What can I do about "ping flooding"?
Recently I have started getting period of poor connections on my home LAN. So, today after my connection was unresponsive for a while once again, I decided to take a look at what was the problem. The log of my router was filled with messages like this one:
PING-FLOODING flooding attack from WAN (ip:xx.yy.zzz.qq) detected.
The ip address was different on each of the messages. I am now wondering what I can do about this. A quick search on google showed me that the best way to combat this is to make i so that my router doesn't respond to pings. However, when I look at the settings, I only see this one:
WAN PING
If you enable this feature, the WAN port of your router will respond to
ping requests from the Internet that are sent to the WAN IP Address.
Unfortunately, it isn't enabled! As such, I feel the problem should not be happening and I don't know what else I can do about it.
Any suggestions?
Pings on your external (WAN) interface should not be affecting traffic on your LAN.
Unless there's hundreds of pings every second, it shouldn't be causing any perceptible difference to the traffic going from your LAN to your WAN, either.
It's probably some miscreants pingsweeping, looking for random targets to portscan and try to hack into. It happens all the time.
I think that these log entries have probably been getting logged for a very long time on your router, but you only noticed them recently when looking at a speed issue.
You can:
i) Ignore it. These pingsweeps happen to pretty much everyone. ii) Get a new IP assignment from your ISP. Won't help unless you're sure the pings are targeted at you specifically. iii) Take a note of all the IP addresses which have been recorded as pinging you, lookup who owns them and report the activity to the relevant abuse@ email address. Nothing will happen - you will be lucky to get an auto-acknowledgement email back.
Personally, I'd go with with option i, and look elsewhere for the cause of the network performance issues.