NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

ShyHigh420's avatar
ShyHigh420
Aspirant
Nov 14, 2023
Solved

RAX35

Got a dos attack on this router had to manually block the services port 67 and not 443 since that is dhcp and IP. So if anybody has any issues I suggest you check your logs and see if you have any ip...
  • ShyHigh420's avatar
    ShyHigh420
    Nov 15, 2023

    ok so I went with your option and did a whois and is was my isp abusing a port and sending dos attack: fraggle attacks so I ended up copying the logs to send to comcast on this website https://internetsecurity.xfinity.com/help/report-abuse they mitigated the issue now thanks for your help much appreciated

     

Muddy_Street's avatar
Muddy_Street
Aspirant
Mar 03, 2024

Hello.

 

How do I stop logging of these Fraggle attacks?

Can I put a specific IP Address on a blacklist on the router? (Tried to today in Advanced/Security/Block Services for User Defined/UDP/67/67/Only this address 96.120.100.241 and get error "Invalid user defined service type.")

 

My router is actually a RAX54S-100NAS. Same problem with DoS Fraggle showing up in logs.

[admin login] from source 192.168.1.8, Saturday, Mar 02, 2024 15:17:51
[DoS attack: Fraggle Attack] from source 96.120.100.241,port 67 Saturday, Mar 02, 2024 15:12:27
[DoS attack: Fraggle Attack] from source 96.120.100.241,port 67 Saturday, Mar 02, 2024 15:02:25
[DoS attack: Fraggle Attack] from source 96.120.100.241,port 67 Saturday, Mar 02, 2024 14:52:12
[DoS attack: Fraggle Attack] from source 96.120.100.241,port 67 Saturday, Mar 02, 2024 14:41:19

My ISP is Comcast/Xfinity, 96.120.100.241 is a Comcast-owned IP address geographically close to me.

 

I spent >4 hours back and forth in chats and on the phone with Xfinity Inet Security Team folks yesterday trying to sort this. They finally told me to buy a newer "gamer router" to solve the problem. I did wonder yesterday if this logging behavior was a Netgear firmware "feature", and on further research today, that would seem to be probable cause in this case.

 

I'm disappointed to find this is a years long ongoing issue with Netgear firmware never resolved.

 

  • microchip8's avatar
    microchip8
    Master
    Mar 03, 2024
    As mentioned, these are most likely false positives and harmless. Block Services is only for local IPs, not public ones you get from ISP. Disable DoS protection, you're not missing anything. If you don't want to, disable loging of DoS
    • Muddy_Street's avatar
      Muddy_Street
      Aspirant
      Mar 03, 2024

      Yes will do - thanks very much. While messing around, I have not seen the way to stop logging specific events, and not much in the USM pointing the way. New to NG products. If you have specific knowledge of the procedure, please share.

       

      [EDIT 13:06 - logged in, found the check boxes for items to log or not on /Advanced/Administration/Logs, scroll down]

       

      BTW, just finished reading through

      Trying to understand nature of "DoS attack: RST Sc...

      Great conversation, thanks for the time involved.