NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

fdanna's avatar
fdanna
Star
May 09, 2019

Disable Port Scan and DoS Protection Misleading

Having noticed a slowdown in my internet and frequent lag, I checked my logs only to discover I'm getting DDoS attacks nearly every 15 minutes! They IPs are from all over the world. My first instinct...
CrimpOn's avatar
CrimpOn
Guru - Experienced User
May 09, 2019
fdanna wrote:

Having noticed a slowdown in my internet and frequent lag, I checked my logs only to discover I'm getting DDoS attacks nearly every 15 minutes! They IPs are from all over the world. My first instinct was to make sure I had disabled ping response on the WAN port, which I had, but it was still pinging!

This seems all very counter-intuitive but if you don't want your WAN port to respond to pings and thus be vulnerable to attacks, it seems you need to disable the DoS and port scan detection. 

My experience is different from yours.  I disconnected my mobile phone from WiFi and performed a ping test on my Orbi's public (WAN) IP address using the LTE connection. As you report, even though my Orbi is set NOT to respond to ping on internet, I got ping responses.  I then set it TO respond, and still got ping responses.  I then clicked Disable Port Scan and DoS Protection.  Still got ping responses.  I did not mess with VPN or try every possible combination of settings.

 

So, either (1) Orbi firmware is "broken" in the sense that options selected do not work as described, or (2) the ping response did not come from my Orbi, but perhaps from the cable modem.  My responses read: "cpe-172-249-115-xxx socal.res.rr.com   67.1ms".   Testing that hypothesis involves more effort than just disconnecting from WiFi.  (Like, stick a tap between Orbi and modem, or....)

 

On the other hand, detecting a DoS attempt every 15 minutes from "all over the world" seems (to me) pretty much "normal" and I would not assume it to be the sole cause of networking issues.

FURRYe38's avatar
FURRYe38
Guru - Experienced User
May 09, 2019

You might contact NG on this if you think these features are broke. IF they are then NG needs to be aware and address them...

Christian_R 

Blanca_O 

CrimpOn wrote:
fdanna wrote:

Having noticed a slowdown in my internet and frequent lag, I checked my logs only to discover I'm getting DDoS attacks nearly every 15 minutes! They IPs are from all over the world. My first instinct was to make sure I had disabled ping response on the WAN port, which I had, but it was still pinging!

This seems all very counter-intuitive but if you don't want your WAN port to respond to pings and thus be vulnerable to attacks, it seems you need to disable the DoS and port scan detection. 

My experience is different from yours.  I disconnected my mobile phone from WiFi and performed a ping test on my Orbi's public (WAN) IP address using the LTE connection. As you report, even though my Orbi is set NOT to respond to ping on internet, I got ping responses.  I then set it TO respond, and still got ping responses.  I then clicked Disable Port Scan and DoS Protection.  Still got ping responses.  I did not mess with VPN or try every possible combination of settings.

 

So, either (1) Orbi firmware is "broken" in the sense that options selected do not work as described, or (2) the ping response did not come from my Orbi, but perhaps from the cable modem.  My responses read: "cpe-172-249-115-xxx socal.res.rr.com   67.1ms".   Testing that hypothesis involves more effort than just disconnecting from WiFi.  (Like, stick a tap between Orbi and modem, or....)

 

On the other hand, detecting a DoS attempt every 15 minutes from "all over the world" seems (to me) pretty much "normal" and I would not assume it to be the sole cause of networking issues.