Hello, With two people now working from home, I have noticed some unusual behaviors/slowdowns in browser response. I'm just learning the basics as far as diagnosing what might be improved and looked into the log on board my AX12. It shows a lot of "DoS Attack: ARP Attack" and "DoS Attack: TCP/UDP Echo" and "DoS Attack: SYN/ACK Scan". I can see the IP addresses associated with these attacks. I'm trying to figure out if these attacks might be the reasons for the change in performance/behavior on my browser and what to do to protect against/reduce/prevent them. Is the first/basic step to block the source IP's? If so, how do I do that?Thank you, Dude

DudeRides wrote:Interesting. I parsed through most of the log from Thursday/Friday and indeed most of the IP addresses were from Charter, but there were a few from China and Indonesia. Rather than blocking IP addresses, should I look for Ports to block?My internet provider is Spectrum (Charter) and had many DOS logged coming from IP within Spectrum. I was using an older firmware version for my router RAX80 1.0.1.56 after I upgraded to the latest 1.0.1.70 the entries went away. I believe the log entries with the older firmware were logged falsely. Because the router was logging the DOS attacks so often it was slowing down my connection. After I upgraded the firmware internet speed has returned to normal & no more DOS attack in the log.

Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing. Search - NETGEAR Communities – DoS attacks Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP. Here is a useful tool for that task: IPNetInfo: Retrieve IP Address Information from WHOIS servers DudeRides wrote: Is the first/basic step to block the source IP's? Not if you want to use those sites.

Interesting. I parsed through most of the log from Thursday/Friday and indeed most of the IP addresses were from Charter, but there were a few from China and Indonesia. Rather than blocking IP addresses, should I look for Ports to block?

DudeRides wrote: Rather than blocking IP addresses, should I look for Ports to block? Up to you.

What tool is used to block IP's or Ports? I can't seem to find anything onboard the router to do so...

Should I Try To Block These IP's?

11 Replies

michaelkenward
Guru - Experienced User
Mar 21, 2020
Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.

Search - NETGEAR Communities – DoS attacks

Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.

Here is a useful tool for that task:

IPNetInfo: Retrieve IP Address Information from WHOIS servers

DudeRides wrote:

Is the first/basic step to block the source IP's?

Not if you want to use those sites.
- DudeRides
  Aspirant
  Mar 21, 2020
  Interesting. I parsed through most of the log from Thursday/Friday and indeed most of the IP addresses were from Charter, but there were a few from China and Indonesia.
  
  Rather than blocking IP addresses, should I look for Ports to block?
  - michaelkenward
    Guru - Experienced User
    Mar 21, 2020
    DudeRides wrote:
    
    Rather than blocking IP addresses, should I look for Ports to block?
    
    Up to you.

Forum Discussion

Should I Try To Block These IP's?