NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Ack scan / WinNuke attacks
Since netgear support is completely useless unless you want to pay $30 extra, I’ve decided to seek help from “other customers”.
I’ve been having split second disconnects very frustrating because it will interrupt loading web pages, live streams, video game connections, etc.
Here are my router logs:
[DoS attack: ACK Scan] from source: 104.43.195.200:443 Monday, February 28,2022 18:42:02
[DoS attack: ACK Scan] from source: 69.192.208.23:443 Monday, February 28,2022 18:40:51
[UPnP set event:AddPortMapping] from source 192.168.1.2 Monday, February 28,2022 18:36:08
[DHCP IP: (192.168.1.2)] to MAC address E4:2A:AC:36:B7:88 Monday, February 28,2022 18:36:05
[admin login] from source 192.168.1.3 Monday, February 28,2022 18:32:30
[DHCP IP: (192.168.1.3)] to MAC address B2:0D:4A:F7:09:35 Monday, February 28,2022 18:24:44
[DoS attack: ACK Scan] from source: 103.155.85.10:443 Monday, February 28,2022 18:09:10
[DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 18:06:35
[DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 18:05:08
[DoS attack: ACK Scan] from source: 212.11.155.166:443 Monday, February 28,2022 18:04:15
[DoS attack: ACK Scan] from source: 158.233.249.231:443 Monday, February 28,2022 18:00:49
[DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 17:57:55
[DoS attack: ACK Scan] from source: 158.233.249.230:443 Monday, February 28,2022 17:48:29
[DoS attack: ACK Scan] from source: 158.233.249.230:443 Monday, February 28,2022 17:42:29
[DoS attack: ACK Scan] from source: 212.11.155.166:443 Monday, February 28,2022 17:41:22
[DoS attack: ACK Scan] from source: 212.11.155.166:443 Monday, February 28,2022 17:40:35
[DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 17:36:16
[DHCP IP: (192.168.1.3)] to MAC address B2:0D:4A:F7:09:35 Monday, February 28,2022 17:34:40
[DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 17:34:25
[DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 17:32:25
[DoS attack: ACK Scan] from source: 125.65.173.231:44147 Monday, February 28,2022 17:28:00
[DHCP IP: (192.168.1.3)] to MAC address B2:0D:4A:F7:09:35 Monday, February 28,2022 17:05:13
[DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 16:57:22
[DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 16:51:48
[DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 16:49:01
[DoS attack: ACK Scan] from source: 103.155.85.10:443 Monday, February 28,2022 16:34:48
[DoS attack: ACK Scan] from source: 103.155.85.10:443 Monday, February 28,2022 16:20:57
[DoS attack: ACK Scan] from source: 146.59.10.143:27015 Monday, February 28,2022 16:17:13
[DoS attack: ACK Scan] from source: 158.233.249.230:443 Monday, February 28,2022 15:56:45
[DoS attack: ACK Scan] from source: 103.155.85.10:443 Monday, February 28,2022 15:34:11
[DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 15:30:21
[DoS attack: ACK Scan] from source: 158.233.249.231:443 Monday, February 28,2022 15:27:41
[DoS attack: ACK Scan] from source: 103.155.85.10:443 Monday, February 28,2022 15:13:40
[DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 15:11:21
[DoS attack: TCP Port Scan] from source: 94.102.49.97:58711 Monday, February 28,2022 15:05:15
[DoS attack: ACK Scan] from source: 111.231.84.21:58273 Monday, February 28,2022 15:04:26
[DoS attack: ACK Scan] from source: 195.5.40.110:179 Monday, February 28,2022 14:44:36
[DoS attack: ACK Scan] from source: 109.87.105.72:554 Monday, February 28,2022 14:43:23
[DoS attack: WinNuke Attack] from source: 123.53.79.29:40965 Monday, February 28,2022 13:37:58
[DoS attack: ACK Scan] from source: 148.251.76.173:443 Monday, February 28,2022 13:26:19
[DoS attack: ACK Scan] from source: 148.251.76.173:443 Monday, February 28,2022 13:22:14
[DoS attack: ACK Scan] from source: 168.119.232.76:443 Monday, February 28,2022 13:12:28
[UPnP set event:DeletePortMapping] from source 192.168.1.2 Monday, February 28,2022 13:00:07
[DoS attack: ACK Scan] from source: 52.156.94.70:443 Monday, February 28,2022 12:52:53
[DoS attack: ACK Scan] from source: 162.241.216.182:443 Monday, February 28,2022 12:23:18
[DoS attack: ACK Scan] from source: 52.156.94.70:443 Monday, February 28,2022 12:20:59
[Time synchronized with NTP server time-a.netgear.com] Monday, February 28,2022 12:20:34
[DoS attack: ACK Scan] from source: 40.125.100.15:443 Monday, February 28,2022 12:19:53
[UPnP set event:AddPortMapping] from source 192.168.1.2 Monday, February 28,2022 12:15:03
[DHCP IP: (192.168.1.2)] to MAC address E4:2A:AC:36:B7:88 Monday, February 28,2022 12:15:00
[DoS attack: WinNuke Attack] from source: 183.236.168.50:18917 Monday, February 28,2022 11:58:30
[DoS attack: ACK Scan] from source: 31.13.66.10:443 Monday, February 28,2022 11:20:48
[DoS attack: ACK Scan] from source: 159.224.84.197:554 Monday, February 28,2022 11:00:52
[DHCP IP: (192.168.1.3)] to MAC address B2:0D:4A:F7:09:35 Monday, February 28,2022 10:52:45
[DoS attack: ACK Scan] from source: 46.4.192.213:80 Monday, February 28,2022 10:23:24
[DoS attack: ACK Scan] from source: 193.19.152.20:443 Monday, February 28,2022 10:04:37
[DoS attack: WinNuke Attack] from source: 123.53.79.19:3973 Monday, February 28,2022 10:00:44
[DoS attack: ACK Scan] from source: 182.106.172.60:80 Monday, February 28,2022 07:52:46
[DoS attack: ACK Scan] from source: 52.138.119.101:443 Monday, February 28,2022 07:23:55
[UPnP set event:DeletePortMapping] from source 192.168.1.2 Monday, February 28,2022 07:21:48
[UPnP set event:AddPortMapping] from source 192.168.1.2 Monday, February 28,2022 06:28:56
[DHCP IP: (192.168.1.2)] to MAC address E4:2A:AC:36:B7:88 Monday, February 28,2022 06:28:53
[DoS attack: ACK Scan] from source: 96.16.206.47:443 Monday, February 28,2022 06:28:39
[DHCP IP: (192.168.1.3)] to MAC address B2:0D:4A:F7:09:35 Monday, February 28,2022 06:17:56
[Access Control] Device UNKNOWN with MAC address B2:0D:4A:F7:09:35 is allowed to acces Monday, February 28,2022 06:11:12
[admin login] from source 192.168.1.3 Monday, February 28,2022 06:10:55
[Access Control] Device UNKNOWN with MAC address B2:0D:4A:F7:09:35 is allowed to acces Monday, February 28,2022 06:06:42
[Access Control] Device UNKNOWN with MAC address B2:0D:4A:F7:09:35 is allowed to acces Monday, February 28,2022 06:02:12
[Access Control] Device UNKNOWN with MAC address B2:0D:4A:F7:09:35 is allowed to acces Monday, February 28,2022 05:57:42
[DoS attack: ACK Scan] from source: 182.106.172.60:80 Monday, February 28,2022 05:53:46
[Access Control] Device UNKNOWN with MAC address B2:0D:4A:F7:09:35 is allowed to acces Monday, February 28,2022 05:53:12
[Access Control] Device UNKNOWN with MAC address B2:0D:4A:F7:09:35 is allowed to acces Monday, February 28,2022 05:48:42
[DoS attack: ACK Scan] from source: 183.224.152.18:55024 Monday, February 28,2022 05:45:30
[Access Control] Device UNKNOWN with MAC address B2:0D:4A:F7:09:35 is allowed to acces Monday, February 28,2022 05:44:12
[Access Control] Device UNKNOWN with MAC address B2:0D:4A:F7:09:35 is allowed to acces Monday, February 28,2022 05:39:42
DoS attack: WinNuke Attack] from source: 183.236.168.50:59123 Sunday, February 27,2022 22:19:14
7 Replies
NETGEAR's DoS protection is famously known for many, many false positives. They can come from your ISP, Facebook, Twitter and even from your own devices. If you have problems, disable DoS Protection (you're not losing much). If you don't want to, at least disable loging of these so called "attacks" to relieve the CPU a bit.
I run 4+ years without DoS Protection enabled and never had a problem.
- I have already contacted my ISP, everything is fine on their end. I’ve also already gone to the extent of fully factory resetting the router. The DOS PROTECTION isn’t even turned on , so I’m not sure what’s flooding it with these attacks but it is. Interrupting my connection
What router model do you have?
What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?
DONKE wrote:
I have already contacted my ISP, everything is fine on their end. I’ve also already gone to the extent of fully factory resetting the router. The DOS PROTECTION isn’t even turned on , so I’m not sure what’s flooding it with these attacks but it is. Interrupting my connection
