Large Ping Attack lose 9 to 150 packets

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Large Ping Attack lose 9 to 150 packets

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Large Ping Attack lose 9 to 150 packets
Large Ping Attack lose 9 to 150 packets
2022-06-16 17:32:57
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 76748

Every 10 minutes experience an attack. It only happens when iPhones and iPads are connected. Have 4 EAPs in a mesh network. Is this a problem. And any idea on how to fix. 

  0      
  0      
#1
Options
13 Reply
Re:Large Ping Attack lose 9 to 150 packets
2022-06-16 22:06:40

  @JoeR 

 

Hey

 

This is generally a large packet of over 1500 in size being received by the firewall and stopped, 99% of the time these come from external sources.

 

It could be an App or Connection you have installed on one of the devices is resulting in these coming from external, but it can be hard to detect

 

We all get these on occasion, usually in a batch over a period of time as you are seeing, however its not something un-usual

  2  
  2  
#2
Options
Re:Large Ping Attack lose 9 to 150 packets
2022-10-02 07:38:10 - last edited 2022-10-02 07:44:58

  @JoeR Me too. Same set up. 4 AP's, every 10 to 11 minutes, large ping attack logged.   (Home network, Omada OC200 with ER605 router)
Interestingly i don't get any large Ping attacks (well about 2 in 4 months) on my business network (Omada OC300 with ER7206 Router)

I might need to get some tools to troubleshoot further.

  0  
  0  
#3
Options
Re:Large Ping Attack lose 9 to 150 packets
2022-11-11 09:01:49

  @sereneplace 

Same problem here OC200 with ER7206 with 8 APs

Large ping attack has been happening for 2 years and have been working with TP Link ever since

Latest router firmware shows IP address and in each case it is from an Apple device (Phone, pad or Mac)

Have disabled Private IP address on all devices as thought it might be that but no luck

Waiting now for new ideas from TPLink tech support

  0  
  0  
#4
Options
Re:Large Ping Attack lose 9 to 150 packets
2022-11-11 14:41:43

I am seeing the same thing.  All my "ping attacks" are coming from internal iPhones.

  0  
  0  
#5
Options
Re:Large Ping Attack lose 9 to 150 packets
2022-11-21 12:35:54

Same issue here since more than 1 year.

Every 10 minutes, large ping attack.

 

With the new router firmware and omada 5.6.4, I have the ip source.

But nothing special on these clients.

 

I can see the ip whith wireshark, but no trace of icmp greater than 1500 bytes.

 

 

  1  
  1  
#6
Options
Re:Large Ping Attack lose 9 to 150 packets
2022-12-13 09:56:08

I have exactly the same issue. I had it since a year ago when I installed my Omada network.
Now, after the update, I finally see the address of the problematic device. And those are Apple devices (iPhone mostly).

This is strange. I too don't see those with Wireshark. Maybe it is a bug in Omada then?

  1  
  1  
#7
Options
Re:Large Ping Attack lose 9 to 150 packets
2022-12-13 10:16:53

Hello,

 

 

I received a reply from Tp-Link.

The packet size limit is actually 1024 bytes, not 1500.

The apple packets are 1386 bytes.

Tp-Link tells me that the detectable packet size can be changed in a future version

  1  
  1  
#8
Options
Re:Large Ping Attack lose 9 to 150 packets
2022-12-13 11:51:44

  @Cotchet Good to know. I hope that this update comes fast as this is annoying. 

  0  
  0  
#9
Options
Re:Large Ping Attack lose 9 to 150 packets
2022-12-21 20:43:58

  @Cotchet Hi. How do you see from which IP the attack is coming from? All I see on the lo is "Router detected Large Ping attack and dropped 6 packets." for example. I also have 5.6.4.

  0  
  0  
#10
Options
Re:Large Ping Attack lose 9 to 150 packets
2022-12-22 07:15:46

  @SammyOscar 

Hello,

 

2 ways.

 

Before omada 5.6, use Wireshark. Listen the traffic and filter on icmp.

You will see ping greater than 1024 bytes with the ip source and ip destination.

 

From omada 5.6 with 7206 in 1.2.3 version, you will see the ip source in omada log.

 

David

  0  
  0  
#11
Options