NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

DudeRides's avatar
DudeRides
Aspirant
Mar 20, 2020

Should I Try To Block These IP's?

Hello,   With two people now working from home, I have noticed some unusual behaviors/slowdowns in browser response. I'm just learning the basics as far as diagnosing what might be improved and loo...
michaelkenward's avatar
michaelkenward
Guru - Experienced User
Mar 21, 2020

Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.

 

Search - NETGEAR Communities – DoS attacks

 

Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.

 

Here is a useful tool for that task:

 

IPNetInfo: Retrieve IP Address Information from WHOIS servers

 

DudeRides wrote:

 

Is the first/basic step to block the source IP's?

 

Not if you want to use those sites.

 

  • DudeRides's avatar
    DudeRides
    Aspirant
    Mar 21, 2020

    Interesting. I parsed through most of the log from Thursday/Friday and indeed most of the IP addresses were from Charter, but there were a few from China and Indonesia.

     

    Rather than blocking IP addresses, should I look for Ports to block?

    • michaelkenward's avatar
      michaelkenward
      Guru - Experienced User
      Mar 21, 2020
      DudeRides wrote:

       

      Rather than blocking IP addresses, should I look for Ports to block?

      Up to you.

       

       

       

       

      • DudeRides's avatar
        DudeRides
        Aspirant
        Mar 21, 2020

        What tool is used to block IP's or Ports? I can't seem to find anything onboard the router to do so...

    • SAM_the_GAM's avatar
      SAM_the_GAM
      Luminary
      Mar 22, 2020
      DudeRides wrote:

      Interesting. I parsed through most of the log from Thursday/Friday and indeed most of the IP addresses were from Charter, but there were a few from China and Indonesia.

       

      Rather than blocking IP addresses, should I look for Ports to block?

      My internet provider is Spectrum (Charter) and had many DOS logged coming from IP within Spectrum. I was using an older firmware version for my router RAX80 1.0.1.56 after I upgraded to the latest 1.0.1.70 the entries went away. I believe the log entries with the older firmware were logged falsely. Because the router was logging the DOS attacks so often it was slowing down my connection. After I upgraded the firmware internet speed has returned to normal & no more DOS attack in the log. 

      • michaelkenward's avatar
        michaelkenward
        Guru - Experienced User
        Mar 22, 2020
        SAM_the_GAM wrote:

        I believe the log entries with the older firmware were logged falsely.

        Yup. That's what I said earlier, but  it didn't seem to satisfy DudeRides.

         

        Thanks for providing concrete evidence with related hardware.