NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Blocked sites and blocked services NOT working properly
I have a WNDR3800 and the blocked sites and blocked services features is NOT woring correctly.
Any time I use ftp I can successfully send 189 files and then the log starts making entries that the server is attempting a dos attack with the ftp responses on port 20.
I can successfully add my ip to the allow access to blocked sites and it works temporarily, but is not persistent, so every time I need to send more then 190 files up again it gets blocked again.
I can add the ftp service to always allow, but with the same results, it is not persisytent.
I have tried a hard reboot on the routher and it seems happy, but tomorrow if I have to send a few hundred files back up to the server, I have to again log in to the router, click the saved saved service or site allowed and click apply.
If you didn't catch that yet, the allowed ip (mine) or the allowed service are there and never go away, but the router still blocks the traffic, unless I click apply again.
I am not timing this with a stopwatch or timer to see if there is a pattern of "time" but one would think that making an allowance of either the ip or the service (and certainly with both) that the router would not block my outgoing traffic based on a response from the ftp server.
I am using the latest firmware on the router.
The ftp server is running the latest version of filezilla.
I am running the latest version of filezill client.
This false positive ddos attack, is the ROUTER's fault, and clearly a flaw in the firmware. If the formware was correct, it would not forget a setting that is clearly in there, as I do not have to add it every day, or 4 or 5 times a day, I just have to keep reminding netgear to listen to what the administrator has set in the setting it ignores when IT feels like it.
Please do not waste anyone's time and start asking the OS, or settings or type of internet service etc, that is deflecting away from the reality of what is happening.
100% fix is log in to router, and clicking apply for the ip allow, and the ftp que will finish.
3 Replies
It is a decade old device and hasn't had any firmware changes since 2017.
Might be time to look into an upgrade as I doubt Netgear has people working up upgrading these older devices.
universal4 wrote:
I have a WNDR3800 and the blocked sites and blocked services features is NOT woring correctly.
Any time I use ftp I can successfully send 189 files and then the log starts making entries that the server is attempting a dos attack with the ftp responses on port 20.
If you didn't catch that yet, the allowed ip (mine) or the allowed service are there and never go away, but the router still blocks the traffic, unless I click apply again.
There are two things going on in there. Logging and blocking "attacks" are not the same thing.
First, it may not be blocking anything. Logging simply records events, even when there is nothing to block.
Second, blocking isn't always what slows down the router.
Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.
Search - NETGEAR Communities – DoS attacks
If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.
So, you can see if it is possible to disable logging in a router of that vintage. If you can, that might eliminate the symptoms you see. If not, then disabling DOS
As plemans says, you are using a decade old router. (Look at its wifi technology.) It was never going to set the world on fire, some people say that disabling DoS Protection is not as harmful as the name suggests. Indeed, a router that old may have other security issues. Who knows what nasties have come along in the almost five years since there was last a firmware update for this thing?
The suggestion of search DDOS attacks is silly as this as not due to a dos attack.
I never once suggested the issue was caused by logs, I only supplied that information to show what was happening and why the fir,ware was being stuupid and not allowing a device inside the subnet use a trusted service.
This is a flaw in Netgear firmware, and I was hoping there weould be reasonable information about a real fix, or at least what version of firmware from Netgear actually fixed this.
The only other option is certainly to not use Netgear products, as it has neither been acknowledged nor any offer of suggestions such as, "be sure the outer has formware version x or above, or that firmware versions are dated after x date".
The suggestion that it is due to blocking I have put in place, actually I had NOT added anything to the allowed service or allowed IP until after I discovered the problem, after recently moving one of my machines at home to the subnet behind the netgear router.
Again, my research shows that this issue is 100% that the router forgets to allow the ip addy of the machine, or that ftp should not be a blocked service.
ftp 500 files, approximately 189-190 with be successful, it wil stop, click the apply button for allowing that private ip's device, anoother 190 will go, and must click it again to finish the last 120 or so.
Again, for clarification, these are not incoming ftp, but outgoing to a public server, on a public subnet, and the machine that experiences the issue is behine a WNDR3800, single nat not a double nat issue. The ftp connection is to an ip, not a hostname. Active connection with Filezilla on both ends.
