NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi Pro AC3000 Tri-Band SRR60 - DoS attacks in log files
I read numerous posts about DoS attacks in the log files. It wasn't clear to me if these are ghost messages are they are in fact DoS attacks and logged correctly. I am chasing Wi-Fi dropping at a chu...
Hi, I am just a user as well. I also have posted this very same thing on this site.
From what I was told, the router is doing exactly what is was designed to do. The router is picking up this "traffic". Is it blocking it? Yes I believe so. Is it recording it in the log? Yes.
I have had no issues with Netgear (other than some buggy firmware updates in the past). I have now simply disabled the log. There is no need for me to see this. Again, I have no issues with Netgear...maybe someone that is more technical may chime in. But I think you are good. I am not sure if emailing these companies would do any good. Have a great day...
From what I was told, the router is doing exactly what is was designed to do. The router is picking up this "traffic". Is it blocking it? Yes I believe so. Is it recording it in the log? Yes.
I have had no issues with Netgear (other than some buggy firmware updates in the past). I have now simply disabled the log. There is no need for me to see this. Again, I have no issues with Netgear...maybe someone that is more technical may chime in. But I think you are good. I am not sure if emailing these companies would do any good. Have a great day...
So, if they are real DoS attacks, is the Orbi logging after one attempted access or after N attempted and successive accesses?
- That I do not know.
Most are not even true DoS attacks - causes are when mobile devices have connections open and disconnect eg due to power saving, connection loss, wireless disconnect, roaming to different SSIDs or AP connections, uplink (Internet connections going down or bouncing).
Note: I reserved IP addresses for known devices and most of the DHCP renewing and messages have gone away.
I looked up the IP address, organization and abuse email from the log messages. These look like bad players and not smart phone related. The church I am helping has a lot of these messages Sunday mornings ...
[DoS Attack: SYN/ACK Scan] from source: 89.184.85.86, port 443, Saturday, July 09, 2022 09:15:56
Internet Invest Ltd., Kiev Ukraine, abuse noc@mirohost.net[DoS Attack: SYN/ACK Scan] from source: 45.148.10.59, port 3875, Saturday, July 09, 2022 09:12:41
PPTECHNOLOGY LIMITED, London England, abuse@pptechnology.cc[DoS Attack: RST Scan] from source: 156.146.45.187, port 65372, Saturday, July 09, 2022 08:49:01
RIPE Network Coordination Centre, Amsterdam, NL, abuse@ripe.net[DoS Attack: SYN/ACK Scan] from source: 51.116.127.185, port 80, Saturday, July 09, 2022 08:47:30
Microsoft Limited, Great Britain abuse@microsoft.com[DoS Attack: SYN/ACK Scan] from source: 94.130.137.174, port 443, Saturday, July 09, 2022 08:46:28
Hetzner Online GmbH, D-91710 Gunzenhausen Germany, abuse@hetzner.com
[DoS Attack: SYN/ACK Scan] from source: 60.30.162.22, port 47060, Saturday, July 09, 2022 08:42:06
China Unicom Beijing, abuse hqs-ipabuse@chinaunicom.cn
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
