Continious loss of Internet Sevice : DoS Attack: RST Scan] from source (Amazon IPs)

Question

I seen several references to same issue. The issue started recently after upgrading router to latest version V2.3.5.30. Most/all IP addresses belongs to AWS services and Amazon. Given that most /all the houses have these type of smart devices, why does Orbi firmware treats it as DOS Attack. I am continiously getting disconnected from the internet and it's very annoying . I read some customers are opted for reset to 0 or start from scratch.

Orbi and Community team.

Any recommendations ?

[DoS Attack: RST Scan] from source: 18.202.156.117, port 443, Thursday, November 14, 2019 21:10:11
[DoS Attack: RST Scan] from source: 52.214.237.65, port 443, Thursday, November 14, 2019 21:10:11
[DoS Attack: ACK Scan] from source: 157.240.22.32, port 443, Thursday, November 14, 2019 21:09:52
[admin login] from source 192.168.1.19, Thursday, November 14, 2019 21:09:45
[DoS Attack: ACK Scan] from source: 69.171.250.52, port 5222, Thursday, November 14, 2019 21:09:39
[DoS Attack: ACK Scan] from source: 216.220.57.113, port 8190, Thursday, November 14, 2019 21:09:19
[DoS Attack: ACK Scan] from source: 69.171.250.52, port 5222, Thursday, November 14, 2019 21:07:37
[DoS Attack: RST Scan] from source: 3.113.233.45, port 443, Thursday, November 14, 2019 21:07:33
[DoS Attack: RST Scan] from source: 17.253.27.203, port 443, Thursday, November 14, 2019 21:06:32
[DoS Attack: RST Scan] from source: 34.255.244.73, port 443, Thursday, November 14, 2019 21:06:19
[DoS Attack: ACK Scan] from source: 216.220.57.113, port 8190, Thursday, November 14, 2019 21:06:19

CrimpOn · Answer

My Orbi logs shows 100's of these every day, and has since before firmware 2.3..5.30. (I have kept every log since March, 2019.)

I have never seen any reference to how the Orbi firewall determines that something is an "attack". Just for laughs one day, I put a computer into the "DMZ" and ran Wireshark on it. Holly Toledo! The flood of garbage was tremendous! Orbi is logging only a fraction of the incomming packets as official "attacks."

During this entire time, my Orbi has never lost connection. I do not doubt that your Orbi is frequently losing connection, but my initial opinion is that the cause is not the traffic that is being logged. (I realize that's not much help.)

Yes, when "all else fails", the last resort is to do a "factory reset" on the Orbi. The general sentiment is also not to install any firmware more recent than 2.3.5.30. For users who have done little to customize their Orbi network (assigning IP's, defining device names, setting up VPN's, etc.) a factory reset is relativelyl painless.

Before the drastic reset, it is often useful to learn:

What modem is the Orbi connected to (specific brand and model)?
Is that modem "only a modem", or is it also a router and/or WiFi system?
How often are the disconnects? Is there a definite pattern?

CrimpOn · Answer

Thought it would be interesting to look at my logs for October and November. Orbi logged 2,719 DoS attempts, and not one of the IP's you listed has appeared in my logs. Since they are all Cloud services of one kind or another (Amazon, Facebook, etc.), this could be an indication that Orbi is falsely flagging attempts to connect with devices in your Orbi. (Or, maybe looking for "more" somethings?)

It probably would make sense to let Netgear know about these "False Positives", if that is indeed what they are. Alas, I have no idea (a) how to do that, or (b) if they would care.

I still think this is unlikely to be causing disconnects.

pramodpatil · Answer

I tried full reset of the router that did not go through smoothly. After loss of long hour and :smileyangry: nothing working, feel like I should throw this in trash and get a new one but different company. Hopefully Netgear technical team take care of it sooner for others. Currently I fall back to my old router, which is atleast does not lose internet connection and keep my cisco VPN running smoothly.

Netgear

Are there any solid steps to reset router to factory default ?

Can you please share the factory default firmware ?

FURRYe38 · Answer

Before the drastic reset, it is often useful to learn:What modem is the Orbi connected to (specific brand and model)?Is that modem "only a modem", or is it also a router and/or WiFi system?How often are the disconnects?&nbsp; Is there a definite pattern?To factory reset the router using the back push pin button. Hold it in until the top led turns on AMBER then let go. Power OFF the ISP modem for 30 seconds than back on. Wait for the WHITE led to slowly pulsate on top of the RBR, then log in to orbilogin.com using a web browser and walk thru the setup wizard. This time write down all important information for safe keeping later on.pramodpatil&nbsp;wrote:I tried full reset of the router that did not go through smoothly. After loss of long hour and&nbsp;:smileyangry:&nbsp;nothing working, feel like I should throw this in trash and get a new one but different company. Hopefully Netgear technical team take care of it sooner for others. Currently I fall back to my old router, which is atleast does not lose internet connection and keep my cisco VPN running smoothly.&nbsp;&nbsp;Netgear&nbsp;Are there any solid steps to reset router to factory default ?Can you please share the factory default firmware ?&nbsp;&nbsp;

Forum Discussion

Continious loss of Internet Sevice : DoS Attack: RST Scan] from source (Amazon IPs)

4 Replies