NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

OtBe's avatar
OtBe
Aspirant
Nov 21, 2023

RAX20 - DoS attacks (ACK & RST Scans) a couple days after getting new modem from ISP.

For the last couple weeks this has been happening a couple times a day, usually in the morning & then again @ night & tho I've never lost connection, I cannot access the router page (www.routerlogin.net) til I power cycle the router & a few times when trying to access said web address it would send me to another Netgear site? (see attached screenshot)

 

Suffice to say, I have another modem coming even tho this one is barely 2 weeks old & all my devices scan clean of any malware or anything else & are securely locked down, suggestions as to what else I can do to prevent this happening in the future & remedy this for good in the present?

 

All the IPs that are supposedly scanning me from what I've looked up on Whois.net say they're linked to Google, Amazon, Facebook, etc.. which I highly doubt & someone/thing likely just spoofing those IP addresses to hide behind.

2 Replies

Sort By
  • michaelkenward's avatar
    michaelkenward
    Guru
    Nov 21, 2023
    OtBe wrote:

    For the last couple weeks this has been happening a couple times a day, usually in the morning & then again @ night & tho I've never lost connection, I cannot access the router page (www.routerlogin.net) til I power cycle the router & a few times when trying to access said web address it would send me to another Netgear site? (see attached screenshot)

     

    You mention a new  modem in the subject. What is it?

     

    www.routerlogin.net is not a Netgear site. It is the graphical user interface (GUI) for your router. If there is something else on the network that can get in the way of the router's attempt so get to that address. The most common block is a modem that also contains a router.

     

    ...someone/thing likely just spoofing those IP addresses to hide behind.

     

    Not really. This is a well known "feature" of Netgear's routers.

     

    Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.

     

    Search - NETGEAR Communities – DoS attacks

     

    As you have discovered, you can use Whois.net to see who is behind some of them. Mostly they are from places like Facebook, Google, even your ISP.

     

     

    • Topology's avatar
      Topology
      Virtuoso
      Nov 21, 2023

      OtBe, are you using NETGEAR Armor, which provides DoS and DDoS protection (see here)?