Malicious trafic

[Danutak 3]

I have two computers in house, and I am getting on my PC the message from Eset internet security: " Network threat blocked. ICMP Flood Attack. A computer on the network is sending malicious traffic. this can be an attempt to attack your computer. The threat was blocked. "  It is constant,  I can not find anything her on forum.  Maybe i am not looking the right way.  Any ideas?

 

[TomFace 539]

Hello Danutak....here's a link to the KB on attack types.

https://support.eset.com/search/?search=ICMP+Flood+Attack

Regards,

Tom

[Nightowl 187]

23 minutes ago, Danutak said:

I have two computers in house, and I am getting on my PC the message from Eset internet security: " Network threat blocked. ICMP Flood Attack. A computer on the network is sending malicious traffic. this can be an attempt to attack your computer. The threat was blocked. "  It is constant,  I can not find anything her on forum.  Maybe i am not looking the right way.  Any ideas?

 

Check the PC that you received the Flood Attack from , ESET should give you the IP of the source.

See what is causing the flood attacks.

Edited November 18, 2018 by Rami

[itman 1,538]

ICMP ping flood attacks are one type of denial of service attacks. The best way to prevent them is by configuring your router's firewall not to respond to ping requests from the Internet.

Ref.: http://www.tomsguide.com/answers/id-3643545/stop-icmp-flood-attacks.html

Also it is imperative that all external router ports, i.e. WAN side of the router, are shown in "stealth" mode.  This is means that the ports are basically invisible to anyone trying to access the router from the external internet. If the attacker can't "see" the ports on the router, he can't launch a ICMP ping attack against one. This is really the only effect method to defeat these types of attacks. 

[Danutak 3]

I got into my router but there is nothing like ignore In your router, I would look for a setting that is something like "Don't respond to ping requests from the WAN", which literally means "Ignore ICMP requests from the internet". It should be in the firewall section of your router.

I have few tabs;  system information,  then DOCSIS Provisioning, DOCSIS WAN, Docsis event, a lot of warnings there, then wireless , with info about my connection, then Moca info , there is not spot to block ICMP ping,  I am complete newbie with all this,  how do I fix it

Thank you for the links, they explain what is is but not how to fix it so it does not happen all the time

 

 

 

Edited November 18, 2018 by Danutak

[itman 1,538]

If your ISP provided your router, you can contact their tech support for assistance.

Also if your ISP is a cable provider, they might have only installed a cable modem. Modems have none of the security features a router provides such as a stateful firewall, NAT, etc..

My best guess based on what you posted would be the firewall, if provided ,would be in the DOCSIS WAN section. Again if you don't know what you are doing, strongly recommend you contact your ISP provider for assistance.

Here's an example of a cable modem/router combo whose security protection specifically notes it has a SPI firewall w/NAT and denial of service protection: https://www.netgear.com/home/products/networking/cable-modems-routers/C7000.aspx#tabs-Security

Edited November 18, 2018 by itman

[Danutak 3]

Itman I will contact my IP thank you , yes i have modem but i do not want to mess it up. 

[itman 1,538]

As an example of WAN security settings for the above Netgear referenced cable router, all the "disable" options shown in the below screen shot would not be selected. Appears all those options are enabled by default:

Edited November 18, 2018 by itman

[Danutak 3]

Iman thank you so much mine is Hitron and does not have advanced option ,  the old one had it ,  I remember changing options with help of my IP ,  I will call them today ,  Can not this option, even went through all option.  thank you so much. At least I know now what is going on;)

[Nightowl 187]

20 minutes ago, Danutak said:

Iman thank you so much mine is Hitron and does not have advanced option ,  the old one had it ,  I remember changing options with help of my IP ,  I will call them today ,  Can not this option, even went through all option.  thank you so much. At least I know now what is going on;)

If your router firmware is old and there is no updates for it and you want to switch firmware check out this website : https://openwrt.org/

It's an open-source firmware that can turn your router into a good router.

[itman 1,538]

1 hour ago, Rami said:

If your router firmware is old and there is no updates for it and you want to switch firmware check out this website : https://openwrt.org/

It's an open-source firmware that can turn your router into a good router.

It appears his Hitron router isn't supported: https://openwrt.org/toh/start

Edited November 19, 2018 by itman

[Nightowl 187]

35 minutes ago, itman said:

It appears his Hitron router isn't supported: https://openwrt.org/toh/start

Sadly , OpenWRT do really change the router in terms of everything in the firmware.

I never heard of Hitron before also.

Edited November 19, 2018 by Rami

[itman 1,538]

I suspect what the OP has installed is just a cable modem. Example here: https://www.hitron-americas.com/wp-content/uploads/2016/09/CDA3-35-datasheet1.pdf .

In this setup, all devices must be connected via co-axial cable to the modem. Most cable modems do not have advanced security features routers provide such as a SPI firewall, NAT, etc..

[Danutak 3]

that correct it is modem from my IP and is connected by cable it is cable modem.  I do not have separate router

 

[Nightowl 187]

1 hour ago, Danutak said:

that correct it is modem from my IP and is connected by cable it is cable modem.  I do not have separate router

 

I think if you request from your ISP they will provide you a router so you can make your cable modem as a bridge mode and then connect it to the router and your devices should be connected to the router while the router have the firewall on , so it's more safe and secure to stay behind a router more than to stay behind not-protected cable modem.

Or you can go ahead and buy a router without requesting from the ISP

Example :

Cable Modem as Bridge Mode connected to a router let's say a OpenWRT router , And then your devices are connected to the router and behind a firewall with a configuration that looks like this that will keep your incoming ports closed or hidden(stealth/reject)

And then there is the option in the router where you can block pinging and ICMP,but most important is to filter/block all of the incoming ports unless you need a port opened or forwarded to a device then you can do it.

Edited November 20, 2018 by Rami

[Danutak 3]

4 hours ago, Rami said:

I think if you request from your ISP they will provide you a router so you can make your cable modem as a bridge mode and then connect it to the router and your devices should be connected to the router while the router have the firewall on , so it's more safe and secure to stay behind a router more than to stay behind not-protected cable modem.

Or you can go ahead and buy a router without requesting from the ISP

Example :

Cable Modem as Bridge Mode connected to a router let's say a OpenWRT router , And then your devices are connected to the router and behind a firewall with a configuration that looks like this that will keep your incoming ports closed or hidden(stealth/reject)

And then there is the option in the router where you can block pinging and ICMP,but most important is to filter/block all of the incoming ports unless you need a port opened or forwarded to a device then you can do it.

thank you so much,  I spend few hours on Eset tutorial and so far it is fixed

I will see what happen next