NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
NetGear Router experiencing DOS Attacks and keeps dropping WiFi
I have an old Netgear router, WNR1000v2. I've updated its firmware to V1.1.2.54, which according to it is the latest update. For a few months now, I've been experiencing my internet connections dropping significantly. I've found myself having to constantly reboot the router to fix this issue, but it keeps happening anyway.
I've looked into the router and found an unusual number of strange things:
- In Attached Devices, I sometimes see 1 or 2 <unknown> devices. I know they're not my phone or TV as those show up separately and labeled with the names I gave them, and I have nothing else that could be accessing them. These unknown devices have no name and just show up randomly.
- My Logs in the router have shown a number of DOS attacks happening from different IP addresses: before anyone says these are "false reports", I've looked at the Whois information on some of these IPs already and found that a lot of of them have been reported elsewhere as malicious and not from places such as Microsoft. I don't recognize any of them and have no idea if they're trying to access my network or DOS me (log from today under the spoiler):
Spoiler
[DoS Attack: ACK Scan] from source: 52.96.166.149, port 5969, Saturday, October 07, 2023 11:42:47
[DoS Attack: WinNuke Attack] from source: 94.181.190.91, port 11523, Saturday, October 07, 2023 11:34:04
[DoS Attack: ACK Scan] from source: 52.96.18.178, port 443, Saturday, October 07, 2023 11:33:13
[DoS Attack: ACK Scan] from source: 5.252.102.178, port 3389, Saturday, October 07, 2023 11:25:54
[DoS Attack: ACK Scan] from source: 185.224.128.184, port 27167, Saturday, October 07, 2023 10:55:48
[DoS Attack: WinNuke Attack] from source: 128.75.107.113, port 13964, Saturday, October 07, 2023 10:42:16
[DoS Attack: TCP/UDP Chargen] from source: 162.142.125.83, port 10973, Saturday, October 07, 2023 10:34:34
[DoS Attack: NULL Scan] from source: 37.153.55.62, port 1457, Saturday, October 07, 2023 10:15:36
[DoS Attack: ACK Scan] from source: 74.114.154.22, port 443, Saturday, October 07, 2023 08:45:24
[DoS Attack: RST Scan] from source: 31.220.0.10, port 80, Saturday, October 07, 2023 07:45:05
[DoS Attack: ACK Scan] from source: 185.224.128.184, port 1649, Saturday, October 07, 2023 06:48:01
[DoS Attack: TCP/UDP Chargen] from source: 146.88.241.170, port 49330, Saturday, October 07, 2023 06:36:32
[DoS Attack: RST Scan] from source: 122.254.73.7, port 8080, Saturday, October 07, 2023 06:03:24
[DoS Attack: RST Scan] from source: 103.243.174.93, port 25565, Saturday, October 07, 2023 05:29:06
[DoS Attack: ACK Scan] from source: 23.225.151.165, port 80, Saturday, October 07, 2023 05:25:43
[DoS Attack: ACK Scan] from source: 23.26.121.15, port 22, Saturday, October 07, 2023 04:55:43
[DoS Attack: RST Scan] from source: 212.129.58.219, port 4527, Saturday, October 07, 2023 04:28:41
[DoS Attack: WinNuke Attack] from source: 94.181.190.91, port 13070, Saturday, October 07, 2023 03:16:44
[DoS Attack: ACK Scan] from source: 52.96.104.194, port 443, Saturday, October 07, 2023 02:55:27
[DoS Attack: ACK Scan] from source: 185.224.128.184, port 3429, Saturday, October 07, 2023 02:42:41
[DoS Attack: WinNuke Attack] from source: 94.181.190.91, port 11523, Saturday, October 07, 2023 11:34:04
[DoS Attack: ACK Scan] from source: 52.96.18.178, port 443, Saturday, October 07, 2023 11:33:13
[DoS Attack: ACK Scan] from source: 5.252.102.178, port 3389, Saturday, October 07, 2023 11:25:54
[DoS Attack: ACK Scan] from source: 185.224.128.184, port 27167, Saturday, October 07, 2023 10:55:48
[DoS Attack: WinNuke Attack] from source: 128.75.107.113, port 13964, Saturday, October 07, 2023 10:42:16
[DoS Attack: TCP/UDP Chargen] from source: 162.142.125.83, port 10973, Saturday, October 07, 2023 10:34:34
[DoS Attack: NULL Scan] from source: 37.153.55.62, port 1457, Saturday, October 07, 2023 10:15:36
[DoS Attack: ACK Scan] from source: 74.114.154.22, port 443, Saturday, October 07, 2023 08:45:24
[DoS Attack: RST Scan] from source: 31.220.0.10, port 80, Saturday, October 07, 2023 07:45:05
[DoS Attack: ACK Scan] from source: 185.224.128.184, port 1649, Saturday, October 07, 2023 06:48:01
[DoS Attack: TCP/UDP Chargen] from source: 146.88.241.170, port 49330, Saturday, October 07, 2023 06:36:32
[DoS Attack: RST Scan] from source: 122.254.73.7, port 8080, Saturday, October 07, 2023 06:03:24
[DoS Attack: RST Scan] from source: 103.243.174.93, port 25565, Saturday, October 07, 2023 05:29:06
[DoS Attack: ACK Scan] from source: 23.225.151.165, port 80, Saturday, October 07, 2023 05:25:43
[DoS Attack: ACK Scan] from source: 23.26.121.15, port 22, Saturday, October 07, 2023 04:55:43
[DoS Attack: RST Scan] from source: 212.129.58.219, port 4527, Saturday, October 07, 2023 04:28:41
[DoS Attack: WinNuke Attack] from source: 94.181.190.91, port 13070, Saturday, October 07, 2023 03:16:44
[DoS Attack: ACK Scan] from source: 52.96.104.194, port 443, Saturday, October 07, 2023 02:55:27
[DoS Attack: ACK Scan] from source: 185.224.128.184, port 3429, Saturday, October 07, 2023 02:42:41
I'm not sure whether these are the cause of my internet dropping or not. I've been thinking of contacting my internet provider and seeing if there's anything that could be done such as changing my IP address, drop them for a different provider, or get an entirely new router (of which, I'm not sure what would be a better replacement.)
Some help to clarify and resolve these issues would be very much appreciated.
3 Replies
Illiannas wrote:
I have an old Netgear router, WNR1000v2.
"Older" is one way of putting it.
That router dates back to 2009. I fear that you won't get much support for a "teenage" router.
Are you asking Netgear to provide updates to protect you from all those new nasties? A lot has changed in network technology since then.
Anyone worried about their security might like to investigate newer devices that don't rely on ancient standards.
I've been thinking of contacting my internet provider and seeing if there's anything that could be done such as changing my IP address, drop them for a different provider, or get an entirely new router (of which, I'm not sure what would be a better replacement.)Might be a good start. They could advise you on the safety of your fossil equipment.
On your DOS Attacks, this is a useful tool:
IPNetInfo: Retrieve IP Address Information from WHOIS servers (nirsoft.net)
If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. (No surprise given its age.) Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world, although that may not apply to something that old.
Yes I know. There's supposedly still an updates page for this router along with a download update, unless that won't do anything.
I'm asking for information and help on what to do, because I haven't had issues like this until recently. If a newer router is the better option, what would be the best replacement for this one? Would newer routers be incompatible with older Windows computers? (got an older one and newer one in my household)I'm a bit hesitant on contacting my internet provider since they don't own this router and will more often than not charge me more if they offer their own stuff.
I'm not sure why you're linking me to this tool for the DOS attacks, I already looked up the info on them and which ones are an issue. I doubt disabling the logging of the attacks would solve anything other than just keeping them out of sight and out of mind which isn't a real solution.
Illiannas wrote:
I'm asking for information and help on what to do....
With a router that has pretty well the slowest wifi ever made, "Up to 150 Mbps", and LAN and WAN connections limited to 100 Mbps, along with security settings from four or five generations ago, I'd say the time has come to send this router to the local recycling centre.
There's supposedly still an updates page for this router along with a download update, unless that won't do anything.What does "unless that won't do anything" mean?
The release notes say what you can expect of the latest firmware update:
WNR1000v2 Firmware Version 1.1.2.60 (North America) - NETGEAR Support
If a newer router is the better option, what would be the best replacement for this one? Would newer routers be incompatible with older Windows computers? (got an older one and newer one in my household)Routers do not care about the age of your Windows PCs. They don't even need a PC to do their thing. Newer ones even try to push users on to mobile apps to manage routers.
As to which router to buy, it is down to what you want to do with it and your local circumstances.
Try plugging your needs into the filters on the product pages:
Wireless Routers for Home | NETGEAR
Then check back here for reports on the things you are considering, but remember that people turn up in this community with problems, not compliments. So look at reviews on Amazon, for example.
I doubt disabling the logging of the attacks would solve anything other than just keeping them out of sight and out of mind which isn't a real solution.It depends on how paranoid you are and how seriously you take those reports. (They are telling you about things that the router blocked.) Most experienced users have better things to worry about. Then again, few of them rely on hardware from 2009.
I'm not sure why you're linking me to this tool for the DOS attacks, I already looked up the info on them and which ones are an issue.That is a useful tool for anyone worried about these reports. Much better than check IP addresses one at a time.
You aren't the only one here, so we try to provide replies that means something to other people who may turn up with similar concerns.
