NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DoS Attacks....
So, i read up thaht router is blicking DOS attacks, and that the logs tell me it's doing its job. However, I have found it consistant, that every time router blocks a DOS attack, the mesh looses conn...
I usually enter the IP addresses of the DoS attacks that I see in the logs in the Drop IP Tables, and that helps in preventing further attacks.
Unfortunately, the changes are not persistent and need to be entered after every restart :(
Here are my "favourite" DoS IP addresses, I see some of them are the same as the ones listed by LoboTommy :
The list is in ascending IP addresses order (to be able to keep track of new entries) :) :
iptables -I INPUT -i eth0 -s 2.234.127.59 -j DROP
iptables -I INPUT -i eth0 -s 5.9.141.218 -j DROP
iptables -I INPUT -i eth0 -s 5.152.174.78 -j DROP
iptables -I INPUT -i eth0 -s 8.23.224.120 -j DROP
iptables -I INPUT -i eth0 -s 13.74.191.167 -j DROP
iptables -I INPUT -i eth0 -s 17.242.150.30 -j DROP
iptables -I INPUT -i eth0 -s 17.242.150.71 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.4 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.11 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.86 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.88 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.138 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.142 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.144 -j DROP
iptables -I INPUT -i eth0 -s 17.252.105.151 -j DROP
iptables -I INPUT -i eth0 -s 17.252.108.18 -j DROP
iptables -I INPUT -i eth0 -s 17.252.108.31 -j DROP
iptables -I INPUT -i eth0 -s 17.252.108.32 -j DROP
iptables -I INPUT -i eth0 -s 17.253.52.125 -j DROP
iptables -I INPUT -i eth0 -s 23.101.61.34 -j DROP
iptables -I INPUT -i eth0 -s 23.234.36.31 -j DROP
iptables -I INPUT -i eth0 -s 27.148.157.87 -j DROP
iptables -I INPUT -i eth0 -s 31.11.33.224 -j DROP
iptables -I INPUT -i eth0 -s 31.13.72.8 -j DROP
iptables -I INPUT -i eth0 -s 31.13.72.48 -j DROP
iptables -I INPUT -i eth0 -s 31.220.5.58 -j DROP
iptables -I INPUT -i eth0 -s 35.243.118.183 -j DROP
iptables -I INPUT -i eth0 -s 37.47.238.176 -j DROP
iptables -I INPUT -i eth0 -s 41.216.186.79 -j DROP
iptables -I INPUT -i eth0 -s 45.67.15.69 -j DROP
iptables -I INPUT -i eth0 -s 46.228.172.141 -j DROP
iptables -I INPUT -i eth0 -s 47.75.18.80 -j DROP
iptables -I INPUT -i eth0 -s 51.15.13.28 -j DROP
iptables -I INPUT -i eth0 -s 51.38.94.165 -j DROP
iptables -I INPUT -i eth0 -s 51.68.70.109 -j DROP
iptables -I INPUT -i eth0 -s 52.9.108.157 -j DROP
iptables -I INPUT -i eth0 -s 52.230.13.254 -j DROP
iptables -I INPUT -i eth0 -s 54.36.126.48 -j DROP
iptables -I INPUT -i eth0 -s 54.219.9.206 -j DROP
iptables -I INPUT -i eth0 -s 58.216.107.91 -j DROP
iptables -I INPUT -i eth0 -s 63.143.52.86 -j DROP
iptables -I INPUT -i eth0 -s 66.147.235.214 -j DROP
iptables -I INPUT -i eth0 -s 81.26.227.3 -j DROP
iptables -I INPUT -i eth0 -s 85.10.206.164 -j DROP
iptables -I INPUT -i eth0 -s 85.62.35.156 -j DROP
iptables -I INPUT -i eth0 -s 86.88.28.153 -j DROP
iptables -I INPUT -i eth0 -s 89.248.168.51 -j DROP
iptables -I INPUT -i eth0 -s 90.161.220.80 -j DROP
iptables -I INPUT -i eth0 -s 94.198.137.12 -j DROP
iptables -I INPUT -i eth0 -s 101.69.121.81 -j DROP
iptables -I INPUT -i eth0 -s 103.9.177.50 -j DROP
iptables -I INPUT -i eth0 -s 103.46.13.95 -j DROP
iptables -I INPUT -i eth0 -s 104.18.55.172 -j DROP
iptables -I INPUT -i eth0 -s 104.24.102.104 -j DROP
iptables -I INPUT -i eth0 -s 104.24.107.230 -j DROP
iptables -I INPUT -i eth0 -s 104.194.10.209 -j DROP
iptables -I INPUT -i eth0 -s 107.191.33.88 -j DROP
iptables -I INPUT -i eth0 -s 109.196.247.252 -j DROP
iptables -I INPUT -i eth0 -s 112.26.214.108 -j DROP
iptables -I INPUT -i eth0 -s 113.113.92.90 -j DROP
iptables -I INPUT -i eth0 -s 118.187.15.101 -j DROP
iptables -I INPUT -i eth0 -s 123.129.223.140 -j DROP
iptables -I INPUT -i eth0 -s 142.93.224.70 -j DROP
iptables -I INPUT -i eth0 -s 158.69.225.26 -j DROP
iptables -I INPUT -i eth0 -s 141.212.123.31 -j DROP
iptables -I INPUT -i eth0 -s 144.76.99.209 -j DROP
iptables -I INPUT -i eth0 -s 151.101.86.113 -j DROP
iptables -I INPUT -i eth0 -s 173.249.59.64 -j DROP
iptables -I INPUT -i eth0 -s 174.136.12.130 -j DROP
iptables -I INPUT -i eth0 -s 176.227.171.58 -j DROP
iptables -I INPUT -i eth0 -s 176.227.172.33 -j DROP
iptables -I INPUT -i eth0 -s 178.128.195.200 -j DROP
iptables -I INPUT -i eth0 -s 183.213.21.3 -j DROP
iptables -I INPUT -i eth0 -s 184.105.139.69 -j DROP
iptables -I INPUT -i eth0 -s 184.105.139.89 -j DROP
iptables -I INPUT -i eth0 -s 184.105.139.101 -j DROP
iptables -I INPUT -i eth0 -s 185.50.106.229 -j DROP
iptables -I INPUT -i eth0 -s 185.94.111.1 -j DROP
iptables -I INPUT -i eth0 -s 185.199.111.153 -j DROP
iptables -I INPUT -i eth0 -s 188.130.7.85 -j DROP
iptables -I INPUT -i eth0 -s 188.165.36.150 -j DROP
iptables -I INPUT -i eth0 -s 190.2.130.116 -j DROP
iptables -I INPUT -i eth0 -s 193.19.118.187 -j DROP
iptables -I INPUT -i eth0 -s 193.19.119.242 -j DROP
iptables -I INPUT -i eth0 -s 193.228.143.13 -j DROP
iptables -I INPUT -i eth0 -s 193.228.143.14 -j DROP
iptables -I INPUT -i eth0 -s 195.54.122.198 -j DROP
iptables -I INPUT -i eth0 -s 195.154.36.30 -j DROP
iptables -I INPUT -i eth0 -s 202.36.54.224 -j DROP
iptables -I INPUT -i eth0 -s 203.101.184.121 -j DROP
iptables -I INPUT -i eth0 -s 203.107.42.192 -j DROP
iptables -I INPUT -i eth0 -s 203.107.42.193 -j DROP
iptables -I INPUT -i eth0 -s 206.189.27.197 -j DROP
iptables -I INPUT -i eth0 -s 208.85.241.142 -j DROP
iptables -I INPUT -i eth0 -s 212.8.253.226 -j DROP
ekhalil wrote:
I usually enter the IP addresses of the DoS attacks that I see in the logs in the Drop IP Tables, and that helps in preventing further attacks.
Is the concept here that iptables processing takes place before firewall processing? i.e. the firewall software doesn't "see" these packets, and thus does not record them? They are still arriving, but just not processed? If the Orbi is not responding to these packets, how much workload does this eliminate?