Dear @BravoMike31,

BravoMike31 wrote

after my post above, i got more than 15 new emails with the same alerts and today 2-3 times.
 

As i saw there are many other posts with the same issues. It is not normal to have so many ping attacks in a n ew network without PCs running, without a static public ip.

Large Ping attack means the gateway receives multiple ping packets larger than 1500 bytes, not only PCs can send ping packets, other network equipment with IP addresses can also have such ability. And I think it's nice to know that the router has detected the Large Ping attacks and blocked them to protect the system from being crashed.

If you are curious about where the large ping attack comes from, you may try to capture the ingress & egress packets from the LAN and WAN ports, and check the ICMP packets to trace the attack. In addition, you may need to configure the gateway in Standalone mode and then configure the Port Mirror to capture the packets (the gateway in Controller mode doesn't support the port mirror feature at present).

By the way, the email notification for such alerts can be canceled if you don't want to receive them via email.

Dear @Norbert_123,

Norbert_123 wrote

@BravoMike31 have the same. this have to be some sort of a bug, all network clients in my omada network are properly configured and secured but controller alerts on large ping attack all the time (even if WAN is down, so this have to be related to packets exchanged within DMZ).

The large ping attack is not only coming from the WAN, but also from the LAN.

If you disconnect everything from the gateway, do you still get the large ping attack?