NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
RAX200 - DDOS Attacks - A LOT of them...
I'm getting tons of DDOS attacks, ack, fraggle, smurf, etc.. I "think" its from my PoE Ring doorbell elite which is hardwire connected via my netgear PoE switch which is connected to my RAX200 router. Every 1-3 minutes 5-9 entries are logged in with or without doorbell activity other than the constant connected PoE, of course. The ring site says they use port 80 and 443 and I'm told they use AWS (Amazon services) so there could be hundreds of IPs.....Anyone give some guidance? Truly attacks or just the way netgear reports it?
DoS attack: ACK Scan] from source 172.217.10.131,port 80 Thursday, Dec 05,2019 12:14:28
[DoS attack: ACK Scan] from source 172.217.3.106,port 443 Thursday, Dec 05,2019 12:14:00
[DoS attack: ACK Scan] from source 173.194.68.188,port 5228 Thursday, Dec 05,2019 12:12:49
[DoS attack: ACK Scan] from source 13.225.66.99,port 443 Thursday, Dec 05,2019 12:12:33
[DoS attack: ACK Scan] from source 172.217.12.132,port 443 Thursday, Dec 05,2019 12:12:11
[DoS attack: ACK Scan] from source 172.217.10.131,port 80 Thursday, Dec 05,2019 12:12:11
[DoS attack: ACK Scan] from source 172.217.12.132,port 443
Netgear is great at creating false reports of DoS attacks. Many of them are no such thing.
Search - NETGEAR Communities – DoS attacks
Just use whois to see who is behind some of them. You may find that they are from places like Facebook, Google, even your ISP.
Here is a useful tool for that task:
IPNetInfo: Retrieve IP Address Information from WHOIS servers
Your attacks are from places you may recognise – Google and Amazon.
3 Replies
Netgear is great at creating false reports of DoS attacks. Many of them are no such thing.
Search - NETGEAR Communities – DoS attacks
Just use whois to see who is behind some of them. You may find that they are from places like Facebook, Google, even your ISP.
Here is a useful tool for that task:
IPNetInfo: Retrieve IP Address Information from WHOIS servers
Your attacks are from places you may recognise – Google and Amazon.
Thanks for the reply. Yes, I have been using whois to try to ID, most are google with no other info. There are a few from Apple, Akamai (PS4?) and a few Amazon.... But the 172.xxx.xx.xx I get 9 or so hits every couple minutes. Its a bit un-nerving.
There has been a lot of chat about this lately, with some confused messages.
You can turn off that bit of logging, or you can just live with it. The point is that the router is blocking stuff that should not get through.
Turning off logging can help to deal with stability problems if there are so many log entries that the processor gets overworked and slows down when doing it normal work.