NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Joelovinlife's avatar
Joelovinlife
Aspirant
May 03, 2020

AC2200 Orbi Router(Dos Attacks - Loss of Service)

So I'm having the popular issue of DOS attacks. I've done some research and see most Netgear Routers report these in their logs. However, I lose internet connection randomly through out the day and al...
Joelovinlife's avatar
Joelovinlife
Aspirant
May 03, 2020
Yes I did that and I believe it's definitely related time wise but will 1 to 3 dos attacks make the connection drop??
  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User
    May 03, 2020

    I monitor two Orbi systems that regularly log over 100 "DoS Attacks" every day.  One of them just recently filled the log file every 3 minutes for 8 hours with DoS Attacks, and never went down.  This was a sustained rate of 2-3 attacks logged per second for 8 hours.

     

    I do not doubt that something is causing the Orbi to malfunction frequently, but I have serious doubts that a small number of "DoS Attacks" is the cause.

     

     

    • Joelovinlife's avatar
      Joelovinlife
      Aspirant
      May 03, 2020
      I am thinking the same...thx for the info.
      Not sure if its a Netgear thing or maybe a malfunction in the Router.
      • OrbiPhilip's avatar
        OrbiPhilip
        Luminary
        Aug 09, 2020

        Did you ever find a solution?  I've been experiencing intermittent LOS for a week now. Assumed it was xfinity, but tonight I noticed a correlation between Orbi reporting a DOS attack and Nagios reporting loss of connectivity to CNN, Google, Etc.
        Example:

        Nagios Log excerpt:

        August 08, 2020 12:00	

Host Up[2020-08-08 12:10:44] HOST ALERT: one_dns;UP;SOFT;1;PING OK - Packet loss = 0%, RTA = 11.43 ms
Host Up[2020-08-08 12:10:16] HOST ALERT: google_dns;UP;SOFT;1;PING OK - Packet loss = 0%, RTA = 11.92 ms
Host Up[2020-08-08 12:10:15] HOST ALERT: CNN_http;UP;SOFT;1;HTTP OK: HTTP/1.1 301 Moved Permanently - 499 bytes in 0.048 second response time
Host Up[2020-08-08 12:10:12] HOST ALERT: google_http;UP;SOFT;1;HTTP OK: HTTP/1.1 301 Moved Permanently - 547 bytes in 0.052 second response time
Host Down[2020-08-08 12:10:09] HOST ALERT: CNN_http;DOWN;SOFT;4;CRITICAL - Socket timeout after 10 seconds
Host Down[2020-08-08 12:10:06] HOST ALERT: google_http;DOWN;SOFT;3;CRITICAL - Socket timeout after 10 seconds
Host Down[2020-08-08 12:09:57] HOST ALERT: google_dns;DOWN;SOFT;1;(Host check timed out after 30.01 seconds)
Host Down[2020-08-08 12:09:53] HOST ALERT: CNN_http;DOWN;SOFT;3;CRITICAL - Socket timeout after 10 seconds
Host Down[2020-08-08 12:09:50] HOST ALERT: google_http;DOWN;SOFT;2;CRITICAL - Socket timeout after 10 seconds
Host Down[2020-08-08 12:09:40] HOST ALERT: one_dns;DOWN;SOFT;1;(Host check timed out after 30.01 seconds)
Host Down[2020-08-08 12:09:37] HOST ALERT: CNN_http;DOWN;SOFT;2;CRITICAL - Socket timeout after 10 seconds
Host Down[2020-08-08 12:09:34] HOST ALERT: google_http;DOWN;SOFT;1;CRITICAL - Socket timeout after 10 seconds
Host Down[2020-08-08 12:09:20] HOST ALERT: CNN_http;DOWN;SOFT;1;CRITICAL - Socket timeout after 10 seconds

August 08, 2020 08:00	

Service Ok[2020-08-08 08:51:52] SERVICE ALERT: CNN_http;HTTP;OK;SOFT;1;HTTP OK: HTTP/1.1 301 Moved Permanently - 499 bytes in 0.046 second response time
Host Up[2020-08-08 08:47:08] HOST ALERT: CNN_http;UP;SOFT;1;HTTP OK: HTTP/1.1 301 Moved Permanently - 499 bytes in 0.046 second response time
Host Up[2020-08-08 08:47:05] HOST ALERT: google_http;UP;SOFT;1;HTTP OK: HTTP/1.1 301 Moved Permanently - 547 bytes in 0.038 second response time
Host Down[2020-08-08 08:47:02] HOST ALERT: CNN_http;DOWN;SOFT;4;CRITICAL - Socket timeout after 10 seconds
Host Up[2020-08-08 08:47:02] HOST ALERT: google_dns;UP;SOFT;1;PING OK - Packet loss = 16%, RTA = 13.37 ms
Service Critical[2020-08-08 08:47:01] SERVICE ALERT: CNN_http;HTTP;CRITICAL;HARD;1;CRITICAL - Socket timeout after 10 seconds
Host Down[2020-08-08 08:46:59] HOST ALERT: google_http;DOWN;SOFT;4;CRITICAL - Socket timeout after 10 seconds
Host Down[2020-08-08 08:46:46] HOST ALERT: CNN_http;DOWN;SOFT;3;CRITICAL - Socket timeout after 10 seconds
Host Down[2020-08-08 08:46:43] HOST ALERT: google_http;DOWN;SOFT;3;CRITICAL - Socket timeout after 10 seconds
Host Down[2020-08-08 08:46:42] HOST ALERT: google_dns;DOWN;SOFT;1;(Host check timed out after 31.01 seconds)
Host Down[2020-08-08 08:46:30] HOST ALERT: CNN_http;DOWN;SOFT;2;CRITICAL - Socket timeout after 10 seconds
Host Down[2020-08-08 08:46:27] HOST ALERT: google_http;DOWN;SOFT;2;CRITICAL - Socket timeout after 10 seconds
Host Down[2020-08-08 08:46:14] HOST ALERT: CNN_http;DOWN;SOFT;1;CRITICAL - Socket timeout after 10 seconds
Host Down[2020-08-08 08:46:11] HOST ALERT: google_http;DOWN;SOFT;1;CRITICAL - Socket timeout after 10 seconds

        Orbi Log excerpt:

        [DoS Attack: SYN/ACK Scan] from source: 94.130.44.37, port 30120, Saturday, August 08, 2020 12:38:34
[DoS Attack: ACK Scan] from source: 208.73.181.96, port 443, Saturday, August 08, 2020 12:33:07
[DoS Attack: ACK Scan] from source: 208.73.181.200, port 443, Saturday, August 08, 2020 12:33:03
[DoS Attack: ACK Scan] from source: 208.73.181.96, port 443, Saturday, August 08, 2020 12:28:07
[DoS Attack: ACK Scan] from source: 208.73.181.200, port 443, Saturday, August 08, 2020 12:28:03
[DoS Attack: ACK Scan] from source: 208.73.181.96, port 443, Saturday, August 08, 2020 12:23:07
[DoS Attack: ACK Scan] from source: 208.73.181.200, port 443, Saturday, August 08, 2020 12:23:03
[DoS Attack: ACK Scan] from source: 208.73.181.96, port 443, Saturday, August 08, 2020 12:23:03
[DoS Attack: ACK Scan] from source: 162.250.6.136, port 5938, Saturday, August 08, 2020 12:10:13
        [DoS Attack: TCP/UDP Chargen] from source: 83.97.20.35, port 35004, Saturday, August 08, 2020 11:31:07
[DoS Attack: SYN/ACK Scan] from source: 94.130.44.37, port 30120, Saturday, August 08, 2020 10:35:01
[DoS Attack: TCP/UDP Echo] from source: 141.212.123.205, port 36044, Saturday, August 08, 2020 10:12:53
[DoS Attack: ACK Scan] from source: 45.61.142.175, port 10668, Saturday, August 08, 2020 09:31:16
[DoS Attack: ACK Scan] from source: 208.73.181.200, port 443, Saturday, August 08, 2020 09:09:57
[DoS Attack: ACK Scan] from source: 208.73.181.96, port 443, Saturday, August 08, 2020 09:09:52
[DoS Attack: ARP Attack] from source: 192.168.1.55, Saturday, August 08, 2020 09:05:59
[DoS Attack: ACK Scan] from source: 208.73.181.200, port 443, Saturday, August 08, 2020 09:04:57
[DoS Attack: ACK Scan] from source: 208.73.181.96, port 443, Saturday, August 08, 2020 09:04:52
[DoS Attack: ACK Scan] from source: 208.73.181.200, port 443, Saturday, August 08, 2020 08:59:57
[DoS Attack: ACK Scan] from source: 208.73.181.96, port 443, Saturday, August 08, 2020 08:59:52
[DoS Attack: RST Scan] from source: 18.218.187.50, port 6500, Saturday, August 08, 2020 08:47:11
[DoS Attack: SYN/ACK Scan] from source: 87.236.16.53, port 80, Saturday, August 08, 2020 08:34:23
[DoS Attack: RST Scan] from source: 13.224.85.92, port 443, Saturday, August 08, 2020 08:16:22