AC1750 c6300v2 DoS Flood Attack to Internal Port IP

Question

At the subject says, I see reports of DoS Flood Attacks in the logs to the internal port IP address. Now I don't have any issues with connection or anything except for when it comes to me attempting to stream on Twitch. I have the internet speeds to do so yet it doesn't seem to work properly like it did when I first had the new router installed less than a year ago. I contacted our ISP and they claim that

A. They cannot change our ISP as they are locked out of the router

B. There is no noise on the line

C. Testing shows the speeds we should have without issues

I don't know what to do here and can use some guidance. Also attaching an image of the cable connections because after looking through some old posts it's typically requested.

Any help would be appreciated, and the sooner the better.

microchip8 · Answer

NETGEAR's DoS protection is highly flawed and known to block and generate many false positives, even from your own local network and devices. If you look up IPs from the logs, many will be legitimate ones coming from MS, Apple, Amazon, etc for example.

Disabling DoS protection might solve your issue. Trust me, after years of experience of running without DoS protection on various NETGEAR routers, you're not missing much. If you keep DoS protection on, most of the times you'll get a false sense of security or "protection" as only a percent or two are legitimate.

AshesofJames · Answer

Posting an image of a portion of the logs as well for reference if needed.

michaelkenward · Answer

microchip8&nbsp;wrote:
If you look up IPs from the logs, many will be legitimate ones coming from MS, Apple, Amazon, etc for example.

Sound advice. Here's a tool that makes it easy to conform that those logs show events that are, in the words of the HHGTTG mostly harmless.
&nbsp;
IPNetInfo: Retrieve IP Address Information from WHOIS servers

AshesofJames · Answer

That doesn't explain why my attempts to stream suffer though, especially when I had zero issue for the first months the router was installed. Any ideas on what that could be or what else I can do if the DoS attacks are false positives?

michaelkenward · Answer

AshesofJames&nbsp;wrote:
Any ideas on what that could be or what else I can do if the DoS attacks are false positives?

Disable the logging? Also disable traffic measuring and anything else that uses processor power.
&nbsp;
Maybe that is gobbling up processing power in the router. (I am told this is a bonkers suggestion.)
&nbsp;
You were the one who suggested that this could be down to DoS Attacks.
&nbsp;
microchip8 gave you an answer based on your theory.
&nbsp;
It is easy to blame the router for anything and everything that happens on your network. I would look elsewhere for things that might cause the streaming problem.
&nbsp;
As the only time you see problems is when you try to stream on Twitch, I'd look there for solutions. Nothing else in your description points to a problem with your router.
&nbsp;
Here are some details that could help to diagnose the problem.
&nbsp;
What firmware version do you have on the device? A number is more useful than "the latest". (It may not be by the time people read this.) There can also be newer versions, or "hot fixes", that do not show up if you check for new firmware in the browser interface.It might also help if you told people what the modem is in front of this router, if there is one. The make and model number could be useful. Is it, by any chance, also a router, with a set of LAN ports on the back?The reason for asking is that a lot of people turn up here trying to put a router behind a modem that is also a router. That can complicate troubleshooting.

Forum Discussion

AC1750 c6300v2 DoS Flood Attack to Internal Port IP

5 Replies