NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DoS attacks in log
Hi, I've been getting these Dos attacks from the same ip for a couple days then turned on DoS protection and went away for a day until today I got these DoS attacks. The ip I'm talking about are the ...
microchip8 wrote:
Given the amount of false positives, I question michaelkenward claim that the router will protect you if DoS is turned on.
Who said that? Read it again.
First you probably mean "off".
I did not say that you should turn off "DoS". What I suggested was disabling the logging of Known DoS attacks and Port Scans.That is on the Logs page of the controls.
Here's the exact wording I used:
Disable logging of DoS attacks and see if that reduces the problem.
Emphasis added.
This is not the same as Disable Port Scan and DoS Protection which appears on a completely different WAN Setup page in the router's controls.
In the same way, disabling the logging of Router operation (startup, get time etc) does not mean that you are turning off router operation.
michaelkenward wrote:
microchip8 wrote:Given the amount of false positives, I question michaelkenward claim that the router will protect you if DoS is turned on.
Who said that? Read it again.
First you probably mean "off".
I did not say that you should turn off "DoS". What I suggested was disabling the logging of Known DoS attacks and Port Scans.That is on the Logs page of the controls.
Here's the exact wording I used:
Disable logging of DoS attacks and see if that reduces the problem.Emphasis added.
This is not the same as Disable Port Scan and DoS Protection which appears on a completely different WAN Setup page in the router's controls.
In the same way, disabling the logging of Router operation (startup, get time etc) does not mean that you are turning off router operation.
"If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs."
Your words.
Blocking with iptables is more expensive than logging. Turning off loging and the amount of false positives will not "protect" you from anything much. You may relieve the CPU by turning loging off, but iptables is still there putting a strain on the CPU.
So what should I do? I have these logs with both the DoS protection on and off. Here is the recent logs of today. There are more but these most recent:
[DoS attack: Teardrop or derivative] from 194.0.58.16, port 0 6 Tue Jun 15 18:19:33 2021 193.51.234.217:0 194.0.58.16:0 [DoS attack: Ping Of Death] from 194.0.58.16, port 0 15 Tue Jun 15 17:18:47 2021 193.51.234.217:0 194.0.58.16:0 [DoS attack: Teardrop or derivative] from 194.0.58.16, port 0 7 Tue Jun 15 16:21:03 2021 168.46.189.51:0 194.0.58.16:0
bp31 wrote:
So what should I do? I have these logs with both the DoS protection on and off.
It seems that it is not "DoS protection" that creates the log, but something else.
My advice was to TURN OFF LOGGING of Dos Attacks. (See above.) This is not the same as Disable Port Scan and DoS Protection which is possibly what you have done.
In the Administration area of Advanced management, go to the Logs section. Uncheck Known DoS attacks and Port Scans.
Or just ignore those entries.