NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RedBatman89
Nov 25, 2019Guide
DOS attack from Germany now?
This has been showing in my logs recently. [DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, November 25, 2019 09:42:27 https://www.ipinfolookup.com/148.251.48.231 ...
Ken2122
Dec 01, 2019Tutor
Interesting. I rarely check my logs (guess I should).....since October 31, 2019, I am getting hammered everyday by DoS attacks. Looks like Orbi is doing its thing and blocking. My ISP is Comcast. I have an Orbi RBR50 (FW v2.3.5.30).
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002
[DoS Attack: SYN/ACK Scan] from source: 194.88.104.9, port 80
DoS Attack: TCP/UDP Chargen] from source: 80.82.77.245, port 50535
[DoS Attack: SYN/ACK Scan] from source: 195.201.167.44, port 443
I may check-out Reddit-Comcast or DSLReports-Comcast to see if others are reporting an uptick.
FURRYe38
Dec 01, 2019Guru - Experienced User
Id contact your ISP and have them help you with this as well. See if they can get you a different WAN IP.
whois.domaintools.com
Ken2122 wrote:Interesting. I rarely check my logs (guess I should).....since October 31, 2019, I am getting hammered everyday by DoS attacks. Looks like Orbi is doing its thing and blocking. My ISP is Comcast. I have an Orbi RBR50 (FW v2.3.5.30).
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002
[DoS Attack: SYN/ACK Scan] from source: 194.88.104.9, port 80
DoS Attack: TCP/UDP Chargen] from source: 80.82.77.245, port 50535
[DoS Attack: SYN/ACK Scan] from source: 195.201.167.44, port 443
I may check-out Reddit-Comcast or DSLReports-Comcast to see if others are reporting an uptick.
- KillhippieDec 02, 2019Prodigy
MY ISP is saying its the router calling for something or a vulnerability but nothig to do with them. Also changing IP (mines static) will not help if its a router issue. <sigh> My log looks like this but with hours and hours more of them.
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:52:34
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:52:25
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:52:16
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:51:37
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:51:28
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:51:23
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:50:05
[- FURRYe38Dec 02, 2019Guru - Experienced User
Please post about this over in the NH AX router forum if you haven't already:
I would make contact with NG support and let them know what your experiening and what the ISP said about this. NG needs to look in to this. Both Orbi and R series products.
Killhippie wrote:MY ISP is saying its the router calling for something or a vulnerability but nothig to do with them. Also changing IP (mines static) will not help if its a router issue. <sigh> My log looks like this but with hours and hours more of them.
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:52:34
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:52:25
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:52:16
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:51:37
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:51:28
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:51:23
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:50:05
[- KillhippieDec 02, 2019Prodigy
I have asked in the RAX120 latest firmware to see if anyone has seen this and passed the info on to Netgear.