Cisco DPQ3925 - DoS-type alerts in firewall log
I'm seeing strange DoS-type alerts in the firewall log for my Cisco DPQ3925 gateway. This has been happening for at least a few days...possibly longer because I've never looked at the firewall log before.
The log entry contains the following:
- Description: Teardrop or derivative
- Count: 58
- Last Occurrence: Tue Sep 27 06:53:28 2016
- Target: 126.96.36.199:0
- Source: 0.0.63.0:0
Over the past few days I've seen other examples for different remote target IPs and different descriptions including "Illegal Fragments" and "Ping of Death". So the alerts generally look like DoS attacks, but I'm not clear if the packets are inbound or outbound from my network.
Sorry I cannot post a screenshot because the forum image selector is not working for me in the latest Chrome.
When I look at the Connected Devices Summary in Setup > Lan Setup, there are no devices with either the target or source IP.
Here's what I did years ago to secure the network:
- Changed default admin password to a strong password
- WPA2-Personal AES PSK, broadcast enabled
- MAC whitelist filter
- Remote management: disabled
- SPI firewall protection Off, because Xbox won't work with it on despite attempts to port forward etc.
- Block Anonymous Internet Requests: On