Eset is saying my router is trying to ICMP flood my computer

[scgt1]

So in the last two days when I disconnect from AirVPN I get a popup from Eset claiming my own router ip (it's the missing details that is cleared out in the image below) is being blocked for ICMP flood attack. I've logged into my Netgear R7000 to check what is all connected to my network and nothing looks out of the norm. I do have an ip range set and it should be blocking anything that isn't allowed on the network.

I was running version 1.07.12_1.2.5 (Wasn't done long ago) and just updated to version 1.08.34_1.2.15 which looks like a junk update from the notice. Um no Netgear you can't have my analytic data.

Such a newb with this firewall/network settings and security crap.

I will add that after doing some minor checking online I ran the following common ports scan from here.

The results are below. I'm not sure if the last section that bombed is because AirVPN should be making me hidden or what. Like I said network/security newb.

 

[Cmustang87]

The last section that is failed is because you don't have your router set to drop external ping requests. The reason this is a security risk is because bots and other hackers detect systems being connected by sending out pings, and then they use this data to try and hack even further.

Your antivirus is detecting a ICMP flood attack possibly because you have ping open to the internet on your local workstation, and as traffic passes through your router from the internet, NAT translates the traffic so it will appear as the source IP will be your router.

You need to check your port forwards and also double check to make sure you have external ping requests set to DROP rather than ACCEPT or REJECT. REJECT will still send a reply that it was rejected, which still informs hackers that a node exists at that IP.

 

[scgt1]

The last section that is failed is because you don't have your router set to drop external ping requests. The reason this is a security risk is because bots and other hackers detect systems being connected by sending out pings, and then they use this data to try and hack even further.

Your antivirus is detecting a ICMP flood attack possibly because you have ping open to the internet on your local workstation, and as traffic passes through your router from the internet, NAT translates the traffic so it will appear as the source IP will be your router.

You need to check your port forwards and also double check to make sure you have external ping requests set to DROP rather than ACCEPT or REJECT. REJECT will still send a reply that it was rejected, which still informs hackers that a node exists at that IP.

I have nothing setup in the port forwarding/port triggering section and don't see anything in the settings about the external ping request to drop vs reject/accept. There is a box to check for "Respond to ping on internet port" but it's not checked.

There are also the following:
Disable Port Scan and DoS Protection which is unchecked also.
Disable IGMP Proxying which is checked
MTU is set for 1500 which has nothing to do with this issue
Nat Filtering is set for Secured and there is another check box in this section for Disable SIP ALP but it's not checked either.

I think I mentioned earlier that I have Access Control turned on but it is set to block all new devices from Connecting. Everything that is connected I know what it is and it's allowed.

UPnP is turned on with advertisement period 30 min advertisement time to live 4 (in hops)What ever hops are.
UPnp Portmap Table Active yes Protocol TPC Int and Ext ports are the same with the IP address of my Dish Hopper in the living room? Don't know why this is in this section as I didn't set it up nor know what the UPnP bit is all about.

 

[Cmustang87]

Very interesting, I'm not sure what would be causing this then.

Do you have other devices on your network with eset that are reporting similar?

The other option is to factory reset the R7000 and get the latest firmware. I've seen a lot of posts on various forums with lots of issues with these R7000 devices.

 

[scgt1]

Very interesting, I'm not sure what would be causing this then.

Do you have other devices on your network with eset that are reporting similar?

The other option is to factory reset the R7000 and get the latest firmware. I've seen a lot of posts on various forums with lots of issues with these R7000 devices.

I do but I'm waiting on my display to get here today since my U3415W sold sooner then I expected. LOL

I have a feeling it is just reporting what it is in the test above because of AirVPN. Since I am supposed to be hidden when running behind it. I should run the test again while connected to AirVPN and see what the results are. I do know that once I disconnect AirVPN service I can't connect to the net normally as if Eddie client wasn't installed. Something with the program and the mock network adapter overrides windows network settings to where I can't connect normally to the net unless I run Eddie/AirVPN.

 

[Cmustang87]

Well your AirVPN IP address could be pingable from the internet, which is why this report is showing that. Is the report showing your true ISP IP address or your VPN IP address?

Additionally, AirVPN connectivity could be sending ping requests to your computer if you're running a client for tunnel status. I don't have experience with AirVPN, though.

 

[scgt1]

Well your AirVPN IP address could be pingable from the internet, which is why this report is showing that. Is the report showing your true ISP IP address or your VPN IP address?

Additionally, AirVPN connectivity could be sending ping requests to your computer if you're running a client for tunnel status. I don't have experience with AirVPN, though.

It is air's ip not mine that shows. Tunneling adapter is what is installed I couldn't think of the name for it.

I just ran the test again while connected to Eddie and got the same results. I then ran the UPnP test and passed it:

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!