NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DoS attacks (ACK & STORM) - causing DNS issues and connection drops?
This is a continuation of issues here: For the last month+, DNS issues and dropped Wi-Fi (now using R7000P) Netgear support emailed me back and said I have a DoS attack. This is part of the info...
marteeleigh wrote:
My modem is Motorola, but Sparklight said they can't reset my connection unless they can access my modem. They're saying the reason they can't access it is because of the DoS attacks.
That tells us the make, but it tells us nothing about the modem's features. Only a model number would reveal that.
Just look at this page and see how many devices Motorola now sells as "modems":
Throw in discontinued models and the confusion gets deeper.
The modem sits in front of the router, where the DDoS attacks, if they are real, get detected. So how does this keep the ISP from getting at the router? And what do you expect the ISP even if it can get access to the modem?
I smell an ISP tech person who doesn't have a clue and is using the first excuse that comes to hand. That appears to be industry practice.
marteeleigh wrote:
Regarding the Netgear router, though, are you implying that the Netgear support agent blew this out of proportion? Did I not need even need to replace my Nighthawk with another router?
I have no idea what the Netgear support person told you, if that it really was someone from Netgear rather than one of the many scam support sites out there.
From what you have said, you are getting rubbish thrown at you from all sides.
My R7000P has been chugging away for years, with little sign of any security meltdown.
By the way, the IP addresses listed as attacking you in your logs appear to be harmless.
| IP Address | Status | Country | Network Name | Owner Name | From IP | To IP |
|---|---|---|---|---|---|---|
| 2.19.132.98 | Succeed | European Union | AKAMAI-PA | Akamai Technologies | 2.19.128.0 | 2.19.143.255 |
| 72.21.81.237 | Succeed | USA - Virginia | EDGECAST-NETBLK-01 | MCI Communications Services, Inc. d/b/a Verizon Business | 72.21.80.0 | 72.21.95.255 |
| 23.62.158.65 | Succeed | USA - Massachusetts | AKAMAI | Akamai Technologies, Inc. | 23.32.0.0 | 23.67.255.255 |
| 206.81.81.71 | Succeed | USA - Washington | SEATTLEIX-V4 | Seattle Internet Exchange | 206.81.80.0 | 206.81.83.255 |
Apologies. I am failing at multitasking (also speaking with Sparklight support right now). My modem is Motorola MB8611.
This Sparklight tech guy said they are having a hard time accessing ANY MB8611, and it's an issue between Sparklight and Motorola (so this issue is unrelated to the DoS attacks). So, the guy said he can now see that I'm online, but he can't reset my connection due to the issues with the modem not responding to the Sparklight network. I will be swapping out my MB8611 with an exact replacement (it's already on its way, before Sparklight told me about the connection issues).
As for the Netgear support, I assure you it was a Netgear rep. I went through my Netgear account and went through the support steps there. The rep's information is italicized in my initial post (above). The case is in my Netgear support account history.
Thanks for looking at those IP addresses! Can you tell me what harmless means, though, in this context? Like it's enough to be a disruption but otherwise not harmful?
Thanks again!
marteeleigh wrote:
Apologies. I am failing at multitasking (also speaking with Sparklight support right now). My modem is Motorola MB8611.
Straightforward modem with no router to get in the way.
MB8611 Ultra-Fast DOCSIS 3.1 Cable Modem with 2.5Gb Ethernet - Motorola
marteeleigh wrote:
Thanks for looking at those IP addresses! Can you tell me what harmless means, though, in this context? Like it's enough to be a disruption but otherwise not harmful?
They are harmless because they are from recognised ISPs and Internet services. They will not be attacking you.
Other things that can feature in those logs are Google, Amazon and other familiar names.
They show up in your logs because the Netgear firmware is doing its usual "false positive" thing, an issue that comes up here often.
Check this search for dos attacks.
The only harm those entries will do to your network is if the logging uses up processor power and slows down the router's management of other tasks.
If you see that sort of behaviour you can safely disable the logging process. Some people even disable the protection process itself, again with no ill effect.
To me this suggests that you ISP is talking rubbish. There are no DDS attacks on your network to prevent it from getting at your modem.
So following the suggestion from FURRYe38 would be a good way of smoking them out.
Quite who told you that from Netgear escapes me. But I was not in on your conversation with them.
Your explanation was thoughtful and very well recieved. Thank you for taking the time to respond in such a manner. How you explained it makes sense. I feel silly for making this an issue. It all started with DNS issues and dropped Wi-Fi, and then the Netgear tech mentioned DoS attacks, so down the rabbit hole I went.
For now (tomorrow), I will proceed with the replacement modem (although that likely won't help except to provide new IP and MAC addresses), if that's even necessary at this point. This new TP-Link router has not dropped connection since I set it up yesterday, so maybe I just stick with TP-Link and revisit the Nighthawk when/if TP-Link goes out.
If there are suggestions for different cable modems, I am all ears. I wish I could say the modem was the issue, but the DNS issues occured last month when I had a DSL modem (CenturyLink) alongside a an AC1750 Nighthawk.
Thanks again to you both, michaelkenward and FURRYe38 <3. I appreciate you sticking with me through often incoherrant questions.
Make sure the ISP service, signal and signal line is in good working order first. Putting a different modem on may not fix the issue.
Have the ISP check the signal and line quality UP to the modem. Be sure the ISP provisions the modem correctly.
Be sure there are no coax cable line splitters in the between the modem and ISP service box.
Be sure your using good quality RG6 coax cable up to the modem.Have the ISP check the modems connection status page as well. There is signal information there that you can give them to help ensure the modem and signal is to spec.
