NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

JT_Bauer's avatar
JT_Bauer
Aspirant
Dec 31, 2020

[DoS Attack: SYN/ACK Scan]

Disclaimer - I am very new to all this so you will need to dumb it down for me.

 

I know there have been a few other posts about this and I am sorry for adding one more, but I am confused as what I need to do to stop this. It is kicking all devices from the internet when these DoS Attacks are happening, even when I am hard-wired in. I did WhoIs searches on this IP and getting very strange addresses that don't make any sense. My wife is a Dr doing Tele-Health visits 100% from home these days and I kind of need stable internet. 

 

[admin login] from source 192.168.1.15, Thursday, December 31, 2020 09:39:56
[DoS Attack: SYN/ACK Scan] from source: 54.36.178.5, port 25565, Thursday, December 31, 2020 09:34:29
[DoS Attack: SYN/ACK Scan] from source: 51.75.128.116, port 25565, Thursday, December 31, 2020 09:31:16
[DoS Attack: SYN/ACK Scan] from source: 43.250.35.18, port 80, Thursday, December 31, 2020 09:28:52
[admin login] from source 192.168.1.15, Thursday, December 31, 2020 09:19:56
[DoS Attack: SYN/ACK Scan] from source: 51.255.81.155, port 25565, Thursday, December 31, 2020 09:14:40
[admin login] from source 192.168.1.15, Thursday, December 31, 2020 09:11:07
[DoS Attack: SYN/ACK Scan] from source: 51.75.128.116, port 25565, Thursday, December 31, 2020 09:10:24
[admin login] from source 192.168.1.15, Thursday, December 31, 2020 08:56:26
[DoS Attack: ACK Scan] from source: 162.250.3.71, port 5938, Thursday, December 31, 2020 08:53:36
[DoS Attack: ACK Scan] from source: 213.227.173.133, port 5938, Thursday, December 31, 2020 08:53:32
[DoS Attack: ACK Scan] from source: 162.250.3.71, port 5938, Thursday, December 31, 2020 08:53:28
[DoS Attack: ACK Scan] from source: 213.227.173.133, port 5938, Thursday, December 31, 2020 08:53:28
[DoS Attack: ACK Scan] from source: 162.250.3.71, port 5938, Thursday, December 31, 2020 08:53:26
[DoS Attack: ACK Scan] from source: 213.227.173.133, port 5938, Thursday, December 31, 2020 08:53:23
[Initialized, firmware version: V2.7.2.102] Thursday, December 31, 2020 08:52:42

11 Replies

  • FURRYe38's avatar
    FURRYe38
    Guru - Experienced User

    What Firmware version is currently loaded?
    What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

     

    Contact the ISP and have them reboot your modem and change it's WAN IP address...

  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User

    JT_Bauer wrote:

    Disclaimer - I am very new to all this so you will need to dumb it down for me.

     

    I know there have been a few other posts about this and I am sorry for adding one more, but I am confused as what I need to do to stop this.


    You cannot "stop this".  Can you stop people from sending you junk mail?  Can you stop robocalls?  All you can do is not respond to them, which is what the Orbi firewall is doing.  The log indicates that the firewall rules identified a pattern in connection attempts that fit the criterion that some engineer within Netgear classifies as an "attack".

     

    The router can be told to stop logging on the Advanced Tab, WAN Setup.  "Stop Port Scan and DOS Protection."  I record the logs from two Orbi systems and they both record about 60 of these "attacks" every day.  Yet devices never lose internet.

     

    Something is clearly wrong if every device connected to the Orbi loses internet at the same time.  What specific ISP device is the Orbi connected to? (make and model)

    • JT_Bauer's avatar
      JT_Bauer
      Aspirant

      firmware version: V2.7.2.102. And it is connected directly into my fiberoptic modem. It's a 716GE-I R2 Calix. Side Note - I am not using the Netgear Armor. Would that stop it from kicking everything?

       

      Internet was solid using the basic router that CenturyLink gave me. ZyXel C1100Z. Never got kicked. Upgraded to Orbi and nothing but problems. 

      • CrimpOn's avatar
        CrimpOn
        Guru - Experienced User

        JT_Bauer wrote:

        firmware version: V2.7.2.102. And it is connected directly into my fiberoptic modem. It's a 716GE-I R2 Calix. Side Note - I am not using the Netgear Armor. Would that stop it from kicking everything?


        I cannot imagine how Armor would do anything in this situation. (But then, I have not activated Armor.)