NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DoS attacks in log
Hi, I've been getting these Dos attacks from the same ip for a couple days then turned on DoS protection and went away for a day until today I got these DoS attacks. The ip I'm talking about are the ...
bp31 wrote:
Hi, I've been getting these Dos attacks from the same ip for a couple days then turned on DoS protection and went away for a day until today I got these DoS attacks.
Are you "reporting in" or asking for help?
Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.
Search - NETGEAR Communities – DoS attacks
Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.
Here is a useful tool for that task:
IPNetInfo: Retrieve IP Address Information from WHOIS servers
If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.
I'm sorry my question is if these are DoS attacks toward me or are they using me as a bot to attack someone else? I ask because it seems one is my own isp but the other is a ip from RIPE Network Coordination and it's target is Texas Department of Information Resources.
bp31 wrote:
I'm sorry my question is if these are DoS attacks toward me or are they using me as a bot to attack someone else?
OK. See my answer.
Most people ignore these false alarms.
If you think about it, the alerts just say "we repelled this attack on your system". That there was no attack, just means that the router foiled a non-existent onslaught.
Do note that blocking these DoS attacks is rather expensive CPU-wise as iptables is not the biggest speed monster. It's more expensive than loggin them.
I'm running for years with DoS protection disabled and have had no problems. Given the amount of false positives, I question michaelkenward claim that the router will protect you if DoS is turned on.
