[DoS attack: Smurf] attack packets in last 20 sec from ip is my Homey. It doesn’t resolve anything:

$ nslookup homey.app
;; connection timed out; no servers could be reached

Regarding your followup post: how do you know the traffic is coming from Homey when the packets arrive on your external interface? Do you have a Netgear router? If so, read this post about those generating a lot of false positives when it comes to DoS attack alerts.

I’m blocking the homey ip, and the traffic disappear

How do you know it’s not regular normal traffic? The DNS amplification issue that you mention is not relevant because your Homey is located in an internal network and no outside attackers can abuse it (unless you have a very badly configured network).

Tried NSlookup while using Wireshark also but I didn’t receive any response… on UDP.
On TCP however, Homey did respond.
However I’m not an expert on Wireshark so I can’t tell if the responses are ‘wrong’

There’s something running on TCP port 53, but at least with firmware v4.2, it just closes the connection immediately:

$ dig +tcp @ homey.app
;; communications error to end of file

Hey I had similair symptoms myself recently. Out of the blue I had wierd lan issues each time I stream out data(share screen etc) I loose connectivity. I see same error you guys did in netgear logs. I tried turn of netgear app in Homey but with no succces. I turn of homey and problems gone, however my entire house stop working because everything connected to the homey.

You suspect it has something to do with homey passive device scan. Can you turn it off or make The neetgear chill of?

Am using The 5.0 beta though

Hi, what is the status of these ‘Smurf attacks’ originating from Homey? I have the same thing: warning about possible Smurf attacks from my Homey address at a fixed interval of 15 minutes, from my router:

Mar 17 18:00:41 Firewall attack: Smurf attack ->IN=br0 OUT= MAC= xxx SRC=192.168.178.xx
Mar 17 18:15:37 Firewall attack: Smurf attack ->IN=br0 OUT= MAC= xxx SRC=192.168.178.xx


1 Like

Athom doesn’t care: MAC discovery relies on broadcast pings that not all devices respond to · Issue #148 · athombv/homey-apps-sdk-issues · GitHub

Ok, thanks for the link @robertklep , guess we can ignore this then.

Yes, just like Athom does :wink:

I have also notis this and I could ignore it but the problem is that the router lose connection to all devices during the DoS and that is a hard to ignore problem. I have tried to disable Port Scan and DoS Protection on my netgear router but that does not help.

So how do I solve it?

If you can’t disable it in your router, you can’t solve it. You can try submitting a support request but I don’t have high hopes that Athom will do anything about it.