NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Logging for all products
I am really surprised and dissapointed that with routers today being quad core Netgear has not beefed up their security options in particular logging. Which such a heavy emphasis on cyber security th...
CrimpOn wrote:
It has been five hours since my telnet to the Orbi, config set log_mobile_conn=1, and reboot. (Have confirmed that it remains "=1" rather than "=0")
[admin login] from source 192.168.1.2, Monday, December 24, 2018 16:03:59
[admin login] from source 192.168.1.2, Monday, December 24, 2018 12:20:15
[admin login] from source 192.168.1.2, Monday, December 24, 2018 11:32:16
[Time synchronized with NTP server] Monday, December 24, 2018 11:14:47
[admin login] from source 192.168.1.2, Monday, December 24, 2018 11:13:12
[Initialized, firmware version: V2.2.1.210] Monday, December 24, 2018 11:12:52
Still no evidence of DHCP activity, DoS, port scans, etc. I went through the files in /etc/config and did not find any mention of "log_mobil_conn", nor did Google turn up a reference to it. Are there any settings besides "0" and "1"? Or, any other ideas.
Sorry for this! :( I then think that your only option would be factory reset.
I'm also missing the DoS in the log, but I see everything else.
This is how my log looks like today:
[admin login] from source 192.168.1.20, Tuesday, December 25, 2018 13:36:20
[admin login] from source 192.168.1.20, Tuesday, December 25, 2018 13:25:36
[DHCP IP: 192.168.1.30] to MAC address 98:01:a7:c7:b0:f9, Tuesday, December 25, 2018 13:20:46
[admin login] from source 192.168.1.20, Tuesday, December 25, 2018 13:10:29
[DHCP IP: 192.168.1.20] to MAC address a0:99:9b:0b:3f:5b, Tuesday, December 25, 2018 13:04:35
[DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Tuesday, December 25, 2018 12:53:00
[DHCP IP: 192.168.1.23] to MAC address 48:4b:aa:2d:52:5d, Tuesday, December 25, 2018 12:16:44
[DHCP IP: 192.168.1.83] to MAC address b4:07:f9:3f:87:62, Tuesday, December 25, 2018 11:28:51
[DHCP IP: 192.168.1.76] to MAC address c8:69:cd:58:26:f4, Tuesday, December 25, 2018 11:12:03
[DHCP IP: 192.168.1.22] to MAC address 60:d9:c7:a3:e3:36, Tuesday, December 25, 2018 10:38:58
[Dynamic DNS] host name xx.xx.xx.xx registeration successful, Tuesday, December 25, 2018 10:29:35
[Dynamic DNS] host name xx.xx.xx.xx registeration failure, Tuesday, December 25, 2018 10:29:25
[DHCP IP: 192.168.1.4] to MAC address dc:a4:ca:b9:85:8d, Tuesday, December 25, 2018 09:47:25
[DHCP IP: 192.168.1.26] to MAC address f4:31:c3:4f:71:1c, Tuesday, December 25, 2018 09:34:52
[DHCP IP: 192.168.1.195] to MAC address c8:02:10:62:c7:01, Tuesday, December 25, 2018 08:28:09
[DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Tuesday, December 25, 2018 08:22:33
[DHCP IP: 192.168.1.155] to MAC address 00:09:34:42:64:ba, Tuesday, December 25, 2018 07:58:11
[DHCP IP: 192.168.1.166] to MAC address 00:09:34:2c:d1:ec, Tuesday, December 25, 2018 06:46:14
[DHCP IP: 192.168.1.70] to MAC address 7c:e9:d3:99:a3:03, Tuesday, December 25, 2018 06:06:07
[DHCP IP: 192.168.1.28] to MAC address 28:a0:2b:3b:8d:a0, Tuesday, December 25, 2018 06:02:50
[DHCP IP: 192.168.1.2] to MAC address 78:d2:94:b5:06:17, Tuesday, December 25, 2018 06:00:35
[DHCP IP: 192.168.1.73] to MAC address 00:04:20:eb:c0:54, Tuesday, December 25, 2018 06:00:15
[DHCP IP: 192.168.1.72] to MAC address 00:04:20:f3:af:6e, Tuesday, December 25, 2018 06:00:05
[DHCP IP: 192.168.1.194] to MAC address 30:a9:de:3c:e1:4d, Tuesday, December 25, 2018 05:59:58
[DHCP IP: 192.168.1.189] to MAC address 30:a9:de:bf:8e:53, Tuesday, December 25, 2018 05:59:49
[DHCP IP: 192.168.1.75] to MAC address 5c:f9:38:dc:11:cc, Tuesday, December 25, 2018 05:59:39
[DHCP IP: 192.168.1.188] to MAC address 30:a9:de:bf:86:89, Tuesday, December 25, 2018 05:59:31
[DHCP IP: 192.168.1.199] to MAC address c8:02:10:0e:7c:7c, Tuesday, December 25, 2018 05:59:27
[DHCP IP: 192.168.1.198] to MAC address c8:02:10:0e:7b:b0, Tuesday, December 25, 2018 05:59:27
[DHCP IP: 192.168.1.76] to MAC address c8:69:cd:58:26:f4, Tuesday, December 25, 2018 05:59:26
[DHCP IP: 192.168.1.187] to MAC address c4:36:6c:d9:3d:ed, Tuesday, December 25, 2018 05:59:23
[DHCP IP: 192.168.1.196] to MAC address e8:f2:e2:ad:b6:8a, Tuesday, December 25, 2018 05:59:23
[DHCP IP: 192.168.1.193] to MAC address c8:02:10:62:c7:55, Tuesday, December 25, 2018 05:59:23
[DHCP IP: 192.168.1.77] to MAC address ac:ca:54:01:da:25, Tuesday, December 25, 2018 05:58:48
[DHCP IP: 192.168.1.71] to MAC address 70:ee:50:2d:8f:94, Tuesday, December 25, 2018 05:31:27
[DHCP IP: 192.168.1.197] to MAC address 30:a9:de:b7:35:07, Tuesday, December 25, 2018 05:06:32
[DHCP IP: 192.168.1.31] to MAC address 8c:2d:aa:45:f4:f9, Tuesday, December 25, 2018 05:00:18
[DHCP IP: 192.168.1.85] to MAC address 80:d2:1d:15:83:b7, Tuesday, December 25, 2018 03:37:11
[DHCP IP: 192.168.1.22] to MAC address 60:d9:c7:a3:e3:36, Tuesday, December 25, 2018 02:16:41
[DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Tuesday, December 25, 2018 02:03:13
[DHCP IP: 192.168.1.83] to MAC address b4:07:f9:3f:87:62, Tuesday, December 25, 2018 01:53:22
[DHCP IP: 192.168.1.22] to MAC address 60:d9:c7:a3:e3:36, Tuesday, December 25, 2018 01:51:18
[DHCP IP: 192.168.1.31] to MAC address 8c:2d:aa:45:f4:f9, Tuesday, December 25, 2018 01:49:11
[DHCP IP: 192.168.1.22] to MAC address 60:d9:c7:a3:e3:36, Tuesday, December 25, 2018 01:36:42
[DHCP IP: 192.168.1.23] to MAC address 48:4b:aa:2d:52:5d, Tuesday, December 25, 2018 01:31:29
[DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Tuesday, December 25, 2018 00:58:43
[DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Tuesday, December 25, 2018 00:41:30
[DHCP IP: 192.168.1.31] to MAC address 8c:2d:aa:45:f4:f9, Tuesday, December 25, 2018 00:31:27
[DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Tuesday, December 25, 2018 00:27:37
[DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Tuesday, December 25, 2018 00:24:36
[DHCP IP: 192.168.1.20] to MAC address a0:99:9b:0b:3f:5b, Monday, December 24, 2018 23:55:00
[DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Monday, December 24, 2018 23:54:53
[DHCP IP: 192.168.1.4] to MAC address dc:a4:ca:b9:85:8d, Monday, December 24, 2018 23:44:23
[admin login] from source 192.168.1.20, Monday, December 24, 2018 23:38:12
[admin login] from source 192.168.1.20, Monday, December 24, 2018 23:38:11
[admin login] from source 192.168.1.20, Monday, December 24, 2018 23:31:23
[admin login failure] from source 192.168.1.20, Monday, December 24, 2018 23:31:15
[DHCP IP: 192.168.1.23] to MAC address 48:4b:aa:2d:52:5d, Monday, December 24, 2018 23:26:22
[admin login failure] from source 192.168.1.20, Monday, December 24, 2018 23:16:41
[admin login] from source 192.168.1.20, Monday, December 24, 2018 23:16:04
[DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Monday, December 24, 2018 22:57:48
[DHCP IP: 192.168.1.20] to MAC address a0:99:9b:0b:3f:5b, Monday, December 24, 2018 22:51:13
[admin login] from source 192.168.1.20, Monday, December 24, 2018 22:18:19
[DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Monday, December 24, 2018 22:15:48
[DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Monday, December 24, 2018 22:09:51
[DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Monday, December 24, 2018 21:55:40
[DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Monday, December 24, 2018 21:45:21
[DHCP IP: 192.168.1.26] to MAC address f4:31:c3:4f:71:1c, Monday, December 24, 2018 21:32:10
[DHCP IP: 192.168.1.23] to MAC address 48:4b:aa:2d:52:5d, Monday, December 24, 2018 21:26:41
[DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Monday, December 24, 2018 21:18:31
[DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Monday, December 24, 2018 21:01:14
[DHCP IP: 192.168.1.85] to MAC address 80:d2:1d:15:83:b7, Monday, December 24, 2018 20:42:32
[DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Monday, December 24, 2018 20:41:15
[DHCP IP: 192.168.1.28] to MAC address 28:a0:2b:3b:8d:a0, Monday, December 24, 2018 20:28:17
[DHCP IP: 192.168.1.195] to MAC address c8:02:10:62:c7:01, Monday, December 24, 2018 20:07:57
[DHCP IP: 192.168.1.155] to MAC address 00:09:34:42:64:ba, Monday, December 24, 2018 19:58:10
[DHCP IP: 192.168.1.195] to MAC address c8:02:10:62:c7:01, Monday, December 24, 2018 19:54:06
[DHCP IP: 192.168.1.28] to MAC address 28:a0:2b:3b:8d:a0, Monday, December 24, 2018 19:37:10
[DHCP IP: 192.168.1.84] to MAC address 10:08:c1:dd:94:74, Monday, December 24, 2018 19:36:20
[DHCP IP: 192.168.1.28] to MAC address 28:a0:2b:3b:8d:a0, Monday, December 24, 2018 19:10:49
[Dynamic DNS] host name xx.xx.xx.xx registeration successful, Monday, December 24, 2018 19:02:56
[Dynamic DNS] host name xx.xx.xx.xx registeration failure, Monday, December 24, 2018 19:02:55
[DHCP IP: 192.168.1.23] to MAC address 48:4b:aa:2d:52:5d, Monday, December 24, 2018 19:01:16
[admin login] from source 192.168.1.20, Monday, December 24, 2018 19:00:25
[admin login failure] from source 192.168.1.20, Monday, December 24, 2018 18:54:42
[admin login] from source 192.168.1.20, Monday, December 24, 2018 18:54:36
[admin login failure] from source 192.168.1.20, Monday, December 24, 2018 18:54:32
[DHCP IP: 192.168.1.30] to MAC address 98:01:a7:c7:b0:f9, Monday, December 24, 2018 18:47:56
[DHCP IP: 192.168.1.166] to MAC address 00:09:34:2c:d1:ec, Monday, December 24, 2018 18:46:11
[DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Monday, December 24, 2018 18:26:24
[DHCP IP: 192.168.1.84] to MAC address 10:08:c1:dd:94:74, Monday, December 24, 2018 18:20:15
[DHCP IP: 192.168.1.23] to MAC address 48:4b:aa:2d:52:5d, Monday, December 24, 2018 18:05:46
[DHCP IP: 192.168.1.70] to MAC address 7c:e9:d3:99:a3:03, Monday, December 24, 2018 18:03:57
[Log Cleared] Monday, December 24, 2018 18:03:20
ekhalil wrote:
.........
I'm also missing the DoS in the log, but I see everything else.
..........
The other day I was testing a SIP telephony switch and I made port forwarding in Orbi to direct RTP packets in to the SIP switch, directly after that I got DoS events in the logs. I really don't know what the relation between the two events:
[DoS Attack: SYN/ACK Scan] from source: 31.13.72.53, port 443, Friday, January 04, 2019 22:49:38
[DoS Attack: SYN/ACK Scan] from source: 31.13.72.8, port 80, Friday, January 04, 2019 22:49:36
[DoS Attack: ACK Scan] from source: 157.240.194.63, port 443, Friday, January 04, 2019 22:49:34
[DoS Attack: ACK Scan] from source: 31.13.72.53, port 443, Friday, January 04, 2019 22:49:29
[LAN access from remote] from xxxxxxxxxxxxxxxx: 44075 to 192.168.1.100:xxxx, Friday, January 04, 2019 22:46:48
When I search information about those DoS source IP addresses (31.13.72.8, 31.13.72.53 and 157.240.194.63) I see that they are somehow related to Facebook!!!
Those events disappeared directly in the Log when I removed the port forwarding!
ekhalil wrote:
ekhalil wrote:
.........
I'm also missing the DoS in the log, but I see everything else.
..........
The other day I was testing a SIP telephony switch and I made port forwarding in Orbi to direct RTP packets in to the SIP switch, directly after that I got DoS events in the logs. I really don't know what the relation between the two events:
[DoS Attack: SYN/ACK Scan] from source: 31.13.72.53, port 443, Friday, January 04, 2019 22:49:38
[DoS Attack: SYN/ACK Scan] from source: 31.13.72.8, port 80, Friday, January 04, 2019 22:49:36
[DoS Attack: ACK Scan] from source: 157.240.194.63, port 443, Friday, January 04, 2019 22:49:34
[DoS Attack: ACK Scan] from source: 31.13.72.53, port 443, Friday, January 04, 2019 22:49:29
[LAN access from remote] from xxxxxxxxxxxxxxxx: 44075 to 192.168.1.100:xxxx, Friday, January 04, 2019 22:46:48
When I search information about those DoS source IP addresses (31.13.72.8, 31.13.72.53 and 157.240.194.63) I see that they are somehow related to Facebook!!!
Those events disappeared directly in the Log when I removed the port forwarding!
Just checked now and it seems that making the port forwarding -somehow- just "activated" the DoS logging! Today my log if full of DoS attacks!
[DHCP IP: 192.168.1.70] to MAC address 7c:e9:d3:99:a3:03, Sunday, January 06, 2019 13:14:05
[DHCP IP: 192.168.1.83] to MAC address b4:07:f9:3f:87:62, Sunday, January 06, 2019 13:06:58
[DHCP IP: 192.168.1.199] to MAC address c8:02:10:0e:7c:7c, Sunday, January 06, 2019 12:53:58
[DoS Attack: SYN/ACK Scan] from source: 34.225.98.72, port 443, Sunday, January 06, 2019 12:33:38
[DHCP IP: 192.168.1.20] to MAC address a0:99:9b:0b:3f:5b, Sunday, January 06, 2019 12:30:59
[DHCP IP: 192.168.1.23] to MAC address 48:4b:aa:2d:52:5d, Sunday, January 06, 2019 12:15:28
[DHCP IP: 192.168.1.20] to MAC address a0:99:9b:0b:3f:5b, Sunday, January 06, 2019 11:48:21
[DoS Attack: TCP/UDP Chargen] from source: 184.105.139.125, port 31720, Sunday, January 06, 2019 08:13:29
[DHCP IP: 192.168.1.155] to MAC address 00:09:34:42:64:ba, Sunday, January 06, 2019 06:42:20
[DoS Attack: ACK Scan] from source: 17.252.105.117, port 5223, Sunday, January 06, 2019 05:04:41
[DHCP IP: 192.168.1.87] to MAC address 44:07:0b:b0:df:a6, Sunday, January 06, 2019 04:53:23
[DHCP IP: 192.168.1.83] to MAC address b4:07:f9:3f:87:62, Sunday, January 06, 2019 04:40:30
[DoS Attack: TCP/UDP Chargen] from source: 212.64.111.52, port 407, Sunday, January 06, 2019 04:24:49
[DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Sunday, January 06, 2019 04:20:00
[DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Sunday, January 06, 2019 03:44:16
[DHCP IP: 192.168.1.88] to MAC address 20:df:b9:8e:0c:17, Sunday, January 06, 2019 02:39:38
[DoS Attack: ACK Scan] from source: 17.252.108.212, port 5223, Sunday, January 06, 2019 02:32:23
[DHCP IP: 192.168.1.73] to MAC address 00:04:20:eb:c0:54, Sunday, January 06, 2019 01:20:46
[DoS Attack: ACK Scan] from source: 157.240.194.63, port 443, Sunday, January 06, 2019 01:12:24
[DHCP IP: 192.168.1.70] to MAC address 7c:e9:d3:99:a3:03, Sunday, January 06, 2019 01:08:13
[DHCP IP: 192.168.1.199] to MAC address c8:02:10:0e:7c:7c, Sunday, January 06, 2019 00:53:53
[DoS Attack: ACK Scan] from source: 205.251.219.116, port 443, Sunday, January 06, 2019 00:52:31
[DoS Attack: ACK Scan] from source: 31.13.72.53, port 443, Sunday, January 06, 2019 00:52:09
[DoS Attack: ACK Scan] from source: 205.251.219.116, port 443, Sunday, January 06, 2019 00:51:32
[DoS Attack: ACK Scan] from source: 31.13.72.53, port 443, Sunday, January 06, 2019 00:51:21
[DoS Attack: SYN/ACK Scan] from source: 205.251.219.116, port 443, Sunday, January 06, 2019 00:51:09
[DoS Attack: SYN/ACK Scan] from source: 31.13.72.8, port 80, Sunday, January 06, 2019 00:51:06
[DoS Attack: ACK Scan] from source: 205.251.219.116, port 443, Sunday, January 06, 2019 00:51:04
[DoS Attack: ACK Scan] from source: 31.13.72.53, port 443, Sunday, January 06, 2019 00:50:57
[DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Sunday, January 06, 2019 00:50:31
[DoS Attack: SYN/ACK Scan] from source: 35.247.252.134, port 30120, Sunday, January 06, 2019 00:45:43
[DHCP IP: 192.168.1.83] to MAC address b4:07:f9:3f:87:62, Sunday, January 06, 2019 00:44:50
[DoS Attack: ACK Scan] from source: 31.13.72.53, port 443, Sunday, January 06, 2019 00:30:30
[DoS Attack: ACK Scan] from source: 31.13.72.8, port 80, Sunday, January 06, 2019 00:25:55
[DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Sunday, January 06, 2019 00:08:28
[DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Sunday, January 06, 2019 00:07:57
[DoS Attack: ACK Scan] from source: 157.240.194.18, port 80, Sunday, January 06, 2019 00:02:08
[DoS Attack: SYN/ACK Scan] from source: 31.13.72.12, port 443, Sunday, January 06, 2019 00:01:50
[DoS Attack: SYN/ACK Scan] from source: 157.240.194.18, port 80, Sunday, January 06, 2019 00:01:48
[DoS Attack: ACK Scan] from source: 157.240.194.18, port 80, Sunday, January 06, 2019 00:01:40
[DHCP IP: 192.168.1.23] to MAC address 48:4b:aa:2d:52:5d, Saturday, January 05, 2019 23:54:30
[DoS Attack: ACK Scan] from source: 31.13.72.8, port 80, Saturday, January 05, 2019 23:49:32
[DoS Attack: ACK Scan] from source: 31.13.72.53, port 443, Saturday, January 05, 2019 23:49:25
[DoS Attack: ACK Scan] from source: 31.13.72.8, port 80, Saturday, January 05, 2019 23:49:03
[DoS Attack: ACK Scan] from source: 31.13.72.53, port 443, Saturday, January 05, 2019 23:48:58
[DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Saturday, January 05, 2019 23:48:32
[DoS Attack: ACK Scan] from source: 31.13.72.8, port 80, Saturday, January 05, 2019 23:46:16
[DoS Attack: ACK Scan] from source: 31.13.72.53, port 443, Saturday, January 05, 2019 23:45:54
[DoS Attack: ACK Scan] from source: 31.13.72.8, port 80, Saturday, January 05, 2019 23:45:02
[DoS Attack: ACK Scan] from source: 31.13.72.53, port 443, Saturday, January 05, 2019 23:44:51
[DoS Attack: ACK Scan] from source: 31.13.72.8, port 80, Saturday, January 05, 2019 23:44:25
[DoS Attack: ACK Scan] from source: 31.13.72.53, port 443, Saturday, January 05, 2019 23:44:21
[DoS Attack: SYN/ACK Scan] from source: 31.13.72.8, port 80, Saturday, January 05, 2019 23:44:19
[DoS Attack: ACK Scan] from source: 31.13.72.53, port 443, Saturday, January 05, 2019 23:44:19
[DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Saturday, January 05, 2019 23:43:27
[DoS Attack: ACK Scan] from source: 157.240.194.18, port 80, Saturday, January 05, 2019 23:38:24
[DoS Attack: ACK Scan] from source: 31.13.72.53, port 443, Saturday, January 05, 2019 23:37:33
[DoS Attack: ACK Scan] from source: 157.240.194.18, port 80, Saturday, January 05, 2019 23:37:27
[DoS Attack: ACK Scan] from source: 31.13.72.53, port 443, Saturday, January 05, 2019 23:37:00
[DoS Attack: ACK Scan] from source: 157.240.194.18, port 80, Saturday, January 05, 2019 23:36:58
[DoS Attack: SYN/ACK Scan] from source: 194.132.191.49, port 443, Saturday, January 05, 2019 23:35:54
[DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Saturday, January 05, 2019 23:35:31
[DoS Attack: ACK Scan] from source: 31.13.72.53, port 443, Saturday, January 05, 2019 23:34:32
[DoS Attack: ACK Scan] from source: 157.240.20.63, port 443, Saturday, January 05, 2019 23:34:12
CrimpOn, please try this trick! Add a temporary port forwarding, and then remove it afer a while (not sure if you need to get some traffic through this port forwarding rule) and see if you will start seeing the DoS attempts in the Logs! :)
No Joy so far. I set up port forwarding for FTP and HTTP (to a printer, but what the heck). After five hours, no DoS and no DHCP. I deleted those ports and set up one for IP_Phone (also to the printer). Hmmm. I wonder what happens if I open a port to a non-existant IP address?
Anyway, nothing yet.
Just as an aside, I would be a LOT happier if Netgear had chosen to "save configuration" as a text file (XML), rather than binary. When I was writing software, it was so damn convenient to save a configuration by doing a binary write of a C structure. One write and it's done! I got in the habit of leaving blank spots in the struture for future use, but that didn't always work out. If we could save the configuration in a way that could be read back in and "parsed", I would be happy to "reset to factory." The thought of typing in all those MAC addresses makes me less eager to reset the Orbi and see what happens.
CrimpOn wrote:
No Joy so far. I set up port forwarding for FTP and HTTP (to a printer, but what the heck). After five hours, no DoS and no DHCP. I deleted those ports and set up one for IP_Phone (also to the printer). Hmmm. I wonder what happens if I open a port to a non-existant IP address?
Anyway, nothing yet.
Just as an aside, I would be a LOT happier if Netgear had chosen to "save configuration" as a text file (XML), rather than binary. When I was writing software, it was so damn convenient to save a configuration by doing a binary write of a C structure. One write and it's done! I got in the habit of leaving blank spots in the struture for future use, but that didn't always work out. If we could save the configuration in a way that could be read back in and "parsed", I would be happy to "reset to factory." The thought of typing in all those MAC addresses makes me less eager to reset the Orbi and see what happens.
Very wired, I really don't know what makes the logging behavior suddenly change. I think that I now have all types of logging in, I don't dare to reboot the router so as not to loose this logging again! This is how my log looks right now:
[admin login] from source 192.168.1.20, Monday, January 07, 2019 18:52:22
[DHCP IP: 192.168.1.11] to MAC address b0:2a:43:13:c2:73, Monday, January 07, 2019 18:38:27
[DoS Attack: SYN/ACK Scan] from source: 114.80.184.10, port 80, Monday, January 07, 2019 18:04:35
[DHCP IP: 192.168.1.26] to MAC address f4:31:c3:4f:71:1c, Monday, January 07, 2019 17:56:43
[DHCP IP: 192.168.1.22] to MAC address 60:d9:c7:a3:e3:36, Monday, January 07, 2019 14:20:12
[DoS Attack: TCP/UDP Echo] from source: 185.165.169.146, port 41369, Monday, January 07, 2019 14:02:21
[DHCP IP: 192.168.1.75] to MAC address 5c:f9:38:dc:11:cc, Monday, January 07, 2019 13:57:04
[DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Monday, January 07, 2019 13:20:10
[DHCP IP: 192.168.1.70] to MAC address 7c:e9:d3:99:a3:03, Monday, January 07, 2019 13:18:22
[DoS Attack: SYN/ACK Scan] from source: 94.130.6.24, port 53, Monday, January 07, 2019 13:08:56
[DoS Attack: TCP/UDP Chargen] from source: 52.73.169.169, port 49011, Monday, January 07, 2019 13:07:48
[DHCP IP: 192.168.1.20] to MAC address a0:99:9b:0b:3f:5b, Monday, January 07, 2019 12:43:37
[DoS Attack: SYN/ACK Scan] from source: 94.130.6.24, port 53, Monday, January 07, 2019 12:40:14
[DHCP IP: 192.168.1.12] to MAC address 14:c2:13:04:8b:3a, Monday, January 07, 2019 12:31:15
[DHCP IP: 192.168.1.75] to MAC address 5c:f9:38:dc:11:cc, Monday, January 07, 2019 11:53:18
[DHCP IP: 192.168.1.73] to MAC address 00:04:20:eb:c0:54, Monday, January 07, 2019 09:16:23
[DHCP IP: 192.168.1.22] to MAC address 60:d9:c7:a3:e3:36, Monday, January 07, 2019 09:05:18
[DHCP IP: 192.168.1.21] to MAC address 10:02:b5:9f:b6:c7, Monday, January 07, 2019 08:46:53
[DoS Attack: TCP/UDP Chargen] from source: 54.249.206.188, port 44444, Monday, January 07, 2019 08:46:16
[DHCP IP: 192.168.1.21] to MAC address 10:02:b5:9f:b6:c7, Monday, January 07, 2019 08:45:08
[DHCP IP: 192.168.1.77] to MAC address ac:ca:54:01:da:25, Monday, January 07, 2019 08:43:09
[DHCP IP: 192.168.1.71] to MAC address 70:ee:50:2d:8f:94, Monday, January 07, 2019 08:33:02
[DoS Attack: SYN/ACK Scan] from source: 144.0.3.32, port 80, Monday, January 07, 2019 08:32:11
[DoS Attack: TCP/UDP Chargen] from source: 103.60.13.2, port 39245, Monday, January 07, 2019 07:52:29
[DHCP IP: 192.168.1.4] to MAC address dc:a4:ca:b9:85:8d, Monday, January 07, 2019 06:45:17
[DoS Attack: TCP/UDP Chargen] from source: 212.64.111.52, port 44926, Monday, January 07, 2019 04:25:09
[DHCP IP: 192.168.1.89] to MAC address 44:07:0b:cd:38:ed, Monday, January 07, 2019 04:14:41
[DHCP IP: 192.168.1.31] to MAC address 8c:2d:aa:45:f4:f9, Monday, January 07, 2019 03:02:04
[DHCP IP: 192.168.1.23] to MAC address 48:4b:aa:2d:52:5d, Monday, January 07, 2019 02:55:21
[DoS Attack: TCP/UDP Chargen] from source: 191.96.249.112, port 34717, Monday, January 07, 2019 02:48:10
