NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Disable Port Scan and DoS Protection Misleading
Having noticed a slowdown in my internet and frequent lag, I checked my logs only to discover I'm getting DDoS attacks nearly every 15 minutes! They IPs are from all over the world. My first instinct...
fdanna wrote:
Having noticed a slowdown in my internet and frequent lag, I checked my logs only to discover I'm getting DDoS attacks nearly every 15 minutes! They IPs are from all over the world. My first instinct was to make sure I had disabled ping response on the WAN port, which I had, but it was still pinging!
This seems all very counter-intuitive but if you don't want your WAN port to respond to pings and thus be vulnerable to attacks, it seems you need to disable the DoS and port scan detection.
My experience is different from yours. I disconnected my mobile phone from WiFi and performed a ping test on my Orbi's public (WAN) IP address using the LTE connection. As you report, even though my Orbi is set NOT to respond to ping on internet, I got ping responses. I then set it TO respond, and still got ping responses. I then clicked Disable Port Scan and DoS Protection. Still got ping responses. I did not mess with VPN or try every possible combination of settings.
So, either (1) Orbi firmware is "broken" in the sense that options selected do not work as described, or (2) the ping response did not come from my Orbi, but perhaps from the cable modem. My responses read: "cpe-172-249-115-xxx socal.res.rr.com 67.1ms". Testing that hypothesis involves more effort than just disconnecting from WiFi. (Like, stick a tap between Orbi and modem, or....)
On the other hand, detecting a DoS attempt every 15 minutes from "all over the world" seems (to me) pretty much "normal" and I would not assume it to be the sole cause of networking issues.
CrimpOn wrote:
fdanna wrote:
Having noticed a slowdown in my internet and frequent lag, I checked my logs only to discover I'm getting DDoS attacks nearly every 15 minutes! They IPs are from all over the world. My first instinct was to make sure I had disabled ping response on the WAN port, which I had, but it was still pinging!
This seems all very counter-intuitive but if you don't want your WAN port to respond to pings and thus be vulnerable to attacks, it seems you need to disable the DoS and port scan detection.
My experience is different from yours. I disconnected my mobile phone from WiFi and performed a ping test on my Orbi's public (WAN) IP address using the LTE connection. As you report, even though my Orbi is set NOT to respond to ping on internet, I got ping responses. I then set it TO respond, and still got ping responses. I then clicked Disable Port Scan and DoS Protection. Still got ping responses. I did not mess with VPN or try every possible combination of settings.
So, either (1) Orbi firmware is "broken" in the sense that options selected do not work as described, or (2) the ping response did not come from my Orbi, but perhaps from the cable modem. My responses read: "cpe-172-249-115-xxx socal.res.rr.com 67.1ms". Testing that hypothesis involves more effort than just disconnecting from WiFi. (Like, stick a tap between Orbi and modem, or....)
On the other hand, detecting a DoS attempt every 15 minutes from "all over the world" seems (to me) pretty much "normal" and I would not assume it to be the sole cause of networking issues.
It’s really not ideal to have your IP responding to pings. The DoS attempts were bringing down my network and the slowdowns coincided with the logging of the attacks so I think the data says this is more than coincidence.
Your cable modem shouldn’t respond to outside pings if the IP is being assigned to the WAN port of your router. Scanning is happening all they time on the internet, as you know, and any response from an IP is interpreted as, “oh look, something is here, let’s attack it!” Hence, better to NOT respond to pings.