hi, just bought one of these to replace my aging Airport Extreme that kept disconnecting the internet and LAN. After installation the SPI firewall reports 'Detected Ping of Death attack. Dropped 1 packets.
This is happening about every 10 min or so. Always 1 packet, could this be a false positive ?
Regards
Ump..
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Turns out it was a false positive (no surprise there) - for the few people who do use this forum and are interested it turns out it was a VPN gaming solution from MSI called CfoSpeed. This is bundled with MSI gaming computers, and is also sold as a stand alone program.
I don’t suppose anyone will read this, I think this forum is all but redundant.
- Copy Link
- Report Inappropriate Content
Update:-
For the people interested, I think I have fixed it.
Following a RTFM event, I binded the mac to the ip. This has suppressed the errors.
- Copy Link
- Report Inappropriate Content
Update 2
Its started again, so I guess the firewall is correct. The attackers just had a bit of a rest.
- Copy Link
- Report Inappropriate Content
Ok So I have found out that it is coming from a computer on my network. This is a windows10 machine. I found it not because of the firewall - as its useless because it does not tell you the attacking IP. Why would they code a firewall like this - shameful.
I have now spent many hours trying to track the offending machine down, and it all boiled down to trial and error due to the inadequacies of this router. Even free ones supplied by the ISP log atacking IP's.
I still have yet to find the offending program or service, and still have to clarify if this is a real attack, or simply a false positive which given this router is more than likely.
- Copy Link
- Report Inappropriate Content
Turns out it was a false positive (no surprise there) - for the few people who do use this forum and are interested it turns out it was a VPN gaming solution from MSI called CfoSpeed. This is bundled with MSI gaming computers, and is also sold as a stand alone program.
I don’t suppose anyone will read this, I think this forum is all but redundant.
- Copy Link
- Report Inappropriate Content
Ping of attach is that attacker sends the IP packets larger than 65535 bytes to the others. A little curious about what packets sent by CfoSpeed caused the false positive. If you can show the packets, that will be great.
- Copy Link
- Report Inappropriate Content
Umpa wrote
I found it not because of the firewall - as its useless because it does not tell you the attacking IP. Why would they code a firewall like this - shameful.
Agree 100%. Why wouldn't you tell us the IP?
Since I am seeing the same thing, would you be able to tell me how you tracked it down yourself? I will need to do that too.
- Copy Link
- Report Inappropriate Content
1 packet is not an attack. If you have repeatedly message and you care much about this, try to capture packets.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 5952
Replies: 7
Voters 0
No one has voted for it yet.