NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Redtulips7's avatar
Redtulips7
Luminary
Nov 28, 2019

RAX120 Firmware Version 1.0.1.108

New Features and Enhancements: •Supports the Tx Beamforming option under Advanced > Wireless Settings to improve legacy wireless client support. Bug Fixes: •Wireless disconnection when WiFi passwo...
Killhippie's avatar
Killhippie
Prodigy
Dec 02, 2019

Since the update is anyone seeing a flood of SYN/ACK DoS attacks from 148.251.48.231?
 I have had hundreds atarting last week, pretty much when the firmware was released and I updated. According to my ISP its something the router is calling out for, or its a vulnerabilty in the new firmware. That seems a bit dramatic but then again this amount of scans is not fun and its a cut down version.

[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:52:34
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:52:25
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:52:16
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:51:37
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December 02, 2019 12:51:28
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, December
01, 2019 21:59:43
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 21:27:47
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 21:14:36
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 21:01:22
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 20:55:03
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 20:49:09
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 20:03:35
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 20:03:23
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 19:58:15
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 19:44:19
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 19:22:53
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 19:03:47
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 18:52:41
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 18:41:47
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 18:11:48
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 17:53:48
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 17:37:44
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 17:00:48
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 16:42:37
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 16:37:45
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 15:51:01
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 15:27:52
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 13:55:31
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 13:52:55
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Sunday, December 01, 2019 13:41:14

Joeymcnew35's avatar
Joeymcnew35
Guide
Jan 13, 2020
I'm getting the same issues with the ddos attacks. Mine are non-stop. This has been going on for just over a month now. I'm about ready to take this back and go back with a Asus Tri-Band router that I had before this. This rax120 is a total mess!
  • nighthawkr's avatar
    nighthawkr
    Tutor
    Jan 13, 2020

    I don't see any dos entries in my recent logs, but I'm watching now.

    • Joeymcnew35's avatar
      Joeymcnew35
      Guide
      Jan 13, 2020
      You'll know the second it starts, all traffic stops and it will restart and possibly a restart loop.
      • avtella's avatar
        avtella
        Prodigy
        Jan 13, 2020
        I usually keep DDoS protection off, even Asus if I recall actually has it off by default. In my experience it’s been mostly false positives and has actually caused reduced performance for all connected clients at times with certain devices active.
    • Joeymcnew35's avatar
      Joeymcnew35
      Guide
      Jan 13, 2020
      Hers a short list from this morning.

      [Internet connected] IP address: 76.248.233.9, Monday, January 13, 2020 06:34:27
      [admin login] from source 10.0.0.5, Monday, January 13, 2020 06:34:25
      [Internet connected] IP address: 76.248.233.9, Monday, January 13, 2020 04:54:25
      [DoS Attack: SYN/ACK Scan] from source: 164.68.120.93, port 80, Monday, January 13, 2020 04:52:53
      [Internet connected] IP address: 76.248.233.9, Monday, January 13, 2020 04:49:25
      [DHCP IP: 10.0.0.11] to MAC address 3c:f0:11:da:c3:d9, Monday, January 13, 2020 04:45:30
      [DoS Attack: ACK Scan] from source: 162.125.19.131, port 443, Monday, January 13, 2020 04:45:15
      [DoS Attack: ACK Scan] from source: 162.125.19.131, port 443, Monday, January 13, 2020 04:44:44
      [Internet connected] IP address: 76.248.233.9, Monday, January 13, 2020 04:44:25
      [DHCP IP: 10.0.0.11] to MAC address 3c:f0:11:da:c3:d9, Monday, January 13, 2020 04:44:16
      [Internet connected] IP address: 76.248.233.9, Monday, January 13, 2020 04:24:25
      [DoS Attack: RST Scan] from source: 113.164.66.16, port 53849, Monday, January 13, 2020 04:22:02
      [DoS Attack: RST Scan] from source: 113.164.66.16, port 53694, Monday, January 13, 2020 04:20:57
      [DoS Attack: RST Scan] from source: 113.164.66.16, port 53691, Monday, January 13, 2020 04:20:57
      [DoS Attack: RST Scan] from source: 113.164.66.16, port 53690, Monday, January 13, 2020 04:20:57
      [Internet connected] IP address: 76.248.233.9, Monday, January 13, 2020 03:29:25
      [DHCP IP: 10.0.0.11] to MAC address 3c:f0:11:da:c3:d9, Monday, January 13, 2020 03:24:28
      [Internet connected] IP address: 76.248.233.9, Monday, January 13, 2020 03:14:25
      [DHCP IP: 10.0.0.14] to MAC address d4:4d:a4:49:d9:b6, Monday, January 13, 2020 03:13:17
      [Internet connected] IP address: 76.248.233.9, Monday, January 13, 2020 02:44:25
      [DoS Attack: SYN/ACK Scan] from source: 43.228.64.68, port 2287, Monday, January 13, 2020 02:41:50
      [Internet connected] IP address: 76.248.233.9, Monday, January 13, 2020 02:29:25
      [DoS Attack: SYN/ACK Scan] from source: 198.13.104.177, port 80, Monday, January 13, 2020 02:24:33
      [Internet connected] IP address: 76.248.233.9, Monday, January 13, 2020 02:19:25
      [DHCP IP: 10.0.0.11] to MAC address 3c:f0:11:da:c3:d9, Monday, January 13, 2020 02:16:42
      [Internet connected] IP address: 76.248.233.9, Monday, January 13, 2020 01:49:25
      [DHCP IP: 10.0.0.11] to MAC address 3c:f0:11:da:c3:d9, Monday, January 13, 2020 01:44:35
      [Internet connected] IP address: 76.248.233.9, Monday, January 13, 2020 01:19:25
      [DHCP IP: 10.0.0.5] to MAC address c6:f3:9b:c6:b7:4f, Monday, January 13, 2020 01:17:17
      [Internet connected] IP address: 76.248.233.9, Monday, January 13, 2020 00:34:23
      [DoS Attack: RST Scan] from source: 109.72.202.24, port 19596, Monday, January 13, 2020 00:29:25
      [Internet connected] IP address: 76.248.233.9, Monday, January 13, 2020 00:29:23
      [DoS Attack: RST Scan] from source: 109.72.202.24, port 19596, Monday, January 13, 2020 00:29:13
      [DoS Attack: RST Scan] from source: 109.72.202.24, port 19596, Monday, January 13, 2020 00:29:07
      [DoS Attack: RST Scan] from source: 109.72.202.24, port 19596, Monday, January 13, 2020 00:29:04
      [Internet connected] IP address: 76.248.233.9, Monday, January 13, 2020 00:19:23
      [DoS Attack: SYN/ACK Scan] from source: 52.220.131.108, port 443, Monday, January 13, 2020 00:17:00
      [Internet connected] IP address: 76.248.233.9, Monday, January 13, 2020 00:09:23
      [DHCP IP: 10.0.0.4] to MAC address dc:54:d7:0e:86:a9, Monday, January 13, 2020 00:09:13
      [Internet connected] IP address: 76.248.233.9, Sunday, January 12, 2020 23:39:22
      [DoS Attack: Ascend Kill] from source: 89.248.168.217, port 34653, Sunday, January 12, 2020 23:37:22
      [Internet connected] IP address: 76.248.233.9, Sunday, January 12, 2020 22:29:19
      [DoS Attack: SYN/ACK Scan] from source: 23.213.96.39, port 443, Sunday, January 12, 2020 22:25:00
      [DoS Attack: SYN/ACK Scan] from source: 23.213.96.39, port 443, Sunday, January 12, 2020 22:24:44
      [Internet connected] IP address: 76.248.233.9, Sunday, January 12, 2020 22:24:19
      [Access Control] Device GALAXYWATCHACTIVE2-CE68 with MAC address C0:DC:DA:E3:9E:69 is allowed, Sunday, January 12, 2020 22:23:39
      [DHCP IP: 10.0.0.10] to MAC address c0:dc:da:e3:9e:69, Sunday, January 12, 2020 22:23:39
      [Internet connected] IP address: 76.248.233.9, Sunday, January 12, 2020 22:19:19
    • Killhippie's avatar
      Killhippie
      Prodigy
      Jan 13, 2020

      Can you check your logs to see if your DoS logs vashih from logging as well? Mine stop getting logged go after abut two days. It would really help getting this fixed at Netgears end as I am trying to sort this out with them.

      • Joeymcnew35's avatar
        Joeymcnew35
        Guide
        Jan 13, 2020
        I would but I cleared them yesterday evening. I'll check back in the logs that's I have from today in a couple of days and get back with you. The attacks have been going almost not stop today.