NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DoS attacks (ACK & STORM) - causing DNS issues and connection drops?
This is a continuation of issues here: For the last month+, DNS issues and dropped Wi-Fi (now using R7000P) Netgear support emailed me back and said I have a DoS attack. This is part of the info...
marteeleigh wrote:
Today (before I learned about the DoS attacks), I actually switched from the R7000P to a TP-Link router, because I thought this was a Netgear router issue. There is nothing in the TP-Link router log that indicates any sort of DoS attack. BUT Sparklight still insists they can't access my modem (which I purchased separately).
What has your modem got to do with the R7000P? What is this modem? Why do you want Sparklight to access it?
Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.
My modem is (edited) Motorola MB8611 DOCSIS 3.1, but Sparklight said they can't reset my connection unless they can access my modem. They're saying the reason they can't access it is because of the DoS attacks.
Regarding the Netgear router, though, are you implying that the Netgear support agent blew this out of proportion? Did I not need even need to replace my Nighthawk with another router?
Can you disconnect the wifi router from the modem and connect up 1 wired PC to the modem? Power OFF the modem for 1 full minute then back ON after connecting the PC to the modem.
You should be able to access the modems web page at 192.168.100.1.
Yes, I will try this.
FURRYe38 wrote:
You should be able to access the modems web page at 192.168.100.1.
Only if it is a cable modem that hasn't been "messed around" with.
And even that is not the default for many Netgear cable modem/routers.
Hence the need to know the model number.
For a Motorola MB8600 series:
Default IP address:
marteeleigh wrote:
My modem is Motorola, but Sparklight said they can't reset my connection unless they can access my modem. They're saying the reason they can't access it is because of the DoS attacks.
That tells us the make, but it tells us nothing about the modem's features. Only a model number would reveal that.
Just look at this page and see how many devices Motorola now sells as "modems":
Throw in discontinued models and the confusion gets deeper.
The modem sits in front of the router, where the DDoS attacks, if they are real, get detected. So how does this keep the ISP from getting at the router? And what do you expect the ISP even if it can get access to the modem?
I smell an ISP tech person who doesn't have a clue and is using the first excuse that comes to hand. That appears to be industry practice.
marteeleigh wrote:
Regarding the Netgear router, though, are you implying that the Netgear support agent blew this out of proportion? Did I not need even need to replace my Nighthawk with another router?
I have no idea what the Netgear support person told you, if that it really was someone from Netgear rather than one of the many scam support sites out there.
From what you have said, you are getting rubbish thrown at you from all sides.
My R7000P has been chugging away for years, with little sign of any security meltdown.
By the way, the IP addresses listed as attacking you in your logs appear to be harmless.
IP Address Status Country Network Name Owner Name From IP To IP 2.19.132.98 Succeed European Union AKAMAI-PA Akamai Technologies 2.19.128.0 2.19.143.255 72.21.81.237 Succeed USA - Virginia EDGECAST-NETBLK-01 MCI Communications Services, Inc. d/b/a Verizon Business 72.21.80.0 72.21.95.255 23.62.158.65 Succeed USA - Massachusetts AKAMAI Akamai Technologies, Inc. 23.32.0.0 23.67.255.255 206.81.81.71 Succeed USA - Washington SEATTLEIX-V4 Seattle Internet Exchange 206.81.80.0 206.81.83.255 Apologies. I am failing at multitasking (also speaking with Sparklight support right now). My modem is Motorola MB8611.
This Sparklight tech guy said they are having a hard time accessing ANY MB8611, and it's an issue between Sparklight and Motorola (so this issue is unrelated to the DoS attacks). So, the guy said he can now see that I'm online, but he can't reset my connection due to the issues with the modem not responding to the Sparklight network. I will be swapping out my MB8611 with an exact replacement (it's already on its way, before Sparklight told me about the connection issues).
As for the Netgear support, I assure you it was a Netgear rep. I went through my Netgear account and went through the support steps there. The rep's information is italicized in my initial post (above). The case is in my Netgear support account history.
Thanks for looking at those IP addresses! Can you tell me what harmless means, though, in this context? Like it's enough to be a disruption but otherwise not harmful?
Thanks again!
marteeleigh wrote:
Apologies. I am failing at multitasking (also speaking with Sparklight support right now). My modem is Motorola MB8611.
Straightforward modem with no router to get in the way.
MB8611 Ultra-Fast DOCSIS 3.1 Cable Modem with 2.5Gb Ethernet - Motorola
marteeleigh wrote:
Thanks for looking at those IP addresses! Can you tell me what harmless means, though, in this context? Like it's enough to be a disruption but otherwise not harmful?
They are harmless because they are from recognised ISPs and Internet services. They will not be attacking you.
Other things that can feature in those logs are Google, Amazon and other familiar names.
They show up in your logs because the Netgear firmware is doing its usual "false positive" thing, an issue that comes up here often.
Check this search for dos attacks.
The only harm those entries will do to your network is if the logging uses up processor power and slows down the router's management of other tasks.
If you see that sort of behaviour you can safely disable the logging process. Some people even disable the protection process itself, again with no ill effect.
To me this suggests that you ISP is talking rubbish. There are no DDS attacks on your network to prevent it from getting at your modem.
So following the suggestion from FURRYe38 would be a good way of smoking them out.
Quite who told you that from Netgear escapes me. But I was not in on your conversation with them.
