NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
brado77
Nov 30, 2022Star
Trying to understand nature of "DoS attack: RST Scan" log messages
Disclaimer: I am a security engineer, so my questions which follow are not to understand what a DoS attack or RST scan are; I know what those are -- I'm trying to understand the behavior of my router...
Muddy_Street
Mar 13, 2024Aspirant
Hi. RAX54S-100NAS router here.
RE the DoS Fraggle attack, it would seem reporting this - maybe spuriously - is a Netgear firmware "feature", as this thread (above) seems to indicate.
After being forced to reset the password twice in conversation with Netgear support, I got on the phone with the ISP, Xfinity/Comcast because the "attack" origins were within their network. They didn't see anything going on (1-1/2 hours on the phone with network engineers following traffic, I think). Xfinity/Comcast folks said tentatively that it was likely router-related. So I took the advice of micro8 (above in this thread I think), went into the Advanced/Security/Log page, and un-checked the box for DoS. No problems logging in or otherwise any more. Also, maybe relevant, I set for login via https only.
Hope this helps . . .
michaelkenward
Mar 13, 2024Guru - Experienced User
Muddy_Street wrote:
Also, maybe relevant, I set for login via https only.
Be careful. This has been known to cause chaos.
You can lose access from other systems and devices.
I forget the exact details – must experiment – but we have had reports of people turning up here in panic. Solved by turning off that setting.
Disabling logs of DoS Attacks is generally enough.
Newer routers, and firmware updates to some older devices. seem to have squished this persistent bug.