NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

So_tired's avatar
So_tired
Guide
Jul 25, 2025
Solved

TCP SYN Flooding on RAX54v2 Router, Please help!

Hello all, i REALLY need help with stopping massive TCP SYN Floods to my home router.   What has happened thus far:   I got this router about 2 months ago ,(upgrading from a very old TP-link whic...
rax54
  • FURRYe38's avatar
    FURRYe38
    Aug 06, 2025

    OK so updated my RAX50v2 to recent FW version. 
    Factory reset and setup from scratch. 

    CAX80 in modem mode.

    PE is enabled by default. Testing with it enabled and disabled:

    PE Enabled:

     

    PE Disabled:

    I Noticed that the testing site was being reported as flooding the logs:

    [admin login] from source 192.168.1.2, Wednesday, Aug 06, 2025 15:39:37
    [admin login] from source 192.168.1.2, Wednesday, Aug 06, 2025 15:39:33
    [DoS attack: TCP SYN Flood] from source 4.79.142.206,port 45743 Wednesday, Aug 06, 2025 15:39:03

     

    After I logged in at 15:39 and disabled PE and re-tested again after that, logs didn't report any flooding from the test site. 

     

    I recommend that after you disable PE and re-test, have your ISP give you a new WAN IP address as I presume some nefarious items may have a target for that WAN IP address. Once you have PE disabled and a new WAN IP address, I'm hoping you shouldn't see issues continue. 

FURRYe38's avatar
FURRYe38
Guru - Experienced User
Jul 31, 2025

What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

 

Have you done a whois look up on that IP address to see where it maybe coming from? 

 

Do you see Protection Engine feature on the routers web page at all? Under Advanced Tab/Security? 

So_tired​ 

  • So_tired's avatar
    So_tired
    Guide
    Aug 01, 2025

    Firmwear for router is current.

    I do not use my ISPs router/gateway/modem. I bought mine.

     

    My current router is the RAX54v2.

     

    Yes, one of them was from Chins, another Korea.

     

    Yes, I have Protection Engin active.

    I also have the DoS protection active too and I also have Armor activated.

     

    I think ill just get a new modem to see if that fixes it... 

     

    My modem is a MC600 Netgear from 2013 >_<.

     

  • So_tired's avatar
    So_tired
    Guide
    Aug 01, 2025

    I ended up going to best buy and getting a Netgear Nighthawk CM2500 mid/high split.

     

    Set it up.

    Getting stupid fast speeds, no drops BUT I am STILL getting "TCP SYN flood" s -_-

     

    At least now when it happens it barely blips my internet. The floods only happen on large numbered ports now it seems...

    From 3000-6000+ ports.

     

    I also un plugged everything for hours today and re-plugged everything in. Got a new IP (still local...) so that did not work, again lol

     

    I ran ShieldsUP! Again and it said all of my major ports are stealthed but ALL of the other ports (except 0-127,135-139, and 445)  are not, they are all closed. Ill show a pic.

     

    At this point, should I even worry if they are only flooding the big ports? Am i in any danger?

    Still no way to stop this?

    • FURRYe38's avatar
      FURRYe38
      Guru - Experienced User
      Aug 01, 2025

      Disable Protection engine on the Router then re-test SheildsUP! 

       

      Make sure when testing, that you test with one ethernet connected PC and ALL other ethernet connected devices are disconnected from the router and temporary disable the wifi radios on the router before testing.