Go Back   Forums @ The Digital Fix > Gadgets and Gizmos > Computing Forum

Reply
 
Thread Tools Display Modes
Old 04-04-2021, 19:30   #1
AdamBrunt
Trusted User
 
Join Date: Sep 2000
Location: UK
Posts: 26,244
Thanks: 196
Thanked 374 Times in 260 Posts
Macbook Air being detected as a potential source of a DDOS attack ?

Hi all,

So my daughter bought a brand new Macbook Air a few days ago and has been using it fine until yesterday; at which point it could connect to our router fine but not get to the internet.

After a big of digging around, I found someone who posted about having the same problem and traced it to his router detecting the Macbook Air as a potential DDOS threat and had blocked it. Sure enough, my TP-Link Archer C7 router - which had DDOS Protection enabled had done the same thing and had blacklisted the Macbook. Removing the Air from the list and disabling DDOS Protection has solved the issue. All my daughter was doing at the time was watching Youtube.

Anyone got any ideas what the Air could be doing in the background to be seen as a DDOS threat ? Or am I going to have to leave DDOS protection disabled ?
AdamBrunt is offline   Reply With Quote
Old 05-04-2021, 12:06   #2
ColinD
________________________
 
Join Date: Jul 2000
Location: Middlewich, Cheshire
Posts: 1,091
Thanks: 304
Thanked 120 Times in 54 Posts
My bet would be ads on Youtube. So an ad-blocker might help?
__________________
If you really wanted to screw me up. You should have got to me earlier.
ColinD is offline   Reply With Quote
Old 05-04-2021, 15:08   #3
AdamBrunt
Trusted User
 
Join Date: Sep 2000
Location: UK
Posts: 26,244
Thanks: 196
Thanked 374 Times in 260 Posts
Already use Pihole so not sure it is that, besides there are other devices on the LAN streaming YouTube as well.

The other weird thing is the Air seems to appear in the router's DHCP client list twice ? Once as MACBOOKPRO and as 'Lilys-Air' ( daughter's name ) and it was the first one that was on the DDOS blacklist
AdamBrunt is offline   Reply With Quote
Old 06-04-2021, 22:45   #4
Kryten
Administrator
 
Kryten's Avatar
 
Join Date: Jun 2001
Location: In my own little world
Posts: 29,888
Thanks: 71
Thanked 222 Times in 194 Posts
Are you sure they are the same? Does it show MAC address? Not seen anything like that with my Air or any of my (several) Macs I have at home on my setup (UniFi). Is it able to show you what it is trying to do? Can you do anything on the Mac to see (check activity monitor, do a TCP Dump (if you are comfortable with reading those), look at network connections (netstat / ss) etc.
__________________
Forum Administrator: Mail Me
The Digital Fix
Kryten is offline   Reply With Quote
Old 07-04-2021, 06:32   #5
AdamBrunt
Trusted User
 
Join Date: Sep 2000
Location: UK
Posts: 26,244
Thanks: 196
Thanked 374 Times in 260 Posts
Quote:
Originally Posted by Kryten View Post
Are you sure they are the same? Does it show MAC address? Not seen anything like that with my Air or any of my (several) Macs I have at home on my setup (UniFi). Is it able to show you what it is trying to do? Can you do anything on the Mac to see (check activity monitor, do a TCP Dump (if you are comfortable with reading those), look at network connections (netstat / ss) etc.
Will do so further digging - at the moment I have just turned DDOS Protection off.

But I can re-enable it and see if it happens again
AdamBrunt is offline   Reply With Quote
Old 09-04-2021, 11:19   #6
AdamBrunt
Trusted User
 
Join Date: Sep 2000
Location: UK
Posts: 26,244
Thanks: 196
Thanked 374 Times in 260 Posts
Well this is getting crazy now

I re-enabled DDOS Protection yesterday and her iPhone has been blocked now [ when all she was looking at was TikTok videos this time ]. Either she is looking at dodgy Youtube and TikTok videos [ not impossible though she normally only looks at vlogger stuff but then so does my son and his devices haven't been blocked at all] or TP-Links DDOS Protection is overly sensitive.

The relevant settings available are:

SPI Firewall: Currently off / on
DoS Protection: Currently off / on
-- ICMP-FLOOD Attack filtering: Off / Low / Medium / High
-- UDP-FLOOD Attack filtering: Off / Low / Medium / High
-- TCP-SYN-FLOOD Attack filtering: Off / Low / Medium / High

bold = currently selected setting

Last edited by AdamBrunt; 09-04-2021 at 11:21.
AdamBrunt is offline   Reply With Quote
Old 09-04-2021, 11:28   #7
shteve
[o]EvilTwinkle
 
shteve's Avatar
 
Join Date: Sep 2002
Location: Cov
Posts: 6,644
Thanks: 614
Thanked 924 Times in 647 Posts
Have you done a virus check on them both? Maybe something attached to her profile?
__________________
I've got a signature and an avatar :p
shteve is offline   Reply With Quote
Old 09-04-2021, 12:02   #8
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,053
Thanks: 2,840
Thanked 2,950 Times in 1,281 Posts
I've never used a Mac or iPhone, but how about something like >>

View network activity in Activity Monitor on Mac

Fing - Network Scanne‪r‬

SNMP Router Traffic Graphe‪r
driver8 is offline   Reply With Quote
Old 09-04-2021, 12:23   #9
AdamBrunt
Trusted User
 
Join Date: Sep 2000
Location: UK
Posts: 26,244
Thanks: 196
Thanked 374 Times in 260 Posts
Quote:
Originally Posted by shteve View Post
Have you done a virus check on them both? Maybe something attached to her profile?
Quote:
Originally Posted by driver8 View Post
Will check those out.

Though I really hope she hasn't got a virus already on a barely two week old brand new MacBook
AdamBrunt is offline   Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Dreamhost under a DDOS attack driver8 Computing Forum 0 15-05-2013 08:34
Upgraded from Macbook to Macbook Pro and swapped the drives. Missing something? B0zza Computing Forum 4 05-12-2009 19:05
Ddos attack....anyone work for an ISP ? Guest 358 Computing Forum 3 07-04-2006 19:28
theregister under a DDOS attack! ShaneC Computing Forum 8 21-10-2004 22:44
Virus/DDoS attacks! SteveC Computing Forum 5 18-06-2004 09:41

All times are GMT. The time now is 02:21.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2021, vBulletin Solutions, Inc.qq
Copyright ©2000 - 2021 Network N Ltd.