NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Change DNS Settings on Orbi
Hi, How do you change the DNS Servers on the Netgear Router administration page? I have an Orbi RBR40 router with 2 RBR30 Satellites and have been experiencing intermittent internet connectivity is...
Good to hear. I would mark this thread as solved so others will know. Create a new post regarding your connnection issues. We'll help you out there.
Thank you for letting us know.
Contacted phone support again just now,agent asked what entries I had in my logs, for ex. if there were any DoS attack entries. I told him I saw the following entries repeatedly:
[DoS Attack: ACK Scan] from source: 104.129.195.15, port 443, Friday, April 03, 2020 16:40:26
He then had me make the following changes:
Disable Port Scan and DoS Protection based on seeing DoS attack log entries
changed MTU from 1500 to 1472
Disable SIP ALG
Said that the DoS attacks were coming from the Cable Modem. Not sure if this opens me up to some vulnerability.
Shahab
Shahab wrote:Contacted phone support again just now,agent asked what entries I had in my logs, for ex. if there were any DoS attack entries. I told him I saw the following entries repeatedly:
[DoS Attack: ACK Scan] from source: 104.129.195.15, port 443, Friday, April 03, 2020 16:40:26
He then had me make the following changes:
Disable Port Scan and DoS Protection based on seeing DoS attack log entries
changed MTU from 1500 to 1472
Disable SIP ALGSaid that the DoS attacks were coming from the Cable Modem. Not sure if this opens me up to some vulnerability.
When I tlook up 104.29.195.15, it belongs to a company headquartered in San Jose, CA. (http://whois.domaintools.com/104.129.195.15 )
This is just my opinion, but I find the recommendations suspect:
- Disabling logging of DoS attempts does not make them "go away." It only stops showing them in the log.
- Cable modems do not have separate IP addresses, certainly not 104.129.195.15.
There is a way to see if a computer in your network has opened a connection to that IP address:
- On the Orbi debug page (http://orbilogin.net/debug.htm), check the box, "Enable Telnet"
- User a telnet to connect to the Orbi using the admin credentials ("admin" and password)
- Type this command:
cat /proc/net/ip_conntrack
- This wlil produce a list of every "open connection" between any device in your LAN and the internet. If one of the connections goes to 104.129.195.15, then some process on that device is connected to that IP address.
I have kept the Orbi logs from two Orbi systems since last August. Every day these Orbi's log hundreds of DoS attempts, and they never have any effect on my Orbi operation. They are like robocalls. I could write down the (bogus) phone number of every call that I refuse to answer (i.e. "log them"). The fact that I do not write them down does not mean that they didn't happen.
Shahab wrote:
He then had me make the following changes:
Disable Port Scan and DoS Protection based on seeing DoS attack log entries
changed MTU from 1500 to 1472
Disable SIP ALGSaid that the DoS attacks were coming from the Cable Modem. Not sure if this opens me up to some vulnerability.
Sounds like rubbish to me.
Who did you talk to? Not, I hope, a number you found with a web search. That's dangerous.
Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.
Search - NETGEAR Communities – DoS attacks
Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.
Here is a useful tool for that task:
IPNetInfo: Retrieve IP Address Information from WHOIS servers
If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.
