Detected stationary source UDP Flood attack and dropped packets
Getting lots of logs from a single Macbook Pro running Ventura MacOS :
R605 detected stationary source UDP Flood attack and dropped 68085 packets. (Attack-Source=172.16.255.246)
R605 detected stationary source UDP Flood attack and dropped 55651 packets. (Attack-Source=172.16.255.246)
I'm also getting a lot of slowness in Wifi devices that are sitting closely to EAP245 access point.
R605 is currently not running loadbalancing and is configured to a single WAN and with IPV6 disabled.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @TheUnF
Thanks for posting in our business forum.
Attack-Source=172.16.255.246
Is this your macOS computer? Find the source of the IP address. Check if there is any software on it causing this trouble.
It seems to be some kind of software on the computer that floods your network and eventually slows your network.
No better solution for ID the software as we can only pinpoint the source MAC address or IP.
- Copy Link
- Report Inappropriate Content
I've being living with this issue for quite some time on an Intel MBP.
Got a M1 Macbook Air from my company on same network, SSID, etc : I got no logs from it and quite better browsing experience.
So as I could not find anything in terms of software (all common like Office365) I decided to RIP the probably offending MacOS to factory reset.
Got another M1 MBP, copy only files from Intel MBP thru the network and I used an Endpoint to monitor the traffic for threads and got nothing.
Now I have the same stationary source UDP Flood atack being detected from this new M1 MBP.
No way is a software causing it. Must be something with Apples or the attack signature.
- Copy Link
- Report Inappropriate Content
Hi @TheUnF
Thanks for posting in our business forum.
TheUnF wrote
I've being living with this issue for quite some time on an Intel MBP.
Got a M1 Macbook Air from my company on same network, SSID, etc : I got no logs from it and quite better browsing experience.
So as I could not find anything in terms of software (all common like Office365) I decided to RIP the probably offending MacOS to factory reset.
Got another M1 MBP, copy only files from Intel MBP thru the network and I used an Endpoint to monitor the traffic for threads and got nothing.
Now I have the same stationary source UDP Flood atack being detected from this new M1 MBP.
No way is a software causing it. Must be something with Apples or the attack signature.
1. What are your firewall settings like? Did you change them from the default values?
2. What software do you have on the MBP? Anything that might send a lot of traffic? You seem to be the only one on the forum or the whole support database complaining about this.
3. Wireshark and see how much data comes from the MBP. Esp UDP, you should find out the port as well. Then use the Monitor Hack and check your port and what software this/those ports belong to.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 770
Replies: 3
Voters 0
No one has voted for it yet.