NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17 [DoS
I have just setup and started to use a Nighthawk XR500 (Previously using R1 with DumaOS installed), when I looked at the log all I could see was [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985 (This is the routers IP address) . It seems to happen multiple times a minute, the port address changes, and the internet seems to reconnect occasionally.
The firmware is upto date. I have to have my router connected to the houses main router, though it does come through a DMZ. The R1 worked fine without any complaints with this configuration. Do you have any suggestions?
What follows is a small sample of the Routers log:-
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 48311, Monday, March 04, 2019 14:33:58
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 48311, Monday, March 04, 2019 14:33:58
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 48311, Monday, March 04, 2019 14:33:58
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 48311, Monday, March 04, 2019 14:33:58
Ah, That explains it. Yes, having another router infront of the XR router would probably generate this condition. This would be a double NAT condition which isn't recommended.
What happens if you replace the TP=Link router with the XR router? I presume it would work well.
FYI, I tried the AC5400, nice and all. Not good for multiple game consoles playing same game at the same time and forum support is lacking. Also upgrading FW, you can revert back FW versions either. I sent mine back.
Mrbchambers wrote:
Sorry I should have told you this from the start, my current configuration is:- TP-Link N600 Model TD-W9980 in bridge mode, to supply a VDSL connection (Via PPOE) to a TP-Link AC5400 gaming router, and then onto the XR500.
I removed the XR from the main host routers DMZ as you suggested, and I couldn't see any reduction in generation of [DoS Attack: IP Spoofing] from source: 192.168.1.1messages. Also I have removed all wired access, and wireless access, and left the routers to do their own thing. On reconnection of this (imac) machine the log seems to have the same number of entries as it would have with everything connected.
6 Replies
What is the Mfr and model# of the ISP modem the NG router is connected too?
What happens if you remove the XR router from the main host routers DMZ?
Mrbchambers wrote:
I have just setup and started to use a Nighthawk XR500 (Previously using R1 with DumaOS installed), when I looked at the log all I could see was [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985 (This is the routers IP address) . It seems to happen multiple times a minute, the port address changes, and the internet seems to reconnect occasionally.
The firmware is upto date. I have to have my router connected to the houses main router, though it does come through a DMZ. The R1 worked fine without any complaints with this configuration. Do you have any suggestions?
What follows is a small sample of the Routers log:-
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 48311, Monday, March 04, 2019 14:33:58
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 48311, Monday, March 04, 2019 14:33:58
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 48311, Monday, March 04, 2019 14:33:58
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 48311, Monday, March 04, 2019 14:33:58Sorry I should have told you this from the start, my current configuration is:- TP-Link N600 Model TD-W9980 in bridge mode, to supply a VDSL connection (Via PPOE) to a TP-Link AC5400 gaming router, and then onto the XR500.
I removed the XR from the main host routers DMZ as you suggested, and I couldn't see any reduction in generation of [DoS Attack: IP Spoofing] from source: 192.168.1.1messages. Also I have removed all wired access, and wireless access, and left the routers to do their own thing. On reconnection of this (imac) machine the log seems to have the same number of entries as it would have with everything connected.
Hi Mrb - just going to paste our response that we gave to you on our own forum, so anyone searching for this topic will see it in future:
Logs are a NETGEAR feature, and they're very sensitive, so I wouldn't be too concerned.
If you Google your issue, the conclusion is that it's likely to be nothing to worry about (read all of this thread for example: https://arstechnica.com/civis/viewtopic.php?f=10&t=1321917)
If you're still concerned, I recommend you give NETGEAR's support a call: https://www.netgear.com/support/contact.aspx
Hope that helps.