Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

"Ping" and "attack" could be a red herring. Without knowing how the device detects this there could be other causes.
Here is an example from Cisco that doesn't look at the ICMP Type or Code fields:

Triggers when a IP datagram is received with the protocol sig_desc of the IP header set to 1(ICMP), the Last Fragment bit is set, and ( IP offset * 8 ) + ( IP data length) > 65535 that is to say, the IP offset (which represents the starting position of this fragment in the original packet, and which is in 8 byte units) plus the rest of the packet is greater than the maximum size for an IP packet. This indicates a denial of service attack.

ICMP is used for a lot more than just Ping request/replies.
It's possible that something in the network is sending an improperly formated ICMP packet.
ICMP packets generated by an IP phone:

It doesn't look like the TL-R600VPN supports packet capture. It does support port mirroring.
That would require a site visit and a wired connection to your laptop running Wireshark.