NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
MR60 Denial of Service Attacks
The past few weeks, I have been getting a lot of DOS attacks, some bad enough that the MR60 goes offline for a minute or so, then returns. I have a Netgear GS108v4 switch wired into the MR60 ethernet port. Even the hard-wired ethernet port goes offline during the minute or two involved.
Typical log entries:
[Internet connected] IP address: 73.106.184.30, Thursday, Jan 26,2023 12:14:40
[DHCP IP: (192.168.1.18)] to MAC address 9C:76:13:15:2B:8F, Thursday, Jan 26,2023 12:14:36
[DHCP IP: (192.168.1.19)] to MAC address 9C:76:13:15:2B:D1, Thursday, Jan 26,2023 12:14:35
[DHCP IP: (192.168.1.9)] to MAC address 34:3E:A4:85:0C:C2, Thursday, Jan 26,2023 12:14:35
[DHCP IP: (192.168.1.25)] to MAC address 54:3A:D6:C0:B6:51, Thursday, Jan 26,2023 12:14:25
[Internet disconnected] Thursday, Jan 26,2023 12:14:25
[DoS attack: Fraggle Attack] from source 96.120.5.125,port 67 Thursday, Jan 26,2023 12:14:23
My MR60 and satellites' firmware is up to date.
My network is setup thus:
Comcast Cable Internet (1.2 gbps download) <--> Motorola "modem" <--> MR-60 <--> Wireless Network
|
+ <--> Netgear switch
Does anyone have an idea on how to handle this so my system does not go offline?
Thanks
7 Replies
- False positives.
NETGEAR's firmware is known for creating many false positives. This puts a strain on the CPU. As you can see in your log, there are even "attacks" from your local deices (192.168.x.x IP addresses).
I'd disable DoS protection completely and see if the issues goes away. You're not missing much since most are, as I mentioned, false positives.The MR60 has no DoS protection, at least nothing tha is settable via the web or app interface.
I can understand false positives. Why would the router go offline (amber light) then come back online? Is that preventable?
What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?
Be sure your using a good quality LAN cable between the modem and router. CAT6 is recommended.Whats the user manual say for LED behaviors on the MR?
The [DoS attack: Fraggle Attack] is just the logs and MR reporting that it is blocking something. Typical entry if these are detected.
The [DHCP IP: (192.168.1.18)] are typical log entries that the MR is reporting for newly connected devices and getting a IP address from the MR. This is not a attack.
You can do a whois lookup on those WAN side IP addresses to see where they come from:
96.120.5.125
It's recommended to edit out MAC addresses and product serial numbers before posting in public forums for security reasons.
The IP is registered to Comcast, my ISP. 🙂
What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?
Be sure your using a good quality LAN cable between the modem and router. CAT6 is recommended.What's the user manual say for LED behaviors on the MR?
