NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Dos attack/back door?
[admin login] from source 192.168.1.2, Thursday, May 12, 2022 18:16:35
[admin login] from source 192.168.1.2, Thursday, May 12, 2022 18:15:54
[DoS attack:ACK_Scan] from source: 185.151.107.102,port 443, Thursday, May 12, 2022 17:57:53
[DoS attack:ACK_Scan] from source: 192.168.1.12,port 50587, Thursday, May 12, 2022 17:57:18
[DHCP IP: (192.168.1.11)] to MAC address 00:d2:b1:4e:b7:93, Thursday, May 12, 2022 17:50:51
[DHCP IP: (192.168.1.9)] to MAC address 74:ab:93:7b:91:2f, Thursday, May 12, 2022 17:31:56
[DoS attack:ACK_Scan] from source: 185.151.107.101,port 443, Thursday, May 12, 2022 17:25:09
[DHCP IP: (192.168.1.9)] to MAC address 74:ab:93:7b:91:2f, Thursday, May 12, 2022 17:21:45
[DHCP IP: (192.168.1.8)] to MAC address 74:ab:93:78:99:4e, Thursday, May 12, 2022 17:21:36
[DoS attack:ACK_Scan] from source: 192.168.1.12,port 54776, Thursday, May 12, 2022 17:20:42
[DoS attack:ACK_Scan] from source: 192.168.1.12,port 54775, Thursday, May 12, 2022 17:20:16
[DoS attack:ACK_Scan] from source: 17.248.230.30,port 443, Thursday, May 12, 2022 17:08:26
[admin login] from source 192.168.1.2, Thursday, May 12, 2022 17:06:21
[Log Cleared] Thursday, May 12, 2022 17:01:42
could someone please give me some information on if this is a false positive or a real dos attack
7 Replies
Probably false positives.
What is the device at 192.168.1.12? Thats on your LAN side of the router.
Do a whois look up on 185.151.107.102
Try to no post MAC addresses in public forums for security reason.
Probably false positives.
What is the device at 192.168.1.12? Thats on your LAN side of the router.
Do a whois look up on 185.151.107.102
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf% Information related to '185.151.107.96 - 185.151.107.127'
% Abuse contact for '185.151.107.96 - 185.151.107.127' is 'abuse@ukrhub.net'
inetnum: 185.151.107.96 - 185.151.107.127
netname: UKRCOM-CUSTOMER-NET
country: UA
status: ASSIGNED PA
created: 2018-08-09T12:37:38Z
last-modified: 2018-08-09T12:37:38Z
source: RIPE
admin-c: YZ42-RIPE
tech-c: UHUB-RIPE
mnt-by: YZ42-RIPE-MNT
remarks: Customer connectionperson: Koblyuk Andrei
address: vul. S. Khokhlovyh, 15
address: Kiev, Ukraine, 04050
phone: +380 44 2055570
e-mail: hostmaster@ukrhub.net
nic-hdl: UHUB-RIPE
notify: yuriz@ukr-com.net
mnt-by: YZ42-RIPE-MNT
created: 2007-05-10T07:08:53Z
last-modified: 2017-03-06T11:32:53Z
source: RIPEperson: Yuri Zlenko
address: 04119, Ukraine, Kiev
address: vul. Simyi Khokhlovyh, 15, 3-rd floor
phone: +380 44 205-5514
fax-no: +380 44 205-5525
e-mail: yuriz@ukr-com.net
nic-hdl: YZ42-RIPE
notify: yuriz@ukr-com.net
mnt-by: YZ42-RIPE-MNT
created: 2001-12-07T15:14:10Z
last-modified: 2017-03-06T11:28:28Z
source: RIPE% Information related to '185.151.104.0/22AS12593'
route: 185.151.104.0/22
origin: AS12593
descr: Ukrcom, Ltd.
mnt-by: YZ42-RIPE-MNT
created: 2016-05-10T10:02:11Z
last-modified: 2016-05-10T10:02:46Z
source: RIPE% This query was served by the RIPE Database Query Service version 1.103 (WAGYU)
- That IP is my phone, also when those attacks happen my whole internet service cuts out for 20-30 seconds
