Tunnel not function well cause by: Detected Ping of Death attack. Dropped 1 packets.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Tunnel not function well cause by: Detected Ping of Death attack. Dropped 1 packets.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Tunnel not function well cause by: Detected Ping of Death attack. Dropped 1 packets.
Tunnel not function well cause by: Detected Ping of Death attack. Dropped 1 packets.
2019-10-10 14:45:59 - last edited 2021-04-19 11:51:01
Model: TL-R600VPN  
Hardware Version: V4
Firmware Version: 4.0.3 Build 20190227 Rel.48206

Since install to the customer site, the tunnel is not fuction well evey time when SA Lifetime expired.

Each time after WAN1: Lifetime of the SA created in phase 1 of IKE negotiation expired. The tunnel build WAN1: IKE negotiation began in initiator mode. (Mode=Aggressive Mode,  and WAN1: Phase 1 of IKE negotiation succeeded. And then it gets WAN1: Lifetime of the SA created in phase 1 of IKE negotiation expired  and still build WAN1: IKE negotiation began in initiator mode. (Mode=Aggressive Mode,  and WAN1: Phase 1 of IKE negotiation succeeded only. After TWO(2) times trying it gets Detected Ping of Death attack. Dropped 1 packets, Detected Ping of Death attack. Dropped 1 packets, Detected Ping of Death attack. Dropped 1 packets.

The other side using same router but firmware version is 4.0.3 Build 20180530 Rel.63202. There is no Detected Ping of Death attack. Dropped 1 packets after WAN1: Lifetime of the SA created in phase 1 of IKE negotiation expired.

Bith of them are not build WAN1: Phase 2 of IKE negotiation succeeded , WAN1: Set up IPsec connection successfully and WAN1: Enable DPD successfully. (DPD-Interval=10). Until manually disable and enable the tunnel then it works well.

Any reply will be appreciated.

  0      
  0      
#1
Options
1 Reply
Re:Tunnel not function well cause by: Detected Ping of Death attack. Dropped 1 packets.
2019-10-11 02:22:26 - last edited 2021-04-19 11:51:01

@cbay 

 

Cannot make sure that Ping of Death will make your VPN drop.

The ICMP packets which are not in the range of 64~65535 bytes will belong to Ping of Death attack.

 

You can try to upgrade the router in the other side. 

  0  
  0  
#2
Options