NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

jonstrong's avatar
jonstrong
Follower
Oct 14, 2022

I've been on the verge of getting an Orbi AX6000

Apologies for jumping into the middle of this discussion  - but I've been on the verge of getting an Orbi AX6000 3-pack to replace my existing mesh that's had horribly fluctuating bandwidth recently (bad firmware? unsure), and I came across this thread. I'm curious about the log example CrimpOn shared; it looks to me to be showing a DOS attack (if I'm interpreting this correctly). How much impact on usable bandwidth is this having? Do these attacks coincide with the dropouts you're experiencing? 

 

- Jon 

1 Reply

  • CrimpOn's avatar
    CrimpOn
    Guru
    Oct 14, 2022

    Orbi firmware (at least on my older RBR50 model, I have no idea what Netgear has done with this feature on newer models) has an option to turn off software which scans for attempts to access the router and logs those findings.

     

    This scanning in no way affects the router firewall.  The firewall does not accept incoming connections unless the user has deliberately forwarded ports to devices on the LAN. Period.  Not gonna happen.

     

    That software, which Netgear has never published any description of, appears to 'count things'.  Perhaps one attempt to connect is a random thing.  But, 100 attempts to connect in a short period of time is an 'attack'.  It would be really cool if there was documentation about this feature, but so far no one has discovered it.

     

    My system records hundreds of such DoS "attacks" every day, 365 days a year.   Occasionally, the number of scans will increase dramatically as (apparently) some doofus has begun pounding the internet.  At no time has my CPU load increased dramatically, nor has my system ever lost connection.  As far as I can tell, the scanning software places almost no demand on my system.

     

    There is no way to stop people from sending connection attempts to your public IP address. Can you stop people from sending junk mail to your mailbox?  Can you stop people from dialing your phone number?  All you can do is not respond, which is what the router does.

     

    It is a mystery to me why some Orbi users report horrible problems with their network connections when thousands of other users do not. My own personal opinion is that DoS attacks are not the issue.