Is it just me?

---

UK_Wildcats wrote:

I have a XR700 router, and I have been seeing a LOT of the same subnet DOS attacks in my system logs.  In addition, I have been have a lot more internet disruptions that correlate to the same times as this DOS attacks in the logs.

---

Thanks for responding.  day 10 and "still going..." (like the Energizer Bunny). I would think after hammering at port 80 and never getting a connection, this goofball would move on to something else.

My Orbi does not seem bothered by the connection attempts.  I have PingInfoView from Nirsoft pinging three DNS servers every 30 seconds (CloudFlare, Google, and Cloud Nine)  Out of the last 10,000 or so pings, only a handful have failed to respond and they do not seem to be "clustered".  i.e. One of the three will miss a ping, but not the other two.  ICMP is a UDP packet, which is not guaranteed to be delivered, so there is no way to know whether the missing ping is

• a packet that never reached the DNS server
• a packet that got dropped somewhere along the way back
• a packet that arrived at my Orbi but the Orbi was "too busy" to process it

There could be different types of DoS attacks that have greater impact on the Orbi, or my experiment is flawed, but so far I do not see a strong correlation beteen Orbi log entries and service disruptions.

I really wish Netgear had published something describing how the DoS attack mechanism works.  Surely a single connection attempt is not enough to be called an "attack".  Would it be 10? 20?  100?  No idea.