NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

RobrtM's avatar
RobrtM
Follower
Jan 28, 2022

Orbi RBR50 Constantly dropping connection fixed at long last

I noticed in the log several DoS attacks. Seemingly random but some occurred every few seconds. Sometimes two or three from different IPs. These coincided with my network going down soon after. Afte...
CrimpOn's avatar
CrimpOn
Guru - Experienced User
Jan 28, 2022
RobrtM wrote:

And because of that, bots that search across the Internet target the IPs of those using Netgear and Amazon services.

 

Xfinity has protection in place to stop DoS attacks. They don't allow ping nor acknowledgment.

 

Changes done are as follows.

Step one, block the IPs showing in the log in my Windows firewall.

Step two,  Orbi setting for WAN, check the box next to Disable Port Scan and DoS Protection.

This seems counter intuitive but blocking Port Scan is what I think is the key.

Step three reboot Orbi.

An interesting presentation.  Great if it has made your system stable.  Some parts lead me to questions:

  • Netgear and Amazon services.  What mechanism would a bot use to learn which IP's are connecting to Netgear and Amazon services? Individual IP's open connections directly to Netgear and Amazon URL's.  If ISP routers are compromised, then perhaps someone could snoop on connections, but short of that I see no way that a computer somewhere on the internet can know that I have some product that uses AWS and my neighbor does not.
  • The Windows Firewall is inside the Orbi LAN, and thus protected from connection attempts from those IP addresses.  The Windows Fireall, like the Orbi itself, does not accept incomming connection requests.  I cannot see how anything done to the Winidows Firwall will have any effect on this situation at all.
  • Xfinity is upstream of the Orbi.  If Xfinity is blocking DoS attacks, they should not reach the Orbi.  It is not clear what the point is of mentioning Xfinity.
  • Disabling Port Scan and DoS Protection has been mentioned in terms of conserving the processor cycles that would be consumed by that analysis.  It has nothing to do with the Orbi firewall basic settings.   Outgoing connections are allowed and incomming connections are rejected. If these DoS scans actually overpower the Orbi processor, there might be consequences.

This phenomenon of Orbi routers spontaneously rebooting has been reported and I cannot recall discussion of a definite conclusion for what could be causing it. If it happend to all Orbi routers, all of the time, there would be a tremendous Hue and Cry on the internet.

 

I think of Denial of Service as a concerted effort to block a specific web activity. i.e. keep people from being able to connect to some web site, or from being able to send email.  It seems a bit much to think that someone has decided, "I'll pick a random IP address out in the world and make their router stop."