Hello, With two people now working from home, I have noticed some unusual behaviors/slowdowns in browser response. I'm just learning the basics as far as diagnosing what might be improved and looked into the log on board my AX12. It shows a lot of "DoS Attack: ARP Attack" and "DoS Attack: TCP/UDP Echo" and "DoS Attack: SYN/ACK Scan". I can see the IP addresses associated with these attacks. I'm trying to figure out if these attacks might be the reasons for the change in performance/behavior on my browser and what to do to protect against/reduce/prevent them. Is the first/basic step to block the source IP's? If so, how do I do that?Thank you, Dude

DudeRides wrote:Interesting. I parsed through most of the log from Thursday/Friday and indeed most of the IP addresses were from Charter, but there were a few from China and Indonesia. Rather than blocking IP addresses, should I look for Ports to block?My internet provider is Spectrum (Charter) and had many DOS logged coming from IP within Spectrum. I was using an older firmware version for my router RAX80 1.0.1.56 after I upgraded to the latest 1.0.1.70 the entries went away. I believe the log entries with the older firmware were logged falsely. Because the router was logging the DOS attacks so often it was slowing down my connection. After I upgraded the firmware internet speed has returned to normal & no more DOS attack in the log.

Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing. Search - NETGEAR Communities – DoS attacks Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP. Here is a useful tool for that task: IPNetInfo: Retrieve IP Address Information from WHOIS servers DudeRides wrote: Is the first/basic step to block the source IP's? Not if you want to use those sites.

Interesting. I parsed through most of the log from Thursday/Friday and indeed most of the IP addresses were from Charter, but there were a few from China and Indonesia. Rather than blocking IP addresses, should I look for Ports to block?

DudeRides wrote: Rather than blocking IP addresses, should I look for Ports to block? Up to you.

What tool is used to block IP's or Ports? I can't seem to find anything onboard the router to do so...

Should I Try To Block These IP's?

11 Replies

michaelkenward
Guru
Mar 21, 2020
Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.

Search - NETGEAR Communities – DoS attacks

Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.

Here is a useful tool for that task:

IPNetInfo: Retrieve IP Address Information from WHOIS servers

DudeRides wrote:

Is the first/basic step to block the source IP's?

Not if you want to use those sites.
- DudeRides
  Aspirant
  Mar 21, 2020
  Interesting. I parsed through most of the log from Thursday/Friday and indeed most of the IP addresses were from Charter, but there were a few from China and Indonesia.
  
  Rather than blocking IP addresses, should I look for Ports to block?
  - michaelkenward
    Guru
    Mar 21, 2020
    DudeRides wrote:
    
    Rather than blocking IP addresses, should I look for Ports to block?
    
    Up to you.

Forum Discussion

Should I Try To Block These IP's?