Router detected Large Ping attack and dropped 7 packets.
Hello everyone.
I have a new network infrastructure running a few days now in a new office under construction.
There I have 3 omada devices (Router, POE Switch and EAP) and a wired security system.
Today i added a Win10 laptop for a video conference and i have more than 10 alerts at omada's log like this one: "Router detected Large Ping attack and dropped 7 packets."
The same happened about 1 week before when added the security system in the network, but after it stopped. No other PC or other network device was connected to the network.
So is this normal, every time i add a new network device, or it is an attack?
Is this critical ? Is this a Ping attack?
Should i take care of these, or remove these alerts from omada's alert emails ?
Thanks
E.A
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Fae This is great news that the FW update will fix this problem with the logs! Is there an update as to when the new FW will come out? Is this going to be for the Omada controller or the ER7206? Regardless of when I use the controller or an ER7206 in standalone, the logs are useless without exposing the source of the incoming traffic. Recording the source IP and port is critical to log analysis and having to setup wireshark and port mirroring isn't always convenient.
- Copy Link
- Report Inappropriate Content
@Fae I have installed version 5.6.3 of the Omada software Controller (Linux), and I still don't see the source IP of the Large Ping attacks. Is there a firmware update that is required, or a setting that is needed to be enabled to view the source IP?
- Copy Link
- Report Inappropriate Content
Dear @Unraider,
Unraider wrote
@Fae I have installed version 5.6.3 of the Omada software Controller (Linux), and I still don't see the source IP of the Large Ping attacks. Is there a firmware update that is required, or a setting that is needed to be enabled to view the source IP?
Yes, it requires to upgrade the router to the adapted firmware, which is stated in the release note, check this post for details.
- Copy Link
- Report Inappropriate Content
@Fae both controller and router have been updated and still not seeing the IPs. Router ER605 v2.0 with 2.0.1 Build 20220223 Rel.68551 and controller 5.5.7 2.5.1 Build 20220803 Rel.39745. Am I missing something?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Fae Hello
I have update my OC200 V1 to the last build (OC200(UN)_V1_1.20.1 Build 20220921) and also the router have the last build (ER7206(UN)_V1_1.2.1 Build 20220512) but I don't see the source IP of the large ping attacks.
What can I do?
Thanks
- Copy Link
- Report Inappropriate Content
@BravoMike31 I am using the Windows based Omada SDN controller and it's updated to the latest version (all devices are latest version) and it does not show the source IP address either. As far as is it a concern, I would say no. I believe it's detected as a False Positive but we don't know for sure because we can't tell where it is coming from (no source IP address). Since many people are reporting it I believe it would be safe to say it's a False Positive detection. TP-Link need to fix this and have it report the source IP address and maybe device name if it's available.
- Copy Link
- Report Inappropriate Content
I upgraded my OC200 V2 to 5.6.4 and also upgraded my ER7206 to 1.2.1 ( 2 November released ) Now i can see source ip adresses
It seems all dropped packet coming from iphones in my network.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 18
Views: 64523
Replies: 89