NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

RPHome's avatar
RPHome
Follower
Jan 23, 2023

DOS

I am getting these DOS Attach warnings.  What is happening?  Am I protected?  What can I do to stop this?

RBRE960 Setup.

 

Thanks,

 

RPHome  (See Below)

 

[DoS attack: DoSPortScan] from source 59.15.248.108,port 63480 Monday, Jan 23,2023 12:35:05

[DoS attack: DoSPortScan] from source 198.235.24.23,port 56069 Monday, Jan 23,2023 12:35:02

[DoS attack: DoSPortScan] from source 162.243.142.20,port 44295 Monday, Jan 23,2023 12:34:47

[DoS attack: DoSPortScan] from source 104.244.72.129,port 57184 Monday, Jan 23,2023 12:34:47

[DoS attack: DoSPortScan] from source 89.248.163.176,port 53006 Monday, Jan 23,2023 12:34:45

[DoS attack: DoSPortScan] from source 89.248.165.46,port 52405 Monday, Jan 23,2023 12:34:44

[DoS attack: DoSPortScan] from source 59.15.248.108,port 63480 Monday, Jan 23,2023 12:34:38

[DoS attack: DoSPortScan] from source 89.248.163.189,port 55012 Monday, Jan 23,2023 12:34:32

[DoS attack: DoSPortScan] from source 176.111.174.81,port 50685 Monday, Jan 23,2023 12:34:32

[DoS attack: DoSPortScan] from source 59.15.248.108,port 63480 Monday, Jan 23,2023 12:34:26

[DoS attack: DoSPortScan] from source 193.163.125.211,port 46589 Monday, Jan 23,2023 12:34:24

[DoS attack: DoSPortScan] from source 89.248.165.184,port 43070 Monday, Jan 23,2023 12:34:21

[DoS attack: DoSPortScan] from source 59.15.248.108,port 63480 Monday, Jan 23,2023 12:34:19

[DoS attack: DoSPortScan] from source 193.57.40.49,port 50860 Monday, Jan 23,2023 12:34:08

[DoS attack: DoSPortScan] from source 157.245.98.202,port 55155 Monday, Jan 23,2023 12:34:03

[DoS attack: DoSPortScan] from source 89.248.165.46,port 52405 Monday, Jan 23,2023 12:33:57

[DoS attack: DoSPortScan] from source 94.102.61.47,port 42229 Monday, Jan 23,2023 12:33:51

[DoS attack: DoSPortScan] from source 59.15.248.108,port 63480 Monday, Jan 23,2023 12:33:48

[DoS attack: DoSPortScan] from source 91.240.118.190,port 41351 Monday, Jan 23,2023 12:33:34

[DoS attack: DoSPortScan] from source 59.15.248.108,port 63480 Monday, Jan 23,2023 12:33:34

[DoS attack: DoSPortScan] from source 88.214.24.59,port 45846 Monday, Jan 23,2023 12:33:23

[DoS attack: DoSPortScan] from source 194.26.29.37,port 51044 Monday, Jan 23,2023 12:33:09

[DoS attack: DoSPortScan] from source 89.248.165.46,port 52405 Monday, Jan 23,2023 12:33:09

[DoS attack: DoSPortScan] from source 59.15.248.108,port 63480 Monday, Jan 23,2023 12:33:02

[DoS attack: DoSPortScan] from source 89.248.165.46,port 52405 Monday, Jan 23,2023 12:33:00

[DoS attack: DoSPortScan] from source 121.5.64.197,port 55089 Monday, Jan 23,2023 12:32:59

[DoS attack: DoSPortScan] from source 198.235.24.44,port 56541 Monday, Jan 23,2023 12:32:52

[DoS attack: DoSPortScan] from source 194.26.29.195,port 50897 Monday, Jan 23,2023 12:32:49

[DoS attack: DoSPortScan] from source 59.15.248.108,port 63480 Monday, Jan 23,2023 12:32:46

[DoS attack: DoSPortScan] from source 59.15.248.108,port 63480 Monday, Jan 23,2023 12:32:36

[DoS attack: DoSPortScan] from source 89.248.165.46,port 52405 Monday, Jan 23,2023 12:32:32

[DoS attack: DoSPortScan] from source 94.102.61.47,port 44203 Monday, Jan 23,2023 12:32:27

[DoS attack: DoSPortScan] from source 218.37.76.229,port 25259 Monday, Jan 23,2023 12:32:26

2 Replies

  • CrimpOn's avatar
    CrimpOn
    Guru
    Jan 23, 2023

    Alas, there is nothing the customer can do to stop people (or robots) on the internet from sending connection requests to any public IP address they want.  The log message is the router's internal software saying, "I received a bunch of connection requests from this IP address and they fit a pattern called XXXXX.  I rejected all those connection attempts."

     

    Questions:

    • How do you prevent people from sending you junk mail?
    • How do you prevent people (or robots) from calling your public telephone number and offering to "extend your car warranty" or "upgrade to drought  tolerant landscaping"?
    • How do you prevent people from ringing your door bell to tell you about Solar panels?

    Answer: you can't.  Same thing with these random connection attempts.

     

    What you can do is tell the Orbi to stop analyzing and logging them.

  • FURRYe38's avatar
    FURRYe38
    Guru
    Jan 23, 2023

    Those are just blocking entries in the log reporting what is happening. The system is blocking and working correctly. 

    You can do a whois lookup on those WAN IP addresses to see where they are coming from. 

    What Firmware version is currently loaded?
    What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?