NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

yagirlchels's avatar
yagirlchels
Aspirant
May 06, 2021

CONSTANT DOS ATTACKS & DISCONNECTION

Spoiler
Spoiler
 

For the last two weeks, my internet has been acting up and keeps just randomly disconnecting. Only for a couple of seconds but it happens back to back all day long. Can someone help me understand whats happening. I have never had any issues before and the router was bought back in November of last year. This is what my log looks like... 

admin login] from source 0.0.0.01Thu May 06 14:31:10 20210.0.0.0:00.0.0.0:0
[DHCP IP: 192.168.0.13] to MAC address f0:18:98:a4:f6:ab1Thu May 06 14:31:08 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Thu May 06 14:00:01 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 13:59:47 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 13:57:52 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Thu May 06 13:37:50 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 13:37:36 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 13:37:05 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Thu May 06 13:30:01 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 13:29:48 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 13:29:18 20210.0.0.0:00.0.0.0:0
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 13:20:18 202173.28.71.3:640458.8.8.8:53
[DHCP IP: 192.168.0.11] to MAC address 62:18:d3:62:53:1f1Thu May 06 13:20:15 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Thu May 06 13:12:55 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 13:12:40 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 13:12:11 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Thu May 06 12:37:48 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 12:37:34 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 12:37:01 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Thu May 06 11:42:46 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 11:42:33 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 11:42:05 20210.0.0.0:00.0.0.0:0
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 08:49:22 202173.28.71.3:534028.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 08:42:54 202173.28.71.3:638728.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 08:35:26 202173.28.71.3:556268.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 08:19:36 202173.28.71.3:642778.8.8.8:53
[Internet connected] IP address: 73.28.71.31Thu May 06 08:14:17 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 08:14:03 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 08:13:27 20210.0.0.0:00.0.0.0:0
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 07:24:17 202173.28.71.3:562258.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 06:31:20 202173.28.71.3:521038.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 06:07:38 202173.28.71.3:652058.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 06:03:44 202173.28.71.3:493588.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 05:48:26 202173.28.71.3:515778.8.8.8:53
[DHCP IP: 192.168.0.11] to MAC address 62:18:d3:62:53:1f1Thu May 06 05:48:25 20210.0.0.0:00.0.0.0:0
[DHCP IP: 192.168.0.11] to MAC address 62:18:d3:62:53:1f1Thu May 06 05:48:24 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Thu May 06 02:02:13 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 02:01:58 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 02:01:22 20210.0.0.0:00.0.0.0:0
[UPnP set event: DeletePortMapping] from source 192.168.0.171Thu May 06 01:20:59 20210.0.0.0:0192.168.0.17:0
[UPnP set event: GetExternalIPAddress] from source 192.168.0.171Thu May 06 01:20:59 20210.0.0.0:0192.168.0.17:0
[UPnP set event: AddPortMapping] from source 192.168.0.171Thu May 06 01:20:25 20210.0.0.0:0192.168.0.17:0
[UPnP set event: GetExternalIPAddress] from source 192.168.0.171Thu May 06 01:20:25 20210.0.0.0:0192.168.0.17:0
[DHCP IP: 192.168.0.17] to MAC address 4c:3b:df:73:81:1d1Thu May 06 01:20:25 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Thu May 06 00:29:59 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 00:29:44 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 00:29:12 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Wed May 05 23:36:08 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Wed May 05 23:35:54 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Wed May 05 23:32:53 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Wed May 05 22:06:22 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Wed May 05 22:06:09 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Wed May 05 22:05:42 20210.0.0.0:00.0.0.0:0
[DHCP IP: 192.168.0.17] to MAC address 4c:3b:df:73:81:1d1Wed May 05 22:03:01 20210.0.0.0:00.0.0.0:0
[DHCP IP: 192.168.0.17] to MAC address 4c:3b:df:73:81:1d1Wed May 05 22:02:30 20210.0.0.0:00.0.0.0:0
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 21:34:03 202173.28.71.3:562018.8.8.8:53
[DoS attack: SYN Flood] from 52.143.79.188, port 4431Wed May 05 21:17:46 2021192.168.0.17:4994052.143.79.188:443
[DoS attack: SYN Flood] from 52.251.11.100, port 4431Wed May 05 21:17:36 2021192.168.0.17:4988352.251.11.100:443
[DoS attack: SYN Flood] from 40.70.154.148, port 4431Wed May 05 21:17:32 2021192.168.0.17:4984440.70.154.148:443
[DoS attack: SYN Flood] from 104.94.108.9, port 4431Wed May 05 21:17:13 2021192.168.0.17:49802104.94.108.9:443
[UPnP set event: AddPortMapping] from source 192.168.0.171Wed May 05 21:17:06 20210.0.0.0:0192.168.0.17:0
[UPnP set event: GetExternalIPAddress] from source 192.168.0.171Wed May 05 21:17:06 20210.0.0.0:0192.168.0.17:0
[DHCP IP: 192.168.0.17] to MAC address 4c:3b:df:73:81:1d1Wed May 05 21:17:06 20210.0.0.0:00.0.0.0:0
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 21:13:29 202173.28.71.3:553208.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 21:06:01 202173.28.71.3:495358.8.8.8:53
[DHCP IP: 192.168.0.11] to MAC address 62:18:d3:62:53:1f1Wed May 05 21:05:59 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Wed May 05 21:00:17 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Wed May 05 21:00:03 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Wed May 05 20:59:23 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Wed May 05 18:48:04 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Wed May 05 18:47:50 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Wed May 05 18:47:21 20210.0.0.0:00.0.0.0:0
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 16:59:34 202173.28.71.3:550718.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 16:54:07 202173.28.71.3:583358.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 16:41:31 202173.28.71.3:587118.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 16:36:51 202173.28.71.3:494108.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.4.4, port 531Wed May 05 16:35:20 202173.28.71.3:622358.8.4.4:53
[DoS attack: SYN Flood] from 17.248.137.108, port 4431Wed May 05 16:35:05 2021192.168.0.11:6445917.248.137.108:443
[DoS attack: TCP- or UDP-based Port Scan] from 1.1.1.1, port 531Wed May 05 16:35:04 202173.28.71.3:634011.1.1.1:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 16:34:53 202173.28.71.3:584328.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 16:31:17 202173.28.71.3:576938.8.8.8:53

 

10 Replies

  • DarrenM's avatar
    DarrenM
    Sr. NETGEAR Moderator
    May 11, 2021

    Have you checked the logs of the ISP modem to see if you have any T3 or T4 timeouts?

     

    DarrenM

  • carapungo's avatar
    carapungo
    Aspirant
    Nov 04, 2021

    were you able to fix this issue?, what was causing it, and what was the solution?

    • microchip8's avatar
      microchip8
      Master
      Nov 04, 2021

      NETGEAR is famously known for many false positives DoS attacks. Their "protection" is virtually useless. I suggest turnning off DoS protection completely off and see if you get a stable device. Myself, I've been running without DoS protection since I bought my router (3.5 years ago) and never had an issue.

      • carapungo's avatar
        carapungo
        Aspirant
        Nov 04, 2021

        Thanks. That's what I did this morning, and now my event log is empty, which I assume is a good thing. I have not seen any connection drops so far.

    • FURRYe38's avatar
      FURRYe38
      Guru - Experienced User
      Nov 04, 2021

      What NG product do you have? 

      What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

      carapungo wrote:

      were you able to fix this issue?, what was causing it, and what was the solution?

       

    • yagirlchels's avatar
      yagirlchels
      Aspirant
      Nov 05, 2021

      So, I actually had to contact my ISP (xfinity) and end up getting an entirely new IP address for my router. Nothing else was working. I havent had an issue since then.