Message Detected Ping of Death attack.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Message Detected Ping of Death attack.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Message Detected Ping of Death attack.
Message Detected Ping of Death attack.
2019-09-04 16:52:53 - last edited 2021-04-16 10:22:21
Model: TL-ER6120  
Hardware Version: V2
Firmware Version: 2.0.3 Build 20180929 Rel.56286

i'm getting the message in system log: 

2019-09-04 13:49:01 firewall[0]: <4> 05111025 Detected Ping of Death attack. Dropped 3 packets.

but i can't know where it comes from because it doesn't show me any data other than that, i would like to know how i can get this information.

I'm getting the message with often

  0      
  0      
#1
Options
7 Reply
Re:Message Detected Ping of Death attack.
2019-09-05 06:14:20 - last edited 2021-04-16 10:22:21

DioCarvalho wrote

i'm getting the message in system log: 

2019-09-04 13:49:01 firewall[0]: <4> 05111025 Detected Ping of Death attack. Dropped 3 packets.

but i can't know where it comes from because it doesn't show me any data other than that, i would like to know how i can get this information.

I'm getting the message with often

 

If you want to konw where it comes from, you need to capture the packets. 

You can use wireshark to capture the packets and use the port mirror feature of the router. Just find the ICMP packets. (ping of death attack means the ICMP ping packets that smaller than 64 bytes or larger than 65535 bytes). Generally it comes from the packets that smaller than 64 bytes. When you capture the packets, the PC may shows 64 bytes. So find the ICMP packet that is 64 bytes or smaller. Then check the IP address to find where it comes from.

  0  
  0  
#2
Options
Re:Message Detected Ping of Death attack.
2020-01-15 14:23:47 - last edited 2021-04-16 10:22:21

@Andone 

 

 

I guess we are getting what we pay for, eh ??   A $60 router is not going to have all the features of a Cisco or Netgear router costing 10 times as much.

 

I started getting the "Pings of Death" too.  I don't know where they are coming from - I assume it is a new marketing campaign from foreign "Bad Actors".

 

Doesn't seem to affect performance of the TL-R600, so I'm ignoring them.  The router is doing its job and Dropping the packets.

 

If you have IPSEC tunnels between more than one TL-600,  turn off Dead Peer Detection (DPD) or you may have issues with the connection dropping and reconnecting too much.

 

  0  
  0  
#3
Options
Re:Message Detected Ping of Death attack.
2021-02-18 22:29:33 - last edited 2021-04-16 10:22:21

@DeBear 

 

Just installed r605 and started getting those msgs. Is it then safe to ignore it or something could be done do eliminate this?

  0  
  0  
#4
Options
Re:Message Detected Ping of Death attack.
2021-02-19 11:49:27 - last edited 2021-04-16 10:22:21

@Vendo 

 

Sadly at the moment the SDN doesnt give enough information to diagnose the source / reason for these so personally.. I have just been ignoring them and deleting the alerts in mass when logged in

  0  
  0  
#5
Options
Re:Message Detected Ping of Death attack.
2021-03-25 14:12:36 - last edited 2021-04-16 10:22:21

@DioCarvalho 

 

I just upgraded the firmware on my R605 and the Detected Ping of Death attack are no longer showing, the release notes for the firmware say that this has been fixed.

 

Well happy with that.

  0  
  0  
#6
Options
Re:Message Detected Ping of Death attack.
2021-07-27 15:53:12

@DioCarvalho 

 

I've been having this issue on and off for nearly 2 years, finally got a resolution thanks to this post. I've removed the DPD option from both routers and will see how it goes.

 

Nice they fixed the issue on the R605 but no new firmware on the R600 to address this issue. Last firmware for this one was back in 2020 and the R605 addressed this in March of 2021. 

  0  
  0  
#7
Options
Re:Message Detected Ping of Death attack.
2021-08-10 15:39:02

@Richard.Chase 

 

So even with DPD turned off and all options in Firewall > Attack Defense > Packet Anomoly turned all off, the VPN is still dropping.

 

On Router 1, when i try to refresh the VPn status, the progress bar goes about half way and stops and doesnt refresh. Router 2 doesnt have this issue. In the log file, Router 1 isn't displaying anything about the VPN tunnel but on Router 2, it keeps trying to initiate the IPsec tunnel. Router 1 has already been replaced once.

 

Any thoughts? The connection drops about once a week.

  0  
  0  
#8
Options

Information

Helpful: 0

Views: 18022

Replies: 7

Related Articles