Smurf attack is someone spoofing a victim’s source address in a broadcast packet so as to have everybody on the network gang-bang him with responses. The guy who has all the traffic is the victim, not the perp.
When your Netgear router reports that the packets are coming “from” 10.10.45.103, you first need to know whether the address it is reporting is the spoofed address (victim) or the actual address (perp). If it’s the victim, the Netgear isn’t telling you what you need to know to stop the abuse. Best option is to configure your router to turn off forwarding of directed broadcasts (https://www.nordu.net/articles/smurf.html). On Oct 3, 2014, at 7:38 PM, RickG <[email protected]> wrote: > I've got a customer complaining about intermittent speed issues and short > cut off's on his connection. My MT box shows he has a high connection rate. > I also noticed in the logs on my Netgear router that his IP shows with the > following message: [DoS attack: Smurf] attack packets in last 20 sec from > ip [10.10.45.103], Friday, Oct 03,2014 16:05:51 > I assume he has a virus but he says he has run virus scans on all his > computers and devices. I'm not sure what to tell him next. Any ideas? > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mail.butchevans.com/pipermail/mikrotik/attachments/20141003/74df16e8/attachment.html> > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
