NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
how bad is this ?
Nighthawk AX6 6-Stream AX5400 WiFi Router(RAX50)
Nighthawk 2.5Gbps Cable Modem (CM2000)
connection is slow and unstable and the logs are always dos attacks
[DoS attack: RST Scan] from source 216.239.32.223,port 443 Monday, Jan 26, 2026 01:42:38
[DoS attack: Fraggle Attack] from source UNKNOWN,port 5223 Monday, Jan 26, 2026 01:39:21
[DoS attack: Fraggle Attack] from source UNKNOWN,port 5223 Monday, Jan 26, 2026 01:28:56
[DoS attack: Fraggle Attack] from source UNKNOWN,port 5223 Monday, Jan 26, 2026 01:18:31
[DoS attack: Fraggle Attack] from source UNKNOWN,port 5223 Monday, Jan 26, 2026 01:08:06
[DoS attack: Fraggle Attack] from source UNKNOWN,port 5223 Monday, Jan 26, 2026 00:57:41
[DoS attack: Fraggle Attack] from source UNKNOWN,port 5223 Monday, Jan 26, 2026 00:47:16
[DoS attack: Fraggle Attack] from source UNKNOWN,port 5223 Monday, Jan 26, 2026 00:36:51
[DoS attack: ACK Scan] from source 52.48.245.147,port 5223 Monday, Jan 26, 2026 00:35:51
[DHCP IP: (192.168.1.11)] to MAC address 04:03:D6:DB:F9:64, Monday, Jan 26, 2026 00:30:37
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Monday, Jan 26, 2026 00:26:26
[DoS attack: ACK Scan] from source 3.169.183.82,port 443 Monday, Jan 26, 2026 00:24:27
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Monday, Jan 26, 2026 00:16:01
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Monday, Jan 26, 2026 00:05:36
[DHCP IP: (192.168.1.10)] to MAC address A0:CC:2B:B5:74:35, Monday, Jan 26, 2026 00:00:03
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Sunday, Jan 25, 2026 23:55:11
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Sunday, Jan 25, 2026 23:44:46
[DoS attack: ACK Scan] from source 23.56.126.144,port 443 Sunday, Jan 25, 2026 23:44:33
[DHCP IP: (192.168.1.5)] to MAC address E2:A0:8F:52:28:01, Sunday, Jan 25, 2026 23:34:34
[admin login] from source 192.168.1.9, Sunday, Jan 25, 2026 23:34:24
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Sunday, Jan 25, 2026 23:34:21
[Time synchronized with NTP server] Sunday, Jan 25, 2026 23:33:54
[DHCP IP: (192.168.1.3)] to MAC address 54:BD:79:24:C7:D1, Sunday, Jan 25, 2026 23:33:51
[DHCP IP: (192.168.1.8)] to MAC address 02:0F:B5:E0:60:9B, Sunday, Jan 25, 2026 23:33:47
[DHCP IP: (192.168.1.7)] to MAC address F4:A9:97:17:6E:44, Sunday, Jan 25, 2026 23:33:46
[DHCP IP: (192.168.1.6)] to MAC address 68:9A:87:A0:0C:16, Sunday, Jan 25, 2026 23:33:45
[DoS attack: ACK Scan] from source 128.116.116.3,port 443 Sunday, Jan 25, 2026 23:17:55
[DHCP IP: (192.168.1.9)] to MAC address 00:1F:D0:81:10:A3, Sunday, Jan 25, 2026 23:17:54
[DHCP IP: (192.168.1.7)] to MAC address F4:A9:97:17:6E:44, Sunday, Jan 25, 2026 23:17:52
[DHCP IP: (192.168.1.6)] to MAC address 68:9A:87:A0:0C:16, Sunday, Jan 25, 2026 23:17:46
[DoS attack: ACK Scan] from source 54.159.126.87,port 443 Sunday, Jan 25, 2026 23:17:41
[DoS attack: ACK Scan] from source 54.159.126.87,port 443 Sunday, Jan 25, 2026 23:17:40
[Internet connected] IP address: 67.164.7.68, Sunday, Jan 25, 2026 23:17:40
[DHCP IP: (192.168.1.3)] to MAC address 54:BD:79:24:C7:D1, Sunday, Jan 25, 2026 23:17:25
[Internet disconnected] Sunday, Jan 25, 2026 23:17:22
[OPENVPN] NTP sync time failed. Get correct system time then reconnect. Sunday, Jan 25, 2026 23:17:16
[Initialized, firmware version: V1.0.17.142_2.0.100] Sunday, Jan 25, 2026 23:17:16
[DHCP IP: (192.168.1.2)] to MAC address 02:0F:B5:8E:28:24, Sunday, Jan 25, 2026 23:17:16
6 Replies
Agree with StephenB that the log entries are not a critical concern. Any time a router is exposed to the internet, it will receive all sorts of connection attempts (just as our phones and mailboxes receive unwanted attention). The router firewall simply ignores all of these attempts. Netgear includes software which records these attempts and tries to make sense of them using algorithms (which are not documented anywhere) and the results are posted in the log. One interesting note is that Fraggle Attacks most likely originated within the ISP network, which indicates that one of their other customers may have been hacked. (read some internet search descriptions of Fraggle Attack. Fascinating.)
While not a high end product, the RAX50 should have no trouble supporting 25 WiFi devices. Investigating that would be a more productive use of time & effort.
What speed do you get wired?
What speed do you get directly from the modem hardwired into it?
What speeds do you pay for?
Got a copy of the modem logs and the cable connections page from it?
I always prefer to start at step one (the modem) and work up from there.connection is slow and unstable
If you reboot the router, does the connection start off ok? Or is it just as slow right after the restart?
If you remove forwarded ports, anything in the dmz, and disable upnp, does the problem disappear?
If not, then one option is to try saving the config, doing a factory reset of the router, and then restoring the config. If the problem doesn't disappear after the reset, you could try contacting your ISP.
I have rebooted the router and it seems just as slow at restart. I will try disabling upnp, check for any port forwarding and look in dmz, factory reset, then report back.
Are the DoS attacks a concern ? Thank you
What devices do you have all connected. The one IP address ACK scan is from Amazon. You might turn OFF all devices that connects to the router save one ethernet PC and see if those UNKNOWNs stop being logged.
