NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DoS attacks (ACK & STORM) - causing DNS issues and connection drops?
This is a continuation of issues here: For the last month+, DNS issues and dropped Wi-Fi (now using R7000P)
Netgear support emailed me back and said I have a DoS attack. This is part of the information they sent:
Based on the logs that you have provided, it appears that your router is experiencing a DOS attack. A Denial-of-service attack (DoS attack) is an attempt to make a computer or network resource unavailable to its intended users.
In a Denial of Service (DoS) attack, an attacker attempts to prevent the users from accessing information or services, usually by flooding the network with large amounts of fake traffic. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services on the affected computer.
You may find additional information and suggestion on this link [https://kb.netgear.com/19957/What-does-Disable-Port-Scan-and-DoS-Protection-do].
Having said that the router is under DoS attack, I highly recommend that you contact your ISP and ask them to reset your connection. Kindly relay to them that the reason for this request is due to a DOS attack that is visible on your Network.
Some of the items in my log:
- [DoS attack: ACK Scan] attack packets in last 20 sec from ip [2.19.132.98], Monday, Sep 27,2021 04:49:39
- [DoS attack: STORM] attack packets in last 20 sec from ip [72.21.81.237], Monday, Sep 27,2021 04:32:53
- [DoS attack: ACK Scan] attack packets in last 20 sec from ip [23.62.158.65], Saturday, Oct 02,2021 19:04:13
- [DoS attack: STORM] attack packets in last 20 sec from ip [206.81.81.71], Saturday, Oct 02,2021 20:32:44
I've contacted Sparklight (my ISP), as instructed. They said due to the issue, they can't even see my modem status (It's showing offline to them, even though I have internet access). Sparklight advised me to contact law enforcement. Whattttttt?
Today (before I learned about the DoS attacks), I actually switched from the R7000P to a TP-Link router, because I thought this was a Netgear router issue. There is nothing in the TP-Link router log that indicates any sort of DoS attack. BUT Sparklight still insists they can't access my modem (which I purchased separately).
Can anyone please help me?
13 Replies
marteeleigh wrote:
Today (before I learned about the DoS attacks), I actually switched from the R7000P to a TP-Link router, because I thought this was a Netgear router issue. There is nothing in the TP-Link router log that indicates any sort of DoS attack. BUT Sparklight still insists they can't access my modem (which I purchased separately).
What has your modem got to do with the R7000P? What is this modem? Why do you want Sparklight to access it?
Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.
My modem is (edited) Motorola MB8611 DOCSIS 3.1, but Sparklight said they can't reset my connection unless they can access my modem. They're saying the reason they can't access it is because of the DoS attacks.
Regarding the Netgear router, though, are you implying that the Netgear support agent blew this out of proportion? Did I not need even need to replace my Nighthawk with another router?
Can you disconnect the wifi router from the modem and connect up 1 wired PC to the modem? Power OFF the modem for 1 full minute then back ON after connecting the PC to the modem.
You should be able to access the modems web page at 192.168.100.1.
