NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DoS Attack: RST Scan Multiple IP addresses with loss of service
CM1000 modem and RBR50 router with Firmware V2.7.2.104 Windows 7 &10, Android and iPhone home network. Constant dropping internet connection with DNS can not find server. ISP Spectrum says its the modem and my issue and equipment. I have to get them to reboot the modem remotely to get back on line then it only takes 30 minutes to develope the same issue. I have been searching both event logs and see a couple of issues. One mulptile DoS attack entrys and SYNC Timing Synchronization failures. I have upgraded harware 3 time in 6 years and am wits end. Please Help
RBR50 Event Log
[DoS Attack: RST Scan] from source: 92.63.197.56, port 41769, Saturday, March 27, 2021 12:25:18
[admin login] from source 192.168.1.10, Saturday, March 27, 2021 12:22:30
[DoS Attack: RST Scan] from source: 109.230.232.25, port 80, Saturday, March 27, 2021 12:19:22
[DoS Attack: RST Scan] from source: 194.147.140.107, port 43625, Saturday, March 27, 2021 12:16:46
[DoS Attack: RST Scan] from source: 194.61.25.38, port 45853, Saturday, March 27, 2021 12:13:40
[admin login] from source 192.168.1.10, Saturday, March 27, 2021 12:05:43
[DoS Attack: RST Scan] from source: 92.63.197.56, port 41769, Saturday, March 27, 2021 11:59:48
[admin login] from source 192.168.1.10, Saturday, March 27, 2021 11:57:28
[DoS Attack: RST Scan] from source: 92.63.197.56, port 41769, Saturday, March 27, 2021 11:46:11
[DoS Attack: RST Scan] from source: 180.214.237.67, port 59547, Saturday, March 27, 2021 11:40:43
[DoS Attack: RST Scan] from source: 92.63.197.56, port 41769, Saturday, March 27, 2021 11:35:49
[DoS Attack: SYN/ACK Scan] from source: 51.83.238.85, port 80, Saturday, March 27, 2021 11:27:26
[DoS Attack: SYN/ACK Scan] from source: 157.90.242.168, port 80, Saturday, March 27, 2021 11:26:30
[DoS Attack: SYN/ACK Scan] from source: 50.87.195.61, port 443, Saturday, March 27, 2021 11:11:50
[DoS Attack: RST Scan] from source: 194.147.140.30, port 50817, Saturday, March 27, 2021 11:09:44
[DoS Attack: RST Scan] from source: 194.147.140.53, port 41620, Saturday, March 27, 2021 11:06:40
[DoS Attack: SYN/ACK Scan] from source: 64.71.153.12, port 443, Saturday, March 27, 2021 10:57:02
[DoS Attack: SYN/ACK Scan] from source: 51.83.238.85, port 80, Saturday, March 27, 2021 10:37:45
[DoS Attack: RST Scan] from source: 185.236.11.91, port 59081, Saturday, March 27, 2021 10:36:59
[DoS Attack: SYN/ACK Scan] from source: 54.36.127.169, port 9987, Saturday, March 27, 2021 10:31:51
[DoS Attack: RST Scan] from source: 194.147.140.105, port 50841, Saturday, March 27, 2021 10:31:35
[DoS Attack: SYN/ACK Scan] from source: 135.181.149.146, port 80, Saturday, March 27, 2021 10:25:50
[DoS Attack: SYN/ACK Scan] from source: 178.33.254.59, port 80, Saturday, March 27, 2021 10:21:49
[DoS Attack: RST Scan] from source: 194.147.140.106, port 40131, Saturday, March 27, 2021 09:58:52
[DoS Attack: SYN/ACK Scan] from source: 209.14.0.43, port 443, Saturday, March 27, 2021 09:51:48
[DoS Attack: RST Scan] from source: 194.147.140.115, port 52466, Saturday, March 27, 2021 09:50:07
[DoS Attack: SYN/ACK Scan] from source: 50.87.195.61, port 443, Saturday, March 27, 2021 09:45:20
[DoS Attack: SYN/ACK Scan] from source: 51.75.249.175, port 80, Saturday, March 27, 2021 09:44:14
[DoS Attack: SYN/ACK Scan] from source: 51.89.194.152, port 7881, Saturday, March 27, 2021 09:34:17
[DoS Attack: RST Scan] from source: 89.248.165.201, port 51221, Saturday, March 27, 2021 09:33:39
[DoS Attack: RST Scan] from source: 194.147.140.8, port 52647, Saturday, March 27, 2021 09:26:17
[DoS Attack: RST Scan] from source: 194.147.140.25, port 40877, Saturday, March 27, 2021 09:04:58
[DoS Attack: RST Scan] from source: 194.147.140.92, port 55784, Saturday, March 27, 2021 08:57:12
[DoS Attack: RST Scan] from source: 45.146.164.211, port 51922, Saturday, March 27, 2021 08:54:55
[DoS Attack: SYN/ACK Scan] from source: 51.75.249.175, port 80, Saturday, March 27, 2021 08:50:50
[DoS Attack: RST Scan] from source: 92.63.197.56, port 46094, Saturday, March 27, 2021 08:45:21
[admin login] from source 192.168.1.10, Saturday, March 27, 2021 08:41:22
[admin login failure] from source 192.168.1.10, Saturday, March 27, 2021 08:41:01
[DoS Attack: RST Scan] from source: 194.147.140.92, port 55784, Saturday, March 27, 2021 08:24:30
[DoS Attack: SYN/ACK Scan] from source: 157.90.242.168, port 80, Saturday, March 27, 2021 08:22:52
[DoS Attack: RST Scan] from source: 92.63.197.56, port 46094, Saturday, March 27, 2021 08:16:51
[DoS Attack: SYN/ACK Scan] from source: 135.181.149.146, port 80, Saturday, March 27, 2021 08:16:47
[DoS Attack: RST Scan] from source: 194.147.140.18, port 59951, Saturday, March 27, 2021 08:14:51
[DoS Attack: SYN/ACK Scan] from source: 135.181.149.146, port 80, Saturday, March 27, 2021 08:14:24
[admin login] from source 192.168.1.4, Saturday, March 27, 2021 08:13:58
[DoS Attack: RST Scan] from source: 89.248.165.144, port 47540, Saturday, March 27, 2021 08:13:38
[DoS Attack: RST Scan] from source: 194.147.140.150, port 43805, Saturday, March 27, 2021 08:09:03
[DoS Attack: SYN/ACK Scan] from source: 157.90.242.167, port 80, Saturday, March 27, 2021 08:07:41
[DoS Attack: RST Scan] from source: 92.63.197.56, port 46094, Saturday, March 27, 2021 08:06:59
[DoS Attack: SYN/ACK Scan] from source: 157.90.242.168, port 80, Saturday, March 27, 2021 08:05:33
[DoS Attack: RST Scan] from source: 92.63.197.56, port 46094, Saturday, March 27, 2021 08:02:48
[DoS Attack: SYN/ACK Scan] from source: 157.90.242.167, port 80, Saturday, March 27, 2021 07:59:29
[DoS Attack: SYN/ACK Scan] from source: 135.181.149.146, port 80, Saturday, March 27, 2021 07:56:25
[DoS Attack: RST Scan] from source: 92.63.197.56, port 46094, Saturday, March 27, 2021 07:25:23
[DoS Attack: RST Scan] from source: 194.147.140.115, port 46525, Saturday, March 27, 2021 07:17:19
[Time synchronized with NTP server] Saturday, March 27, 2021 07:11:27
[DoS Attack: RST Scan] from source: 130.211.135.74, port 443, Saturday, March 27, 2021 07:10:06
[Internet connected] IP address: 70.114.249.137, Saturday, March 27, 2021 07:09:36
[Initialized, firmware version: V2.7.2.104] Saturday, March 27, 2021 07:09:35
CM1000 Event Log
2021-03-27, 11:24:54 | Error (4) | DHCP RENEW WARNING - Field invalid in response v4 option;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-03-27, 11:16:24 | Notice (6) | CM-STATUS message sent. Event Type Code: 24; Chan ID: 33 ; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 2 .;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-03-27, 11:14:04 | Notice (6) | CM-STATUS message sent. Event Type Code: 16; Chan ID: 33 ; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 2 .;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-03-27, 06:26:58 | Notice (6) | DHCP Renew - lease parameters Time Protocol Servers modified;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-03-27, 06:26:58 | Error (4) | DHCP RENEW WARNING - Field invalid in response v4 option;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-03-27, 01:28:20 | Notice (6) | DHCP Renew - lease parameters Time Protocol Servers modified;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-03-27, 01:28:20 | Error (4) | DHCP RENEW WARNING - Field invalid in response v4 option;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-03-26, 21:16:08 | Notice (6) | CM-STATUS message sent. Event Type Code: 24; Chan ID: 33 ; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 2 .;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-03-26, 21:15:28 | Notice (6) | DHCP Renew - lease parameters Time Protocol Servers modified;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-03-26, 21:15:28 | Error (4) | DHCP RENEW WARNING - Field invalid in response v4 option;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-03-26, 18:19:05 | Notice (6) | CM-STATUS message sent. Event Type Code: 24; Chan ID: 33 ; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 2 .;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-03-26, 16:35:59 | Notice (6) | DS profile assignment change. DS Chan ID: 32; Previous Profile: ; New Profile: 1 2 .;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-03-26, 16:35:50 | Notice (6) | TLV-11 - unrecognized OID;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-03-26, 16:35:49 | Error (4) | Missing BP Configuration Setting TLV Type: 17.9;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-03-26, 16:35:49 | Error (4) | Missing BP Configuration Setting TLV Type: 17.8;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
Time Not Established | Warning (5) | DHCP WARNING - Non-critical field invalid in response ;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
Time Not Established | Notice (6) | Honoring MDD; IP provisioning mode = IPv4 |
Time Not Established | Critical (3) | SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:00:00:00:00:00;CM-QOS=1.1;CM-VER=3.1; |
2021-03-26, 15:28:32 | Critical (3) | Resetting the cable modem due to docsDevResetNow |
Time Not Established | Critical (3) | SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:00:00:00:00:00;CM-QOS=1.1;CM-VER=3.1; |
2021-03-26, 11:14:25 | Critical (3) | Resetting the cable modem due to docsDevResetNow |
Time Not Established | Critical (3) | SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:00:00:00:00:00;CM-QOS=1.1;CM-VER=3.1; |
2021-03-26, 11:13:01 | Critical (3) | Resetting the cable modem due to docsDevResetNow |
Time Not Established | Critical (3) | SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:00:00:00:00:00;CM-QOS=1.1;CM-VER=3.1; |
2021-03-26, 10:08:50 | Critical (3) | Resetting the cable modem due to docsDevResetNow |
Time Not Established | Critical (3) | SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:00:00:00:00:00;CM-QOS=1.1;CM-VER=3.1; |
2021-03-26, 10:02:25 | Critical (3) | Resetting the cable modem due to docsDevResetNow |
Time Not Established | Critical (3) | SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:00:00:00:00:00;CM-QOS=1.1;CM-VER=3.1; |
2021-02-24, 13:44:07 | Critical (3) | Received Response to Broadcast Maintenance Request, But no Unicast Maintenance opportunities received - T4 time out;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-02-24, 13:43:23 | Critical (3) | Started Unicast Maintenance Ranging - No Response received - T3 time-out;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-02-18, 05:55:11 | Critical (3) | SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:00:00:00:00:00;CM-QOS=1.1;CM-VER=3.1; |
2021-02-18, 05:55:07 | Critical (3) | Received Response to Broadcast Maintenance Request, But no Unicast Maintenance opportunities received - T4 time out;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-02-18, 05:55:03 | Critical (3) | SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-02-18, 05:55:02 | Critical (3) | Received Response to Broadcast Maintenance Request, But no Unicast Maintenance opportunities received - T4 time out;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-02-18, 05:55:00 | Critical (3) | SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-02-18, 05:54:59 | Critical (3) | Received Response to Broadcast Maintenance Request, But no Unicast Maintenance opportunities received - T4 time out;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-02-18, 05:54:58 | Critical (3) | SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-02-18, 05:54:57 | Critical (3) | Received Response to Broadcast Maintenance Request, But no Unicast Maintenance opportunities received - T4 time out;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-02-18, 05:54:48 | Critical (3) | SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2021-02-18, 05:54:43 | Critical (3) | SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing;CM-MAC=38:94:ed:73:01:00;CMTS-MAC=00:17:10:86:c0:86;CM-QOS=1.1;CM-VER=3.1; |
2 Replies
Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.
Search - NETGEAR Communities – DoS attacks
Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.
Here is a useful tool for that task:
IPNetInfo: Retrieve IP Address Information from WHOIS servers
If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.
Attached are the IP look ups from the attacks from 3-29-2021. Thay are from all over and not face book or google.
[DoS Attack: RST Scan] from source: 194.147.140.111, port 49564, Monday, March 29, 2021 15:58:20
[DoS Attack: RST Scan] from source: 194.147.140.53, port 41620, Monday, March 29, 2021 15:52:03
[DoS Attack: SYN/ACK Scan] from source: 54.81.84.215, port 443, Monday, March 29, 2021 15:50:00
[DoS Attack: SYN/ACK Scan] from source: 24.125.148.115, port 80, Monday, March 29, 2021 15:49:58
[DoS Attack: RST Scan] from source: 194.147.140.53, port 41620, Monday, March 29, 2021 15:43:55
[DoS Attack: SYN/ACK Scan] from source: 198.55.127.40, port 25565, Monday, March 29, 2021 15:24:54
