NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DoS attack: ACK Scan
So I've been seeing a lot of posts about this but I am unable to reply to any of them. I just bought an AX3000 a few days ago and I'm getting a LOT of DoS Attack: ACK Scan items in my admin log. Every time I see a cluster of them my entire network drops off for a few seconds then comes right back up. I've been told to change my IP Address but my ISP is a pain in the ass and swears up and down they cannot do it manually, I either have to keep changing modems until it finally changes (50/50 chance according to them), or take my modem offline for 12-24hrs (also a 50/50 chance). These days it's difficult to do that as entire houses can live off the internet from security systems and appliances. Is there anything else I can do to hopefully resolve this? Can I turn off these stupid scans that are known to be false positives or anything?
The most recent article I've found on this is here: https://community.netgear.com/t5/Nighthawk-WiFi-Routers/DoS-attack-ACK-Scan-from-source/td-p/1768924# and it's almost identical to my issue.
Any support would be great.
Note: A similar issue where my network would randomly drop for a few seconds was present on my previous ASUS router but I am unable to confirm if it was also receiving similar "DoS Attack: ACK Scan" reports.
3 Replies
You don't say if you have tried the suggestions made in the many conversations on this issue. The "almost identical" is only the half of it. There are dozens of discussions on similar lines.
The first thing to try is to disable the logging of these events. This does nothing to reduce your protection but it does ease the strain on the router's processor as it writes all those log entries.
Sorry, you're right I forgot that.
I've tried requesting a new IP via my ISP they wouldn't do it. I've replaced my modem but the IP is still the same. There's no viruses on any devices on my network. I have every device on my network labeled.
How would I go about disabling the log to ease some of the stress. The log was enabled automatically and I saw no simple way to turn it off.
Franglestine wrote:
I've tried requesting a new IP via my ISP they wouldn't do it.
I fear that you are barking up the wrong tree. No one is attacking you.
Netgear is great at creating false reports of DoS attacks. Many of them are no such thing.
Search - NETGEAR Communities – DoS attacks
Just use whois to see who is behind some of them. You may find that they are from places like Facebook, Google, even your ISP.
Here is a useful tool for that task:
IPNetInfo: Retrieve IP Address Information from WHOIS servers
Franglestine wrote:
How would I go about disabling the log to ease some of the stress. The log was enabled automatically and I saw no simple way to turn it off.
If you visit the support pages:
Support | NETGEAR
you can feed in the model number and find all the documentation for your hardware.
You can find the model number on the label on the device. (AX3000 is not a model number, RAX35? RAX40?)Read the bit in the manual View and manage logs of router activity.
