Business Community > All Threads > Detected WAN ping attack from {IPAddress} and dropped {count} packets
< All Threads

Detected WAN ping attack from {IPAddress} and dropped {count} packets

Detected WAN ping attack from {IPAddress} and dropped {count} packets

Detected WAN ping attack from {IPAddress} and dropped {count} packets
Detected WAN ping attack from {IPAddress} and dropped {count} packets
Friday
Tags: #ACL
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.6(latest)

Hi,

 

It seems someone / thing is trying to continiously ping my public IP address.

Now i want to block it, found this thread and tried the method as Clive described. "detected WAN Ping attack from xxx.xxx.xxx.xxx" - Business Community 

Point is, i still get the same logs. 

 

ACL configured as Gateway ACL:

Direction > Wan IN

Policy > Deny

Protocols > All

 

Source > An IPgroup with 71.18.0.0 / 16 as subnet AND 117.144.213.0 / 24 as subnet

Destination > IPGroup_Any, An IPgroup which points to the WAN ip/32, and an IPgroup pointing towards the router via local IP. 

 

Anything i possibly have been forget?

 

Thanks in advance!

 

Regards,

 

 

  0      
 
  0      
 
#1
Options
4 Reply
Re:Detected WAN ping attack from {IPAddress} and dropped {count} packets
Sunday

Hi @Naldjer 

Thanks for posting in our business forum.

I am not sure if I am reading the correct setup.

Do you have a screenshot of how you configured it?

 

If this really bothers you, you can disable this notification in the log settings.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#2
Options
Re:Detected WAN ping attack from {IPAddress} and dropped {count} packets
Sunday - last edited Sunday

Hey  @Clive_A 

 

Hereby some screenshots of my setup.


1. ACL

 

2. IP group Block_WanAttacks

 

 

3. WANIP (IPGroup)

 

 

Furthermore its not really the log that bothers me, i just want to have it blocked entirely.

  0  
  0  
#3
Options
Re:Detected WAN ping attack from {IPAddress} and dropped {count} packets
Monday

Hi @Naldjer 

Thanks for posting in our business forum.

Naldjer wrote

Hey  @Clive_A 

 

Hereby some screenshots of my setup.


1. ACL

 

2. IP group Block_WanAttacks

 

 

3. WANIP (IPGroup)

 

 

Furthermore its not really the log that bothers me, i just want to have it blocked entirely.

Log of the IPs.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options
Re:Detected WAN ping attack from {IPAddress} and dropped {count} packets
Monday

Hey  @Clive_A 

 

Thanks again!

 

Hereby the logs.

 

 

Many thanks!

 

Regards,

  0  
  0  
#5
Options

Information

Helpful: 0

Views: 95

Replies: 4

Tags

ACL
Related Articles
"detected WAN Ping attack from xxx.xxx.xxx.xxx"
9725 2
WAN Ping Attack messages
1361 1
detected WAN Ping attack
928 0
Detected Large Ping Attack
1285 0
ER7206 detected WAN Ping attack and dropped 2 packets.
2627 0
Daily wan attack ping with resolve?
267 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.