CBR40 - denial of service attack

Netgear has set up a community forum specifically for the Orbi with Cable modem products. Most of the people who watch that forum are more likely to have experience with Orbi with Cable modem and know how to work it better than those of us who follow this "general Orbi" forum. Might be more likely to find someone who has a solution if the question is posted there:
https://community.netgear.com/t5/Orbi-with-Built-in-Cable-Modem/bd-p/en-home-orbi-cable

Thank you.

---

LLJ wrote:
I received 83 dos notifications this morning within a 10 minute span. They involved Espressif home automation, Apple TV, iPhone, Fire TV. I have no idea what all this means or why it happened. Can anyone help me understand what this is/means and what I might need to do about it? Many thx.

---

If these alerts appeared in the Orbi log and had IP addresses outside your local network, they could be entirely normal.

My Orbi emails logs to me, which I have collected for over two years. For this month (August, 2021) my logs show about 60 DoS entries a day.  In July, there was a storm that went on for a week,generating a huge number of reports.

There is a program running on the Orbi which examines attempts to connect to the Orbi public IP address.  When the program detects a specific pattern in attempts, it puts an entry in the log.  This program can be disabled in the web interface, Advanced Tab, Security Menu, WAN Setup.

The Orbi does not accept these connections attempts. None of them.  All of those devices make connections to the internet. They do not get connections from the internet unless the user has forwarded a port to them.

If the origin of these reports is inside the network, there may be something going on.