Business Community > Routers > Detected stationary source UDP Flood attack and dropped packets
< Routers

Detected stationary source UDP Flood attack and dropped packets

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Detected stationary source UDP Flood attack and dropped packets

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Detected stationary source UDP Flood attack and dropped packets
Detected stationary source UDP Flood attack and dropped packets
2023-08-04 02:44:23
Tags: #UDP Flood atack
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.3.0 Build 20230511 Rel.51317

Getting lots of logs from a single Macbook Pro running Ventura MacOS :

 

R605 detected stationary source UDP Flood attack and dropped 68085 packets. (Attack-Source=172.16.255.246)
R605 detected stationary source UDP Flood attack and dropped 55651 packets. (Attack-Source=172.16.255.246)

 

I'm also getting a lot of slowness in Wifi devices that are sitting closely to EAP245 access point.

 

R605 is currently not running loadbalancing and is configured to a single WAN and with IPV6 disabled.

The UnF Networks, inc My TP-Link network : 1x OC200, 1x TL-R605, 2x EAP-245 & 1x TL-SG2008
  0      
 
  0      
 
#1
Options
3 Reply
Re:Detected stationary source UDP Flood attack and dropped packets
2023-08-07 02:09:05

Hi @TheUnF 

Thanks for posting in our business forum.

Attack-Source=172.16.255.246

Is this your macOS computer? Find the source of the IP address. Check if there is any software on it causing this trouble.

It seems to be some kind of software on the computer that floods your network and eventually slows your network.

No better solution for ID the software as we can only pinpoint the source MAC address or IP.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:Detected stationary source UDP Flood attack and dropped packets
2024-01-29 08:37:40

  @Clive_A 

 

I've being living with this issue for quite some time on an Intel MBP.

Got a M1 Macbook Air from my company on same network, SSID, etc : I got no logs from it and quite better browsing experience.

 

So as I could not find anything in terms of software (all common like Office365) I decided to RIP the probably offending MacOS to factory reset.

Got another M1 MBP, copy only files from Intel MBP thru the network and I used an Endpoint to monitor the traffic for threads and got nothing.

 

Now I have the same stationary source UDP Flood atack being detected from this new M1 MBP.

 

No way is a software causing it. Must be something with Apples or the attack signature.

The UnF Networks, inc My TP-Link network : 1x OC200, 1x TL-R605, 2x EAP-245 & 1x TL-SG2008
  0  
  0  
#3
Options
Re:Detected stationary source UDP Flood attack and dropped packets
2024-01-30 07:16:53

Hi @TheUnF 

Thanks for posting in our business forum.

TheUnF wrote

  @Clive_A 

 

I've being living with this issue for quite some time on an Intel MBP.

Got a M1 Macbook Air from my company on same network, SSID, etc : I got no logs from it and quite better browsing experience.

 

So as I could not find anything in terms of software (all common like Office365) I decided to RIP the probably offending MacOS to factory reset.

Got another M1 MBP, copy only files from Intel MBP thru the network and I used an Endpoint to monitor the traffic for threads and got nothing.

 

Now I have the same stationary source UDP Flood atack being detected from this new M1 MBP.

 

No way is a software causing it. Must be something with Apples or the attack signature.

1. What are your firewall settings like? Did you change them from the default values?

2. What software do you have on the MBP? Anything that might send a lot of traffic? You seem to be the only one on the forum or the whole support database complaining about this.

3. Wireshark and see how much data comes from the MBP. Esp UDP, you should find out the port as well. Then use the Monitor Hack and check your port and what software this/those ports belong to.

 

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options

Information

Helpful: 0

Views: 1330

Replies: 3

Tags

UDP Flood atack
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.