NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DoS Attacks from Level 3 Parent, LLC
Hello, For a while now i've been getting DoS Flooding attack from [DoS attack] ICMP Flood from 4.71.251.139 and another one from 35.181.49.150... and more. I run who's on both iP's and comes up a...
Ale-Bun wrote:For a while now i've been getting DoS Flooding attack from [DoS attack] ICMP Flood from 4.71.251.139 and another one from 35.181.49.150... and more. I run who's on both iP's and comes up as Level 3 Parents, LLC (Century link) and Amazon Technologies Inc. I've also checked the devices connected to the router and only the devices i own are listed. I don't have CenturyLink service or Amazon.
The important question is "how are you informed about these events?" Is it from the router log file?
Once any device is connected to the internet, there are gazillions of folks out there who will probe the public IP address. At my last job, we would log millions of "attacks" every day. My own Orbi logs several hundred every day. The point is that the router has identified and blocked these attempts to connect. If seeing the log entries is concerning, there is probably an option to turn off the logging. If your ISP gives you a new IP address, that IP will be probed immediately.
There have been several commentators on the forum who sincerely believe that the Netgear firmware mid-identifies things as "attacks" that are not. (I have no opinion on this, as I am not concerned about them.)
For additional peace of mind, it might be useful to post in the Netgear community forum for the product (C6300), rather than in this Orbi forum. Many "vulnerable" products have updated firmware.
Countless devices and applications connect to Amazon Web Services, which is only one of dozens of "clouds". (It would be a serious effort to count how many "clouds" my house is connected to.) You may not have an Amazon "device" in your house, but you could have something that "talks to Amazon".
CrimpOn wrote:
Ale-Bun wrote:For a while now i've been getting DoS Flooding attack from [DoS attack] ICMP Flood from 4.71.251.139 and another one from 35.181.49.150... and more. I run who's on both iP's and comes up as Level 3 Parents, LLC (Century link) and Amazon Technologies Inc. I've also checked the devices connected to the router and only the devices i own are listed. I don't have CenturyLink service or Amazon.
The important question is "how are you informed about these events?" Is it from the router log file?
Once any device is connected to the internet, there are gazillions of folks out there who will probe the public IP address. At my last job, we would log millions of "attacks" every day. My own Orbi logs several hundred every day. The point is that the router has identified and blocked these attempts to connect. If seeing the log entries is concerning, there is probably an option to turn off the logging. If your ISP gives you a new IP address, that IP will be probed immediately.
There have been several commentators on the forum who sincerely believe that the Netgear firmware mid-identifies things as "attacks" that are not. (I have no opinion on this, as I am not concerned about them.)
For additional peace of mind, it might be useful to post in the Netgear community forum for the product (C6300), rather than in this Orbi forum. Many "vulnerable" products have updated firmware.
Countless devices and applications connect to Amazon Web Services, which is only one of dozens of "clouds". (It would be a serious effort to count how many "clouds" my house is connected to.) You may not have an Amazon "device" in your house, but you could have something that "talks to Amazon".
CrimpOnI check the router at times to see if its up to date or not and also see log files. To answer how i was informed, that is part of the router log file.
As for dismissing as fake report by the router, i did see that a lot in different places online and would be good to confirm from Netgear.