NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Ravinderjay's avatar
Ravinderjay
Aspirant
Feb 05, 2022

Getting DDoS attacks constantly.

I am having trouble changing my IP address. Someone keeps crashing my pc. I want to know how I can change my IP address. I have called xfinity but they told me it was static and can’t be changed! I have non business service from them it should be dynamic. I have tried the release and renew function in the router software and with W11 CMD function but was unable to change my IP address! Any help would be appreciated.

13 Replies

    • Ravinderjay's avatar
      Ravinderjay
      Aspirant
      Feb 06, 2022

      I am using a NG NightHawk RAX 120. This is the log of what is happening. Can you please assist.

       

      [DoS Attack: SYN/ACK Scan] from source: 162.241.216.182, port 443, Saturday, February 05, 2022 15:55:35
      [DoS Attack: RST Scan] from source: 179.107.50.150, port 6948, Saturday, February 05, 2022 15:50:50
      [DoS Attack: SYN/ACK Scan] from source: 111.231.84.21, port 32331, Saturday, February 05, 2022 15:49:04
      [DoS Attack: WinNuke Attack] from source: 122.226.174.130, port 5914, Saturday, February 05, 2022 15:43:21
      [DoS Attack: SYN/ACK Scan] from source: 179.107.54.34, port 17405, Saturday, February 05, 2022 15:25:51
      [DoS Attack: SYN/ACK Scan] from source: 179.107.54.34, port 17405, Saturday, February 05, 2022 15:25:51
      [DoS Attack: SYN/ACK Scan] from source: 179.107.54.34, port 17405, Saturday, February 05, 2022 15:25:51
      [WLAN access allowed] from MAC : 4E:11:BF:AE:65:E3, Saturday, February 05, 2022 15:14:21
      [DHCP IP: 10.0.0.10][Device Name: ] to MAC address 4e:11:bf:ae:65:e3, Saturday, February 05, 2022 15:14:20
      [Access Control] Device Unknown with MAC address 4E:11:BF:AE:65:E3 is allowed to access th, Saturday, February 05, 2022 15:14:20
      [DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, February 05, 2022 15:02:12
      [DoS Attack: ACK Scan] from source: 142.252.252.18, port 22222, Saturday, February 05, 2022 14:45:36
      [DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
      [DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
      [DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
      [DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
      [DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
      [DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
      [DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
      [DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
      [DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
      [DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
      [DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
      [DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
      [DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
      [DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
      [DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
      [DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
      [DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
      [DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
      [DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
      [DoS Attack: SYN/ACK Scan] from source: 111.231.84.21, port 13726, Saturday, February 05, 2022 14:13:07
      [DoS Attack: ACK Scan] from source: 120.79.202.178, port 3559, Saturday, February 05, 2022 13:56:41
      [DoS Attack: RST Scan] from source: 35.247.221.225, port 27018, Saturday, February 05, 2022 13:52:55
      [DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, February 05, 2022 13:51:11

      • michaelkenward's avatar
        michaelkenward
        Guru - Experienced User
        Feb 06, 2022

        Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.

         

        Search - NETGEAR Communities – DoS attacks

         

        Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.

         

        Here is a useful tool for that task:

         

        IPNetInfo: Retrieve IP Address Information from WHOIS servers

         

        If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.

         

        Ravinderjay wrote:

        [DHCP IP: 10.0.0.10][Device Name: ] to MAC address 4e:11:bf:ae:65:e3, Saturday, February 05, 2022 15:14:20

        That sometimes tells us that you are running two routers on your network, with the first one assuming the more usual IP address of 192.168.1.1.

         

        What modem sits in front of your RAX120?

         

        Maybe that is the cause of your original problem.

         

        While many questions about routers are generic and could be answered anywhere, some things need specialist knowledge.

        You might get more help, and find earlier questions and answers specific to your device, in the appropriate section for your hardware. That's probably here:

        Nighthawk Routers with WiFi 6 (AX) - NETGEAR Communities

        I will ask the Netgear moderator to move your message.

        In the meantime you could visit the support pages:

        Support | NETGEAR

        Feed in your model number and check the documentation for your hardware. Look at the label on the device for the model number.

        You may have done this already. I can't tell from your message.

        I mention it because Netgear stopped supplying printed manuals and CD versions some years ago and people sometimes miss the downloads.

         

         

    • michaelkenward's avatar
      michaelkenward
      Guru - Experienced User
      Feb 06, 2022
      FURRYe38 wrote:

      What NG product are you referring too?

       

      My guess is the RAX120 listed in the footer of the first message.

       

      Time to tell them to go somewhere else?