NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Orbi CBR40 Getting DoS attack: snmpQueryDrop
Hello,
Is Obri blocking these DDoS attacks?
I'm seeing about 10 attacks per day in the logs. I've checked their IP's and they are not the false positive scenarios like Facebook, Amazon, or Dropbox.
I have noticed some Internet connection issues from one machine.
Here is a sample from the log:
[DoS attack: snmpQueryDrop] from source 104.140.188.22,port 50991 Sunday, Mar 28,2021 09:36:30
[DoS attack: snmpQueryDrop] from source 147.203.255.20,port 59285 Sunday, Mar 28,2021 09:32:10
[DoS attack: snmpQueryDrop] from source 167.71.186.157,port 44001 Sunday, Mar 28,2021 03:37:58
[DoS attack: snmpQueryDrop] from source 192.241.227.186,port 39491 Sunday, Mar 28,2021 00:43:15
[DoS attack: snmpQueryDrop] from source 104.152.52.24,port 53489 Saturday, Mar 27,2021 22:53:09
[DoS attack: snmpQueryDrop] from source 146.88.240.4,port 34380 Saturday, Mar 27,2021 20:54:14
[DoS attack: snmpQueryDrop] from source 192.35.168.125,port 58949 Saturday, Mar 27,2021 19:33:32
[DoS attack: snmpQueryDrop] from source 184.105.139.67,port 34756 Saturday, Mar 27,2021 18:25:42
[DoS attack: snmpQueryDrop] from source 89.248.167.193,port 48685 Saturday, Mar 27,2021 16:23:18
[DoS attack: snmpQueryDrop] from source 104.206.128.26,port 49765 Saturday, Mar 27,2021 10:10:09
[DoS attack: snmpQueryDrop] from source 37.49.229.191,port 39316 Saturday, Mar 27,2021 08:42:20
[DoS attack: snmpQueryDrop] from source 192.241.227.85,port 43263 Saturday, Mar 27,2021 07:47:17
[DoS attack: snmpQueryDrop] from source 74.120.14.26,port 22280 Saturday, Mar 27,2021 06:18:20
[DoS attack: snmpQueryDrop] from source 167.71.186.157,port 57601 Saturday, Mar 27,2021 00:18:59
Should I be concerned?
Thanks in advance!
3 Replies
gabegarcia wrote:Is Obri blocking these DDoS attacks?
I'm seeing about 10 attacks per day in the logs. I've checked their IP's and they are not the false positive scenarios like Facebook, Amazon, or Dropbox.
Should I be concerned?
Yes, Orbi's firewall does not accept connection attempts from the internet until the user deliberately sets up either port forwarding, Remote Administration, or OpenVPN. These log entries are the result of firewall logic which collects connection requests and attempts to assign them to categories. I monitor two Orbi systems and they both regularly log about 30 of these "attacks" every day. (Yes, every day.) I have seen comments that Netgear's logic is flowed and logs things as "attacks" that are not.
I do not recall seeing any "snmp" events in my log files.
Be Concerned? I think not. If you would rather not see the entries in the log file, there is an option to stop logging them.
Be sure to visit and post about this in the Orbi with cable modem forum:
https://community.netgear.com/t5/Orbi-with-Built-in-Cable-Modem/bd-p/en-home-orbi-cable
Thank you.
