Jump to content

Malicious trafic


Recommended Posts

I have two computers in house, and I am getting on my PC the message from Eset internet security: " Network threat blocked. ICMP Flood Attack. A computer on the network is sending malicious traffic. this can be an attempt to attack your computer. The threat was blocked. "  It is constant,  I can not find anything her on forum.  Maybe i am not looking the right way.  Any ideas?

 

Link to comment
Share on other sites

  • Most Valued Members
23 minutes ago, Danutak said:

I have two computers in house, and I am getting on my PC the message from Eset internet security: " Network threat blocked. ICMP Flood Attack. A computer on the network is sending malicious traffic. this can be an attempt to attack your computer. The threat was blocked. "  It is constant,  I can not find anything her on forum.  Maybe i am not looking the right way.  Any ideas?

 

Check the PC that you received the Flood Attack from , ESET should give you the IP of the source.

See what is causing the flood attacks.

Edited by Rami
Link to comment
Share on other sites

ICMP ping flood attacks are one type of denial of service attacks. The best way to prevent them is by configuring your router's firewall not to respond to ping requests from the Internet.

Ref.: http://www.tomsguide.com/answers/id-3643545/stop-icmp-flood-attacks.html

Also it is imperative that all external router ports, i.e. WAN side of the router, are shown in "stealth" mode.  This is means that the ports are basically invisible to anyone trying to access the router from the external internet. If the attacker can't "see" the ports on the router, he can't launch a ICMP ping attack against one. This is really the only effect method to defeat these types of attacks. 

Link to comment
Share on other sites

I got into my router but there is nothing like ignore In your router, I would look for a setting that is something like "Don't respond to ping requests from the WAN", which literally means "Ignore ICMP requests from the internet". It should be in the firewall section of your router.

I have few tabs;  system information,  then DOCSIS Provisioning, DOCSIS WAN, Docsis event, a lot of warnings there, then wireless , with info about my connection, then Moca info , there is not spot to block ICMP ping,  I am complete newbie with all this,  how do I fix it

Thank you for the links, they explain what is is but not how to fix it so it does not happen all the time

 

 

 

Edited by Danutak
Link to comment
Share on other sites

If your ISP provided your router, you can contact their tech support for assistance.

Also if your ISP is a cable provider, they might have only installed a cable modem. Modems have none of the security features a router provides such as a stateful firewall, NAT, etc..

My best guess based on what you posted would be the firewall, if provided ,would be in the DOCSIS WAN section. Again if you don't know what you are doing, strongly recommend you contact your ISP provider for assistance.

Here's an example of a cable modem/router combo whose security protection specifically notes it has a SPI firewall w/NAT and denial of service protection: https://www.netgear.com/home/products/networking/cable-modems-routers/C7000.aspx#tabs-Security

Edited by itman
Link to comment
Share on other sites

As an example of WAN security settings for the above Netgear referenced cable router, all the "disable" options shown in the below screen shot would not be selected. Appears all those options are enabled by default:

Eset_WAN.png.1077e61f32f22704142d60e6143bf518.png

Edited by itman
Link to comment
Share on other sites

Iman thank you so much mine is Hitron and does not have advanced option ,  the old one had it ,  I remember changing options with help of my IP ,  I will call them today ,  Can not this option, even went through all option.  thank you so much. At least I know now what is going on;)

Link to comment
Share on other sites

  • Most Valued Members
20 minutes ago, Danutak said:

Iman thank you so much mine is Hitron and does not have advanced option ,  the old one had it ,  I remember changing options with help of my IP ,  I will call them today ,  Can not this option, even went through all option.  thank you so much. At least I know now what is going on;)

If your router firmware is old and there is no updates for it and you want to switch firmware check out this website : https://openwrt.org/

It's an open-source firmware that can turn your router into a good router.

Link to comment
Share on other sites

1 hour ago, Rami said:

If your router firmware is old and there is no updates for it and you want to switch firmware check out this website : https://openwrt.org/

It's an open-source firmware that can turn your router into a good router.

It appears his Hitron router isn't supported: https://openwrt.org/toh/start

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members
35 minutes ago, itman said:

It appears his Hitron router isn't supported: https://openwrt.org/toh/start

Sadly , OpenWRT do really change the router in terms of everything in the firmware.

I never heard of Hitron before also.

Edited by Rami
Link to comment
Share on other sites

I suspect what the OP has installed is just a cable modem. Example here: https://www.hitron-americas.com/wp-content/uploads/2016/09/CDA3-35-datasheet1.pdf .

In this setup, all devices must be connected via co-axial cable to the modem. Most cable modems do not have advanced security features routers provide such as a SPI firewall, NAT, etc..

Link to comment
Share on other sites

  • Most Valued Members
1 hour ago, Danutak said:

that correct it is modem from my IP and is connected by cable it is cable modem.  I do not have separate router

 

I think if you request from your ISP they will provide you a router so you can make your cable modem as a bridge mode and then connect it to the router and your devices should be connected to the router while the router have the firewall on , so it's more safe and secure to stay behind a router more than to stay behind not-protected cable modem.

Or you can go ahead and buy a router without requesting from the ISP

Example :

Cable Modem as Bridge Mode connected to a router let's say a OpenWRT router , And then your devices are connected to the router and behind a firewall with a configuration that looks like this that will keep your incoming ports closed or hidden(stealth/reject)

Openwrt-luci-firewall.thumb.png.ba479d3562860e50e40031a94673e83e.png

And then there is the option in the router where you can block pinging and ICMP,but most important is to filter/block all of the incoming ports unless you need a port opened or forwarded to a device then you can do it.

Edited by Rami
Link to comment
Share on other sites

4 hours ago, Rami said:

I think if you request from your ISP they will provide you a router so you can make your cable modem as a bridge mode and then connect it to the router and your devices should be connected to the router while the router have the firewall on , so it's more safe and secure to stay behind a router more than to stay behind not-protected cable modem.

Or you can go ahead and buy a router without requesting from the ISP

Example :

Cable Modem as Bridge Mode connected to a router let's say a OpenWRT router , And then your devices are connected to the router and behind a firewall with a configuration that looks like this that will keep your incoming ports closed or hidden(stealth/reject)

Openwrt-luci-firewall.thumb.png.ba479d3562860e50e40031a94673e83e.png

And then there is the option in the router where you can block pinging and ICMP,but most important is to filter/block all of the incoming ports unless you need a port opened or forwarded to a device then you can do it.

thank you so much,  I spend few hours on Eset tutorial and so far it is fixed ;)

I will see what happen next

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...