NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DoS Attacks....
So, i read up thaht router is blicking DOS attacks, and that the logs tell me it's doing its job. However, I have found it consistant, that every time router blocks a DOS attack, the mesh looses conn...
Did you do a back up configuration to file? If you did then resets would be easy. :smileywink:
LoboTommy wrote:
No way I am doing anothet full round of factory resets.
I had my ISP setup a new IP for me, seems problems went away for now.
But it was consistent. For every log of a DOS attack, satelites lost sync. I was logged in to router and watched it happend more or less live (at about 19:26, last logentry)
I usually enter the IP addresses of the DoS attacks that I see in the logs in the Drop IP Tables, and that helps in preventing further attacks.
Unfortunately, the changes are not persistent and need to be entered after every restart :(
Here are my "favourite" DoS IP addresses, I see some of them are the same as the ones listed by LoboTommy :
The list is in ascending IP addresses order (to be able to keep track of new entries) :) :
iptables -I INPUT -i eth0 -s 2.234.127.59 -j DROP
iptables -I INPUT -i eth0 -s 5.9.141.218 -j DROP
iptables -I INPUT -i eth0 -s 5.152.174.78 -j DROP
iptables -I INPUT -i eth0 -s 8.23.224.120 -j DROP
iptables -I INPUT -i eth0 -s 13.74.191.167 -j DROP
iptables -I INPUT -i eth0 -s 17.242.150.30 -j DROP
iptables -I INPUT -i eth0 -s 17.242.150.71 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.4 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.11 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.86 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.88 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.138 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.142 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.144 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.151 -j DROP
iptables -I INPUT -i eth0 -s 17.252.108.18 -j DROP
iptables -I INPUT -i eth0 -s 17.252.108.31 -j DROP
iptables -I INPUT -i eth0 -s 17.252.108.32 -j DROP
iptables -I INPUT -i eth0 -s 17.253.52.125 -j DROP
iptables -I INPUT -i eth0 -s 23.101.61.34 -j DROP
iptables -I INPUT -i eth0 -s 23.234.36.31 -j DROP
iptables -I INPUT -i eth0 -s 27.148.157.87 -j DROP
iptables -I INPUT -i eth0 -s 31.11.33.224 -j DROP
iptables -I INPUT -i eth0 -s 31.13.72.8 -j DROP
iptables -I INPUT -i eth0 -s 31.13.72.48 -j DROP
iptables -I INPUT -i eth0 -s 31.220.5.58 -j DROP
iptables -I INPUT -i eth0 -s 35.243.118.183 -j DROP
iptables -I INPUT -i eth0 -s 37.47.238.176 -j DROP
iptables -I INPUT -i eth0 -s 41.216.186.79 -j DROP
iptables -I INPUT -i eth0 -s 45.67.15.69 -j DROP
iptables -I INPUT -i eth0 -s 46.228.172.141 -j DROP
iptables -I INPUT -i eth0 -s 47.75.18.80 -j DROP
iptables -I INPUT -i eth0 -s 51.15.13.28 -j DROP
iptables -I INPUT -i eth0 -s 51.38.94.165 -j DROP
iptables -I INPUT -i eth0 -s 51.68.70.109 -j DROP
iptables -I INPUT -i eth0 -s 52.9.108.157 -j DROP
iptables -I INPUT -i eth0 -s 52.230.13.254 -j DROP
iptables -I INPUT -i eth0 -s 54.36.126.48 -j DROP
iptables -I INPUT -i eth0 -s 54.219.9.206 -j DROP
iptables -I INPUT -i eth0 -s 58.216.107.91 -j DROP
iptables -I INPUT -i eth0 -s 63.143.52.86 -j DROP
iptables -I INPUT -i eth0 -s 66.147.235.214 -j DROP
iptables -I INPUT -i eth0 -s 81.26.227.3 -j DROP
iptables -I INPUT -i eth0 -s 85.10.206.164 -j DROP
iptables -I INPUT -i eth0 -s 85.62.35.156 -j DROP
iptables -I INPUT -i eth0 -s 86.88.28.153 -j DROP
iptables -I INPUT -i eth0 -s 89.248.168.51 -j DROP
iptables -I INPUT -i eth0 -s 90.161.220.80 -j DROP
iptables -I INPUT -i eth0 -s 94.198.137.12 -j DROP
iptables -I INPUT -i eth0 -s 101.69.121.81 -j DROP
iptables -I INPUT -i eth0 -s 103.9.177.50 -j DROP
iptables -I INPUT -i eth0 -s 103.46.13.95 -j DROP
iptables -I INPUT -i eth0 -s 104.18.55.172 -j DROP
iptables -I INPUT -i eth0 -s 104.24.102.104 -j DROP
iptables -I INPUT -i eth0 -s 104.24.107.230 -j DROP
iptables -I INPUT -i eth0 -s 104.194.10.209 -j DROP
iptables -I INPUT -i eth0 -s 107.191.33.88 -j DROP
iptables -I INPUT -i eth0 -s 109.196.247.252 -j DROP
iptables -I INPUT -i eth0 -s 112.26.214.108 -j DROP
iptables -I INPUT -i eth0 -s 113.113.92.90 -j DROP
iptables -I INPUT -i eth0 -s 118.187.15.101 -j DROP
iptables -I INPUT -i eth0 -s 123.129.223.140 -j DROP
iptables -I INPUT -i eth0 -s 142.93.224.70 -j DROP
iptables -I INPUT -i eth0 -s 158.69.225.26 -j DROP
iptables -I INPUT -i eth0 -s 141.212.123.31 -j DROP
iptables -I INPUT -i eth0 -s 144.76.99.209 -j DROP
iptables -I INPUT -i eth0 -s 151.101.86.113 -j DROP
iptables -I INPUT -i eth0 -s 173.249.59.64 -j DROP
iptables -I INPUT -i eth0 -s 174.136.12.130 -j DROP
iptables -I INPUT -i eth0 -s 176.227.171.58 -j DROP
iptables -I INPUT -i eth0 -s 176.227.172.33 -j DROP
iptables -I INPUT -i eth0 -s 178.128.195.200 -j DROP
iptables -I INPUT -i eth0 -s 183.213.21.3 -j DROP
iptables -I INPUT -i eth0 -s 184.105.139.69 -j DROP
iptables -I INPUT -i eth0 -s 184.105.139.89 -j DROP
iptables -I INPUT -i eth0 -s 184.105.139.101 -j DROP
iptables -I INPUT -i eth0 -s 185.50.106.229 -j DROP
iptables -I INPUT -i eth0 -s 185.94.111.1 -j DROP
iptables -I INPUT -i eth0 -s 185.199.111.153 -j DROP
iptables -I INPUT -i eth0 -s 188.130.7.85 -j DROP
iptables -I INPUT -i eth0 -s 188.165.36.150 -j DROP
iptables -I INPUT -i eth0 -s 190.2.130.116 -j DROP
iptables -I INPUT -i eth0 -s 193.19.118.187 -j DROP
iptables -I INPUT -i eth0 -s 193.19.119.242 -j DROP
iptables -I INPUT -i eth0 -s 193.228.143.13 -j DROP
iptables -I INPUT -i eth0 -s 193.228.143.14 -j DROP
iptables -I INPUT -i eth0 -s 195.54.122.198 -j DROP
iptables -I INPUT -i eth0 -s 195.154.36.30 -j DROP
iptables -I INPUT -i eth0 -s 202.36.54.224 -j DROP
iptables -I INPUT -i eth0 -s 203.101.184.121 -j DROP
iptables -I INPUT -i eth0 -s 203.107.42.192 -j DROP
iptables -I INPUT -i eth0 -s 203.107.42.193 -j DROP
iptables -I INPUT -i eth0 -s 206.189.27.197 -j DROP
iptables -I INPUT -i eth0 -s 208.85.241.142 -j DROP
iptables -I INPUT -i eth0 -s 212.8.253.226 -j DROP
ekhalil wrote:
I usually enter the IP addresses of the DoS attacks that I see in the logs in the Drop IP Tables, and that helps in preventing further attacks.
Is the concept here that iptables processing takes place before firewall processing? i.e. the firewall software doesn't "see" these packets, and thus does not record them? They are still arriving, but just not processed? If the Orbi is not responding to these packets, how much workload does this eliminate?
- Where is that? Like, here? (See attached picture)
How do you set it up?
LoboTommy wrote:
Where is that? Like, here? (See attached picture)Orbi's web and smartphone apps do not provide a way to enter this information. These commands are entered by using the 'debug' page to enable telnet, opening a telnet session to the router, and then entering these lines. (Most often by copying them from a text file and pasting them into the telnet window.) Since Orbi is built on OpenWRT, which is turn built on a version of Linux, there are dozens of things that someone proficient in Linux can do.
My guess is that 99% of Orbi owners have no idea the debug facility exists and have never used telnet.
- So, in simple terms for a common man. What do I do? Step by step....? ;-)
