NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi Pro AC3000 Tri-Band SRR60 - DoS attacks in log files
I read numerous posts about DoS attacks in the log files. It wasn't clear to me if these are ghost messages are they are in fact DoS attacks and logged correctly. I am chasing Wi-Fi dropping at a church. I looked up several source IP addresses, and they include Amazon AWS, HostPapa, DropBox, etc. After the DoS messages are logged, several clients have dropped and given new IP addresses. See an example in bold below. I am not a networking expert but never had so much trouble debugging router issues such as with the Orbi. Should I be concerned and send email to the abuse emails of the source IP owners? Any chance the "attacks" are related to WiFi dropping (and ethernet working).
[DHCP IP: 192.168.1.36] to MAC address 1c:45:86:fd:e6:98, Wednesday, July 06, 2022 19:45:22
[DoS Attack: TCP/UDP Chargen] from source: 146.88.240.4, port 34646, Wednesday, July 06, 2022 19:37:41
[DoS Attack: ACK Scan] from source: 162.125.8.17, port 443, Wednesday, July 06, 2022 19:37:05
[DHCP IP: 192.168.1.83] to MAC address 14:7d:da:a6:fd:8b, Wednesday, July 06, 2022 19:34:33
[DHCP IP: 192.168.1.17] to MAC address 8a:05:63:71:fb:e4, Wednesday, July 06, 2022 19:34:30
[DHCP IP: 192.168.1.32] to MAC address 82:43:18:0e:a7:72, Wednesday, July 06, 2022 19:33:57
[DHCP IP: 192.168.1.17] to MAC address 8a:05:63:71:fb:e4, Wednesday, July 06, 2022 19:31:14
[DHCP IP: 192.168.1.47] to MAC address ea:28:ab:f0:62:95, Wednesday, July 06, 2022 19:30:43
[DHCP IP: 192.168.1.45] to MAC address fe:1c:12:dd:aa:4b, Wednesday, July 06, 2022 19:30:05
[DHCP IP: 192.168.1.37] to MAC address 4e:3f:2e:20:28:c1, Wednesday, July 06, 2022 19:30:03
[DoS Attack: ACK Scan] from source: 162.125.19.131, port 443, Wednesday, July 06, 2022 19:25:55
[DoS Attack: ACK Scan] from source: 162.125.19.130, port 443, Wednesday, July 06, 2022 19:25:29
[DHCP IP: 192.168.1.7] to MAC address 8c:85:90:4f:d5:2c, Wednesday, July 06, 2022 19:13:24
[DoS Attack: ACK Scan] from source: 162.125.19.131, port 443, Wednesday, July 06, 2022 19:11:30
[DoS Attack: ACK Scan] from source: 162.125.19.130, port 443, Wednesday, July 06, 2022 19:10:32
[DHCP IP: 192.168.1.36] to MAC address 1c:45:86:fd:e6:98, Wednesday, July 06, 2022 19:09:41
[DoS Attack: ACK Scan] from source: 162.125.19.9, port 443, Wednesday, July 06, 2022 19:04:20
[DoS Attack: ACK Scan] from source: 17.248.200.30, port 443, Wednesday, July 06, 2022 19:02:26
[DHCP IP: 192.168.1.7] to MAC address 8c:85:90:4f:d5:2c, Wednesday, July 06, 2022 19:01:37
9 Replies
- Hi, I am just a user as well. I also have posted this very same thing on this site.
From what I was told, the router is doing exactly what is was designed to do. The router is picking up this "traffic". Is it blocking it? Yes I believe so. Is it recording it in the log? Yes.
I have had no issues with Netgear (other than some buggy firmware updates in the past). I have now simply disabled the log. There is no need for me to see this. Again, I have no issues with Netgear...maybe someone that is more technical may chime in. But I think you are good. I am not sure if emailing these companies would do any good. Have a great day...So, if they are real DoS attacks, is the Orbi logging after one attempted access or after N attempted and successive accesses?
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
