NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
DoS Attacks in Log
New Orbi yesterday, coming from an (awful) Nighthawk R7000. Looking at the log, seeing attacks I never saw with the R7000. Lots of these:
[DoS Attack: SYN/ACK Scan] from source: 51.79.160.249, port 55901, Wednesday, May 27, 2020 11:15:21
[DoS Attack: ACK Scan] from source: 162.125.7.13, port 443, Wednesday, May 27, 2020 09:58:20
[DoS Attack: TCP/UDP Echo] from source: 83.97.20.35, port 41468, Wednesday, May 27, 2020 13:21:39
I guess it's saying that the router firewall is doing its job, but something to be concerned about?
fmalloy wrote:I guess it's saying that the router firewall is doing its job, but something to be concerned about?
You are correct. The firewall is doing what it is supposed to. There is an option in the Orbi web interface to stop displaying these reports. I personally leave them in the log for entertainment. I have never found documentation for what the firewall notice is actually describing, which would make the log more informative. When I look at my Orbi WAN traffic with Wireshark, for example, my cable system appears to be flooded with ARP packets. What has led Orbi to think that they are directed at me? And, how many does it take to be a "scan"?
p.s. I have kept every Orbi log for over a year. There are reports such as these every day, and my Orbi has never gone down.
2 Replies
fmalloy wrote:I guess it's saying that the router firewall is doing its job, but something to be concerned about?
You are correct. The firewall is doing what it is supposed to. There is an option in the Orbi web interface to stop displaying these reports. I personally leave them in the log for entertainment. I have never found documentation for what the firewall notice is actually describing, which would make the log more informative. When I look at my Orbi WAN traffic with Wireshark, for example, my cable system appears to be flooded with ARP packets. What has led Orbi to think that they are directed at me? And, how many does it take to be a "scan"?
p.s. I have kept every Orbi log for over a year. There are reports such as these every day, and my Orbi has never gone down.
Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.
Search - NETGEAR Communities – DoS attacks
Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.
Here is a useful tool for that task:
IPNetInfo: Retrieve IP Address Information from WHOIS servers
In your case, one of those attacks is from Dropbox another is from OVH Hosting, Inc. They may be familiar to you.
If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.
