Forum Discussion

Aspirant

Aug 01, 2020

DoS Attacks

I am using the MR60 Wifi 6 Mesh with no ISP router as i have FTTP Full Fibre 900, but i am receiving attacks! What should i do? DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, ...

mniceguy81

Guide

Aug 02, 2020

Here's my logs

DOS Attacks

DoS attack: ACK Scan] from source 40.86.223.86,port 33021 Sunday, Aug 02,2020 02:58:58
[DoS attack: ACK Scan] from source 40.86.223.86,port 56338 Sunday, Aug 02,2020 02:58:57
[DoS attack: ACK Scan] from source 40.86.223.86,port 46605 Sunday, Aug 02,2020 02:58:57
[DoS attack: ACK Scan] from source 40.86.223.86,port 50834 Sunday, Aug 02,2020 02:58:57
[DoS attack: RST Scan] from source 172.217.168.10,port 443 Sunday, Aug 02,2020 02:56:08
[DoS attack: RST Scan] from source 54.154.80.134,port 443 Sunday, Aug 02,2020 02:29:48
[DoS attack: ACK Scan] from source 51.79.142.79,port 50002 Sunday, Aug 02,2020 02:08:12

Lan Access

[LAN access from remote] from 121.132.211.244 port 13101 to xxx.xxx.xxx.xxx port 80 Sunday, Aug 02,2020 02:54:01
[LAN access from remote] from 176.126.175.10 port 46592 to xxx.xxx.xxx.xxx port 80 Sunday, Aug 02,2020 02:36:27
[LAN access from remote] from 201.187.99.212 port 50099 to xxx.xxx.xxx.xxx port 80 Sunday, Aug 02,2020 02:09:32
[LAN access from remote] from 201.187.99.212 port 50054 to xxx.xxx.xxx.xxx port 80 Sunday, Aug 02,2020 02:09:31
[LAN access from remote] from 201.187.99.212 port 16420 to xxx.xxx.xxx.xxx port 80 Sunday, Aug 02,2020 02:09:31
[LAN access from remote] from 156.96.58.118 port 46864 to xxx.xxx.xxx.xxx port 50326 Sunday, Aug 02,2020 02:08:00
[LAN access from remote] from 114.35.74.193 port 53078 to xxx.xxx.xxx.xxx port 80 Sunday, Aug 02,2020 02:06:34
[LAN access from remote] from 114.35.74.193 port 9875 to xxx.xxx.xxx.xxx port 80 Sunday, Aug 02,2020 02:06:34

michaelkenward

Guru - Experienced User

Aug 02, 2020

Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.

Search - NETGEAR Communities – DoS attacks

Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.

Here is a useful tool for that task:

IPNetInfo: Retrieve IP Address Information from WHOIS servers

mniceguy81
Guide
Aug 02, 2020
Dear michaelkenward,

Thank you for sharing that and the tool, you're right as some of the IP's are from well known Companies but the one's below made me change my network, reset my passwords and also started to and extra firewall 😂

[LAN access from remote] from 201.187.99.212 port 50099 Sunday, Aug 02,2020 02:08:12

Checking Ports = 80, Information about the IP = 201.187.99.212

[DoS attack: ACK Scan] from source 51.79.142.79,port 50002 Sunday, Aug 02,2020 02:08:12

Information about the IP = 51.79.142.79

[LAN access from remote] from 156.96.58.118 port 46864 Sunday, Aug 02,2020 02:08:12
Information about the IP = 156.96.58.118

[LAN access from remote] from 114.35.74.193 port 53078 Sunday, Aug 02,2020 02:08:12
Checking Ports = 80 Information about the IP = 114.35.74.193

Thank you again and sorry if i hijacked the post
- mniceguy81
  Guide
  Aug 02, 2020
  PLS - click on the IP's as they will send you to AbuseIPDB, this where i found information about these IP's
  
  Sorry i couldn't edit my post as i don't have edit button