NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DOS attack from Germany now?
This has been showing in my logs recently. [DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, November 25, 2019 09:42:27 https://www.ipinfolookup.com/148.251.48.231 ...
Interesting. I rarely check my logs (guess I should).....since October 31, 2019, I am getting hammered everyday by DoS attacks. Looks like Orbi is doing its thing and blocking. My ISP is Comcast. I have an Orbi RBR50 (FW v2.3.5.30).
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002
[DoS Attack: SYN/ACK Scan] from source: 194.88.104.9, port 80
DoS Attack: TCP/UDP Chargen] from source: 80.82.77.245, port 50535
[DoS Attack: SYN/ACK Scan] from source: 195.201.167.44, port 443
I may check-out Reddit-Comcast or DSLReports-Comcast to see if others are reporting an uptick.
Id contact your ISP and have them help you with this as well. See if they can get you a different WAN IP.
whois.domaintools.com
Ken2122 wrote:Interesting. I rarely check my logs (guess I should).....since October 31, 2019, I am getting hammered everyday by DoS attacks. Looks like Orbi is doing its thing and blocking. My ISP is Comcast. I have an Orbi RBR50 (FW v2.3.5.30).
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002
[DoS Attack: SYN/ACK Scan] from source: 194.88.104.9, port 80
DoS Attack: TCP/UDP Chargen] from source: 80.82.77.245, port 50535
[DoS Attack: SYN/ACK Scan] from source: 195.201.167.44, port 443
I may check-out Reddit-Comcast or DSLReports-Comcast to see if others are reporting an uptick.
MY ISP is saying its the router calling for something or a vulnerability but nothig to do with them. Also changing IP (mines static) will not help if its a router issue. <sigh> My log looks like this but with hours and hours more of them.
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:52:34
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:52:25
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:52:16
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:51:37
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:51:28
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:51:23
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:50:05
[Please post about this over in the NH AX router forum if you haven't already:
I would make contact with NG support and let them know what your experiening and what the ISP said about this. NG needs to look in to this. Both Orbi and R series products.
Killhippie wrote:MY ISP is saying its the router calling for something or a vulnerability but nothig to do with them. Also changing IP (mines static) will not help if its a router issue. <sigh> My log looks like this but with hours and hours more of them.
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:52:34
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:52:25
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:52:16
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:51:37
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:51:28
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:51:23
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:50:05
[I have asked in the RAX120 latest firmware to see if anyone has seen this and passed the info on to Netgear.
