NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
LoboTommy
Apr 29, 2019Luminary
DoS Attacks....
So, i read up thaht router is blicking DOS attacks, and that the logs tell me it's doing its job. However, I have found it consistant, that every time router blocks a DOS attack, the mesh looses conn...
CrimpOn
Apr 30, 2019Guru
My experience is exactly the opposite. Orbi logs show 50-80 DoS attempts of various kinds every day, and my Orbi system never goes down. Never loses Internet and the satellite never loses sync with the router.
When things are happening that simply "can't happen", the general recommendation is to do a reset, and if that doesn't work to do a "factory reset". Some people even recommend reloading the firmware and doing a reset.
LoboTommy
Apr 30, 2019Luminary
No way I am doing anothet full round of factory resets.
I had my ISP setup a new IP for me, seems problems went away for now.
But it was consistent. For every log of a DOS attack, satelites lost sync. I was logged in to router and watched it happend more or less live (at about 19:26, last logentry)
I had my ISP setup a new IP for me, seems problems went away for now.
But it was consistent. For every log of a DOS attack, satelites lost sync. I was logged in to router and watched it happend more or less live (at about 19:26, last logentry)
- SW_Apr 30, 2019Prodigy
Hi LoboTommy,
Try disabling all logging activities, i.e. untick all the boxes. If Orbi is too busy with logging activities due to these attacks, internet/WiFi traffic could be negatively affected. If disabling loggings doesn't resolve the issue, you can tick all those boxes again. Good luck!
- FURRYe38Apr 30, 2019Guru
Did you do a back up configuration to file? If you did then resets would be easy. :smileywink:
LoboTommy wrote:
No way I am doing anothet full round of factory resets.
I had my ISP setup a new IP for me, seems problems went away for now.
But it was consistent. For every log of a DOS attack, satelites lost sync. I was logged in to router and watched it happend more or less live (at about 19:26, last logentry)- ekhalilApr 30, 2019Master
I usually enter the IP addresses of the DoS attacks that I see in the logs in the Drop IP Tables, and that helps in preventing further attacks.
Unfortunately, the changes are not persistent and need to be entered after every restart :(
Here are my "favourite" DoS IP addresses, I see some of them are the same as the ones listed by LoboTommy :
The list is in ascending IP addresses order (to be able to keep track of new entries) :) :
iptables -I INPUT -i eth0 -s 2.234.127.59 -j DROP
iptables -I INPUT -i eth0 -s 5.9.141.218 -j DROP
iptables -I INPUT -i eth0 -s 5.152.174.78 -j DROP
iptables -I INPUT -i eth0 -s 8.23.224.120 -j DROP
iptables -I INPUT -i eth0 -s 13.74.191.167 -j DROP
iptables -I INPUT -i eth0 -s 17.242.150.30 -j DROP
iptables -I INPUT -i eth0 -s 17.242.150.71 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.4 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.11 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.86 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.88 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.138 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.142 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.144 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.151 -j DROP
iptables -I INPUT -i eth0 -s 17.252.108.18 -j DROP
iptables -I INPUT -i eth0 -s 17.252.108.31 -j DROP
iptables -I INPUT -i eth0 -s 17.252.108.32 -j DROP
iptables -I INPUT -i eth0 -s 17.253.52.125 -j DROP
iptables -I INPUT -i eth0 -s 23.101.61.34 -j DROP
iptables -I INPUT -i eth0 -s 23.234.36.31 -j DROP
iptables -I INPUT -i eth0 -s 27.148.157.87 -j DROP
iptables -I INPUT -i eth0 -s 31.11.33.224 -j DROP
iptables -I INPUT -i eth0 -s 31.13.72.8 -j DROP
iptables -I INPUT -i eth0 -s 31.13.72.48 -j DROP
iptables -I INPUT -i eth0 -s 31.220.5.58 -j DROP
iptables -I INPUT -i eth0 -s 35.243.118.183 -j DROP
iptables -I INPUT -i eth0 -s 37.47.238.176 -j DROP
iptables -I INPUT -i eth0 -s 41.216.186.79 -j DROP
iptables -I INPUT -i eth0 -s 45.67.15.69 -j DROP
iptables -I INPUT -i eth0 -s 46.228.172.141 -j DROP
iptables -I INPUT -i eth0 -s 47.75.18.80 -j DROP
iptables -I INPUT -i eth0 -s 51.15.13.28 -j DROP
iptables -I INPUT -i eth0 -s 51.38.94.165 -j DROP
iptables -I INPUT -i eth0 -s 51.68.70.109 -j DROP
iptables -I INPUT -i eth0 -s 52.9.108.157 -j DROP
iptables -I INPUT -i eth0 -s 52.230.13.254 -j DROP
iptables -I INPUT -i eth0 -s 54.36.126.48 -j DROP
iptables -I INPUT -i eth0 -s 54.219.9.206 -j DROP
iptables -I INPUT -i eth0 -s 58.216.107.91 -j DROP
iptables -I INPUT -i eth0 -s 63.143.52.86 -j DROP
iptables -I INPUT -i eth0 -s 66.147.235.214 -j DROP
iptables -I INPUT -i eth0 -s 81.26.227.3 -j DROP
iptables -I INPUT -i eth0 -s 85.10.206.164 -j DROP
iptables -I INPUT -i eth0 -s 85.62.35.156 -j DROP
iptables -I INPUT -i eth0 -s 86.88.28.153 -j DROP
iptables -I INPUT -i eth0 -s 89.248.168.51 -j DROP
iptables -I INPUT -i eth0 -s 90.161.220.80 -j DROP
iptables -I INPUT -i eth0 -s 94.198.137.12 -j DROP
iptables -I INPUT -i eth0 -s 101.69.121.81 -j DROP
iptables -I INPUT -i eth0 -s 103.9.177.50 -j DROP
iptables -I INPUT -i eth0 -s 103.46.13.95 -j DROP
iptables -I INPUT -i eth0 -s 104.18.55.172 -j DROP
iptables -I INPUT -i eth0 -s 104.24.102.104 -j DROP
iptables -I INPUT -i eth0 -s 104.24.107.230 -j DROP
iptables -I INPUT -i eth0 -s 104.194.10.209 -j DROP
iptables -I INPUT -i eth0 -s 107.191.33.88 -j DROP
iptables -I INPUT -i eth0 -s 109.196.247.252 -j DROP
iptables -I INPUT -i eth0 -s 112.26.214.108 -j DROP
iptables -I INPUT -i eth0 -s 113.113.92.90 -j DROP
iptables -I INPUT -i eth0 -s 118.187.15.101 -j DROP
iptables -I INPUT -i eth0 -s 123.129.223.140 -j DROP
iptables -I INPUT -i eth0 -s 142.93.224.70 -j DROP
iptables -I INPUT -i eth0 -s 158.69.225.26 -j DROP
iptables -I INPUT -i eth0 -s 141.212.123.31 -j DROP
iptables -I INPUT -i eth0 -s 144.76.99.209 -j DROP
iptables -I INPUT -i eth0 -s 151.101.86.113 -j DROP
iptables -I INPUT -i eth0 -s 173.249.59.64 -j DROP
iptables -I INPUT -i eth0 -s 174.136.12.130 -j DROP
iptables -I INPUT -i eth0 -s 176.227.171.58 -j DROP
iptables -I INPUT -i eth0 -s 176.227.172.33 -j DROP
iptables -I INPUT -i eth0 -s 178.128.195.200 -j DROP
iptables -I INPUT -i eth0 -s 183.213.21.3 -j DROP
iptables -I INPUT -i eth0 -s 184.105.139.69 -j DROP
iptables -I INPUT -i eth0 -s 184.105.139.89 -j DROP
iptables -I INPUT -i eth0 -s 184.105.139.101 -j DROP
iptables -I INPUT -i eth0 -s 185.50.106.229 -j DROP
iptables -I INPUT -i eth0 -s 185.94.111.1 -j DROP
iptables -I INPUT -i eth0 -s 185.199.111.153 -j DROP
iptables -I INPUT -i eth0 -s 188.130.7.85 -j DROP
iptables -I INPUT -i eth0 -s 188.165.36.150 -j DROP
iptables -I INPUT -i eth0 -s 190.2.130.116 -j DROP
iptables -I INPUT -i eth0 -s 193.19.118.187 -j DROP
iptables -I INPUT -i eth0 -s 193.19.119.242 -j DROP
iptables -I INPUT -i eth0 -s 193.228.143.13 -j DROP
iptables -I INPUT -i eth0 -s 193.228.143.14 -j DROP
iptables -I INPUT -i eth0 -s 195.54.122.198 -j DROP
iptables -I INPUT -i eth0 -s 195.154.36.30 -j DROP
iptables -I INPUT -i eth0 -s 202.36.54.224 -j DROP
iptables -I INPUT -i eth0 -s 203.101.184.121 -j DROP
iptables -I INPUT -i eth0 -s 203.107.42.192 -j DROP
iptables -I INPUT -i eth0 -s 203.107.42.193 -j DROP
iptables -I INPUT -i eth0 -s 206.189.27.197 -j DROP
iptables -I INPUT -i eth0 -s 208.85.241.142 -j DROP
iptables -I INPUT -i eth0 -s 212.8.253.226 -j DROP
- CrimpOnApr 30, 2019Guru
ekhalil wrote:
I usually enter the IP addresses of the DoS attacks that I see in the logs in the Drop IP Tables, and that helps in preventing further attacks.
Is the concept here that iptables processing takes place before firewall processing? i.e. the firewall software doesn't "see" these packets, and thus does not record them? They are still arriving, but just not processed? If the Orbi is not responding to these packets, how much workload does this eliminate?