NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

PSIU's avatar
PSIU
Guide
Jan 17, 2021

Orbi RBR50 suddenly getting [DoS Attack: ARP Attack]

Not sure what happened and hoping some can help. My Orbi RBR50 is getting a lot of messages similar to the ones shown below for some reason. What should i do? 

 

[DoS Attack: RST Scan] from source: 203.205.219.196, port 80, Sunday, January 17, 2021 22:34:05
[DoS Attack: SYN/ACK Scan] from source: 135.125.132.29, port 80, Sunday, January 17, 2021 22:33:42
[DoS Attack: RST Scan] from source: 49.51.20.85, port 80, Sunday, January 17, 2021 22:33:40
[DoS Attack: RST Scan] from source: 203.205.235.86, port 8080, Sunday, January 17, 2021 22:30:45
[DoS Attack: RST Scan] from source: 49.51.89.155, port 80, Sunday, January 17, 2021 22:30:44
[DoS Attack: ARP Attack] from source: 192.168.1.139, Sunday, January 17, 2021 22:29:45

 

Model: RBR50 v2

Firmware version: 2.5.1.16

 

 

7 Replies

  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User
    Jan 17, 2021
    Copy Link
    PSIU wrote:

    Not sure what happened and hoping some can help. My Orbi RBR50 is getting a lot of messages similar to the ones shown below for some reason. What should i do? 

    There is nothing anyone can do about attempts to connect to the public IP address from the internet.  It is "public".  The post says "suddenly".  Is this correct?  Or, was this the first time you looked at the Orbi log?

     

    I collect the logs from two separate Orbi systems (typical OCD behavior).  Both systems log this sort of thing all day, every day, typically about 65 entries per day.  This has been going on for 18 months, and neither system has ever failed in any way.  There were two periods when the number of events suddenly increased to every two seconds for about 24 hours before whoever was doing that quit.  There is an option to have the Orbi no longer log these events.  They still happen, but the log does not fill up with entries about them.

     

    The fact that these "attempts" are logged indicates that the Orbi is aware of them, rejected them, and made a note.

     

    This is similar to Robocalls.  There is no way to stop people from making them.  What customers CAN do it (a) never answer a call from a number they do not recognize, and (b) set up their phone to automatically reject calls with certain parameters (such as no CallerID at all). But, they cannot stop Robocalls from happening.

     

    Some forum members have commented:

    • Creating the log entries consumer some Orbi resources. (no one knows how much).
      Stopping the log function will free up those resources.
    • Some people feel that Netgear's algorithms detect "attacks" that are not actually real.
      i.e. they count how many packets of a certain type arrive from a specific IP address in a certain time and decide, "THIS time it's malicious. Log it."  Since Netgear does not publish their algorithms, there is no way to validate this possibility.

    Wow. This rant wasn't what you wanted. Sorry.

    • PSIU's avatar
      PSIU
      Guide
      Jan 25, 2021
      Copy Link

      ok, sounds like this isn't anything much i can do or i should worry about. thanks.

  • FURRYe38's avatar
    FURRYe38
    Guru - Experienced User
    Jan 17, 2021
    Copy Link

    What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?