NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DoS attacks in log
Hi, I've been getting these Dos attacks from the same ip for a couple days then turned on DoS protection and went away for a day until today I got these DoS attacks. The ip I'm talking about are the ping of death and teardrop below
Description | Count | Last Occurrence | Target | Source |
[DoS attack: Teardrop or derivative] from 194.0.58.16, port 0 | 3 | Mon Jun 14 20:41:15 2021 | 168.46.189.51:0 | 194.0.58.16:0 |
| ||||
[DoS attack: Ping Of Death] from 194.0.58.16, port 0 | 2 | Mon Jun 14 20:15:47 2021 | 168.46.189.51:0 | 194.0.58.16:0 |
| ||||
[DoS attack: TCP- or UDP-based Port Scan] from 75.75.75.75, port 53 | 1 | Mon Jun 14 19:29:55 2021 |
| 75.75.75.75:53 |
| ||||
[DoS attack: Ping Of Death] from 194.0.58.16, port 0 | 1 | Mon Jun 14 19:20:51 2021 | 168.46.189.51:0 | 194.0.58.16:0 |
| ||||
[DoS attack: TCP- or UDP-based Port Scan] from 75.75.75.75, port 53 | 1 | Mon Jun 14 18:50:47 2021 |
| 75.75.75.75:53 |
[DoS attack: TCP- or UDP-based Port Scan] from 75.75.75.75, port 53 | 1 | Mon Jun 14 18:04:08 2021 |
| 75.75.75.75:53 |
[DoS attack: TCP- or UDP-based Port Scan] from 60.2.114.170, port 6000 | 1 | Mon Jun 14 18:01:01 2021 |
|
|
8 Replies
bp31 wrote:
Hi, I've been getting these Dos attacks from the same ip for a couple days then turned on DoS protection and went away for a day until today I got these DoS attacks.
Are you "reporting in" or asking for help?
Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.
Search - NETGEAR Communities – DoS attacks
Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.
Here is a useful tool for that task:
IPNetInfo: Retrieve IP Address Information from WHOIS servers
If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.
I'm sorry my question is if these are DoS attacks toward me or are they using me as a bot to attack someone else? I ask because it seems one is my own isp but the other is a ip from RIPE Network Coordination and it's target is Texas Department of Information Resources.
bp31 wrote:
I'm sorry my question is if these are DoS attacks toward me or are they using me as a bot to attack someone else?
OK. See my answer.
Most people ignore these false alarms.
If you think about it, the alerts just say "we repelled this attack on your system". That there was no attack, just means that the router foiled a non-existent onslaught.
