Hi all, I hope you can help me with this one.
A good while back my TP-link router (TL-ER604W) started to drop WiFi, LAN and WAN connection (not simultaneously).
Some times all WiFi connected clients couldn't connect to the network, but cabled devices could ping each other. No devices could access the internet.
A router reboot was the only solution to regain connection.
In the router logs I noticed that a number of UDP flood attacks had taken place from inside the network (local IP).
>> 2017-12-30 08:24:36 <4> : Detected stationary source udp flood attack, dropped 6107 packets, attack source: 10.0.0.13 <<
Every time the registered IP belonged to my (non-rooted) OnePlus 2 phone.
I have now installed an app that shows me which apps are accessing the network and which protocol they are using.
Every time I reboot the phone a NEW app is accessing the router gateway 10.0.0.1 using port 67. No other apps are accessing the gateway using UDP on port 67 (except youtube, when used).
And it doesn't stop - It's connected all the time.
I think it's VERY weird that there's a NEW app accessing 10.0.0.1:67 every time I reboot. And it's also kind of weird that it keeps the connection open all the time.
I have tried installing different kinds of anti virus app and have them scan the phone. None of them found anything.
Another thing that have happened a few times is (according to the router logs) a "large scale" ping attack on the WAN side.
The ping attacks always happened within a few hours of the UDP flood attacks.
I don't know if the two are connected and I don't know if anybody has gained access to my network.
What can I do? Is everything okay? I'm at a loss...
Kind regards
A good while back my TP-link router (TL-ER604W) started to drop WiFi, LAN and WAN connection (not simultaneously).
Some times all WiFi connected clients couldn't connect to the network, but cabled devices could ping each other. No devices could access the internet.
A router reboot was the only solution to regain connection.
In the router logs I noticed that a number of UDP flood attacks had taken place from inside the network (local IP).
>> 2017-12-30 08:24:36 <4> : Detected stationary source udp flood attack, dropped 6107 packets, attack source: 10.0.0.13 <<
Every time the registered IP belonged to my (non-rooted) OnePlus 2 phone.
I have now installed an app that shows me which apps are accessing the network and which protocol they are using.
Every time I reboot the phone a NEW app is accessing the router gateway 10.0.0.1 using port 67. No other apps are accessing the gateway using UDP on port 67 (except youtube, when used).
And it doesn't stop - It's connected all the time.
I think it's VERY weird that there's a NEW app accessing 10.0.0.1:67 every time I reboot. And it's also kind of weird that it keeps the connection open all the time.
I have tried installing different kinds of anti virus app and have them scan the phone. None of them found anything.
Another thing that have happened a few times is (according to the router logs) a "large scale" ping attack on the WAN side.
The ping attacks always happened within a few hours of the UDP flood attacks.
I don't know if the two are connected and I don't know if anybody has gained access to my network.
What can I do? Is everything okay? I'm at a loss...
Kind regards
Last edited:
Facebook
Twitter
Instagram