NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Trying to understand nature of "DoS attack: RST Scan" log messages
Disclaimer: I am a security engineer, so my questions which follow are not to understand what a DoS attack or RST scan are; I know what those are -- I'm trying to understand the behavior of my router...
NETGEAR routers are famosly known for generating false DoS entries, even from your local devices. 98% of these can be discarded as they're false positives. It's a broken system. If you suspect an entry is valid, you can look up its IP. NG also reports attacks from your own devices and ISP. I wouldn't trust that system ever, unless they completely fix/rewrite it.
As these DoS attacks slow down the router by requiring processing (blocking) and logging, it's best to either disable logging or if that is not enough completely disable DoS protection - you're not missing much. I run 8 years without DoS protection and have yet to experience something disturbing/malicious/etc
As these DoS attacks slow down the router by requiring processing (blocking) and logging, it's best to either disable logging or if that is not enough completely disable DoS protection - you're not missing much. I run 8 years without DoS protection and have yet to experience something disturbing/malicious/etc
microchip8 thanks for the reply. Yeah, you are probably right. My gut says these are all misunderstandings of network traffic passing through the router. The fact that there doesn’t seem to be the ability to look into the raw data triggering these log entries is kind of a tip-off that there really isn’t an intent to provide any further diagnosis of the problem. It’s kind of a “trust us, this is happening” and even if it is, there’s nothing to do about it.
I’m going to dig a little further, and see what I can find. Then consider what to do next.
thanks again for your response.
