1 | initial version |
"Ping" and "attack" could be a red herring. Without knowing how the device detects this there could be other causes.
Here is an example from Cisco that doesn't look at the ICMP Type or Code fields:
Triggers when a IP datagram is received with the protocol sig_desc of the IP header set to 1(ICMP), the Last Fragment bit is set, and ( IP offset * 8 ) + ( IP data length) > 65535 that is to say, the IP offset (which represents the starting position of this fragment in the original packet, and which is in 8 byte units) plus the rest of the packet is greater than the maximum size for an IP packet. This indicates a denial of service attack.
ICMP is used for a lot more than just Ping request/replies.
It's possible that something in the network is sending an improperly formated ICMP packet.
ICMP packets generated by an IP phone:
https://support.huawei.com/enterprise/en/knowledge/EKB1000080563
It doesn't look like the TL-R600VPN supports packet capture. It does support port mirroring.
That would require a site visit and a wired connection to your laptop running Wireshark.