My network has been running odd for the passed couple days. I would have to reboot my router which is a netgear ax80 and cable modem every morning around 8am. I checked my network logs on my netgear ax80 router and see many lines that read:
DoS attack: Fraggle Attack] from source 10.37.240.1,port 67 Tuesday, Aug 18,2020 08:01:39
My network IP addresses are 192.* . I’m not sure how I’m getting attacked by a 10.* ip Or maybe it’s just a false positive? What do you guys think?
It is not really possible to do this yourself. By the time you have received the packets in a denial of service, they have already attacked you by sucking up your bandwidth.
If this is coming from a consistent range of IP addresses you may be able to get your ISP to help you with it. This all depends on how much they care. A simple firewall or routing rule on the ISP’s hardware can block those packets before they get sent over your link from the ISP, saving your bandwidth.
You should contact the ISP anyway. It’s possible that this “attack” is actually coming from their hardware either because of a hack or because something has broken down and gone screwy. A “DOS attack” might also just be broken hardware.
This is a nice round number, it’s probably the IP of your CMTS.
In general, your router should just ignore this junk traffic, I’d go and see if Netgear allows you to disable this kind of processing/detection. It’s generally not useful to log 10.* traffic on a docsis network.
I would say contact the ISP, and ask them, they might have a way to look at recent activity being sent OP’s way.
Unless OP is hosting any services, they might also issue a new IP address.
If it is a targeted attack, a new ip should at least pause the attack until attackers update? And then OP would have a before: and after: to measure?
Well, it seems like my ISP doesn’t care too much. They said there isn’t a way for us to check if I’m getting attacked. I asked her if I can change my IP address. She stepped me through the ipconfig commands release and renew(forgot the order) I think that changed my external ip. I have my internal network setup as dhcp so I am not exactly sure if that changed my external ip or internal ip.
But like @risk mentioned, the flood of traffic might be broadcast, I.e. sent to a lot of addresses, not just targeting yours.
Even if it is just targeted at yourself, changing ip might only be a temporary reprieve?
Not trying to be negative, just curbing expectations.
Also, some ranges of ip addresses get a lot of investigative traffic, just sniffing for a way in, but that is probably more vps territory