NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Disable Port Scan and DoS Protection Misleading
Having noticed a slowdown in my internet and frequent lag, I checked my logs only to discover I'm getting DDoS attacks nearly every 15 minutes! They IPs are from all over the world. My first instinct...
fdanna wrote:
Having noticed a slowdown in my internet and frequent lag, I checked my logs only to discover I'm getting DDoS attacks nearly every 15 minutes! They IPs are from all over the world. My first instinct was to make sure I had disabled ping response on the WAN port, which I had, but it was still pinging!
This seems all very counter-intuitive but if you don't want your WAN port to respond to pings and thus be vulnerable to attacks, it seems you need to disable the DoS and port scan detection.
My experience is different from yours. I disconnected my mobile phone from WiFi and performed a ping test on my Orbi's public (WAN) IP address using the LTE connection. As you report, even though my Orbi is set NOT to respond to ping on internet, I got ping responses. I then set it TO respond, and still got ping responses. I then clicked Disable Port Scan and DoS Protection. Still got ping responses. I did not mess with VPN or try every possible combination of settings.
So, either (1) Orbi firmware is "broken" in the sense that options selected do not work as described, or (2) the ping response did not come from my Orbi, but perhaps from the cable modem. My responses read: "cpe-172-249-115-xxx socal.res.rr.com 67.1ms". Testing that hypothesis involves more effort than just disconnecting from WiFi. (Like, stick a tap between Orbi and modem, or....)
On the other hand, detecting a DoS attempt every 15 minutes from "all over the world" seems (to me) pretty much "normal" and I would not assume it to be the sole cause of networking issues.
I did another test. Turned on the "debug log", did some pings from my mobile phone over LTE, then looked at the WAN capture using Wireshark. Even though my mobile phone app showed ping responses, I did NOT see any ping requests to my Orbi in the WAN log (or any ping responses). I did see my Orbi making some ping requests and getting responses but not involving my mobile phone.
So now I am more confused than ever. The Orbi log contains zillions of ARP requests and some ICMPv6 traffic, but not those ping requests. Does the Orbi not log any packets that have been discarded? Hmmm. Guess I could repeat the experiment and capture a WAN log when the Orbi is told to respond to ping requests. (Maybe later today.)
For now, however, I regard this as a mystery.
CrimpOn wrote:
I did another test. Turned on the "debug log", did some pings from my mobile phone over LTE, then looked at the WAN capture using Wireshark. Even though my mobile phone app showed ping responses, I did NOT see any ping requests to my Orbi in the WAN log (or any ping responses). I did see my Orbi making some ping requests and getting responses but not involving my mobile phone.
So now I am more confused than ever. The Orbi log contains zillions of ARP requests and some ICMPv6 traffic, but not those ping requests. Does the Orbi not log any packets that have been discarded? Hmmm. Guess I could repeat the experiment and capture a WAN log when the Orbi is told to respond to ping requests. (Maybe later today.)
For now, however, I regard this as a mystery.
It sounds like your cable modem is doing the routing. You might have a double NAT situation.
Did another test. Set Orbi to Respond to Ping on Internet, turned on WAN capture, and did 11 pings from my mobile phone over LTE connection. Sure enough, opened the Orbi WAN log with Wireshark and there are 11 ping request/ping reply that are one second apart. When the "Respond" option is checked, the log shows pings. When the "Respond" option is unchecked, the log does not show pings.
So, my conclusion is that when Orbi is set NOT to respond to ping requests on internet, it indeed does not. I believe the ping requests are dropped by the Orbi and ignored. Spectrum is definitely sending a ping response, but I do not know how or why.