NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Getting DDoS attacks constantly.
I am having trouble changing my IP address. Someone keeps crashing my pc. I want to know how I can change my IP address. I have called xfinity but they told me it was static and can’t be changed! I ha...
I am using a NG NightHawk RAX 120. This is the log of what is happening. Can you please assist.
[DoS Attack: SYN/ACK Scan] from source: 162.241.216.182, port 443, Saturday, February 05, 2022 15:55:35
[DoS Attack: RST Scan] from source: 179.107.50.150, port 6948, Saturday, February 05, 2022 15:50:50
[DoS Attack: SYN/ACK Scan] from source: 111.231.84.21, port 32331, Saturday, February 05, 2022 15:49:04
[DoS Attack: WinNuke Attack] from source: 122.226.174.130, port 5914, Saturday, February 05, 2022 15:43:21
[DoS Attack: SYN/ACK Scan] from source: 179.107.54.34, port 17405, Saturday, February 05, 2022 15:25:51
[DoS Attack: SYN/ACK Scan] from source: 179.107.54.34, port 17405, Saturday, February 05, 2022 15:25:51
[DoS Attack: SYN/ACK Scan] from source: 179.107.54.34, port 17405, Saturday, February 05, 2022 15:25:51
[WLAN access allowed] from MAC : 4E:11:BF:AE:65:E3, Saturday, February 05, 2022 15:14:21
[DHCP IP: 10.0.0.10][Device Name: ] to MAC address 4e:11:bf:ae:65:e3, Saturday, February 05, 2022 15:14:20
[Access Control] Device Unknown with MAC address 4E:11:BF:AE:65:E3 is allowed to access th, Saturday, February 05, 2022 15:14:20
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, February 05, 2022 15:02:12
[DoS Attack: ACK Scan] from source: 142.252.252.18, port 22222, Saturday, February 05, 2022 14:45:36
[DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
[DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
[DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
[DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
[DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
[DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
[DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
[DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
[DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
[DoS Attack: RST Scan] from source: 179.107.49.13, port 25220, Saturday, February 05, 2022 14:45:08
[DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
[DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
[DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
[DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
[DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
[DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
[DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
[DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
[DoS Attack: SYN/ACK Scan] from source: 179.107.48.81, port 36409, Saturday, February 05, 2022 14:28:10
[DoS Attack: SYN/ACK Scan] from source: 111.231.84.21, port 13726, Saturday, February 05, 2022 14:13:07
[DoS Attack: ACK Scan] from source: 120.79.202.178, port 3559, Saturday, February 05, 2022 13:56:41
[DoS Attack: RST Scan] from source: 35.247.221.225, port 27018, Saturday, February 05, 2022 13:52:55
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, February 05, 2022 13:51:11
Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.
Search - NETGEAR Communities – DoS attacks
Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.
Here is a useful tool for that task:
IPNetInfo: Retrieve IP Address Information from WHOIS servers
If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.
Ravinderjay wrote:
[DHCP IP: 10.0.0.10][Device Name: ] to MAC address 4e:11:bf:ae:65:e3, Saturday, February 05, 2022 15:14:20
That sometimes tells us that you are running two routers on your network, with the first one assuming the more usual IP address of 192.168.1.1.
What modem sits in front of your RAX120?
Maybe that is the cause of your original problem.
While many questions about routers are generic and could be answered anywhere, some things need specialist knowledge.
You might get more help, and find earlier questions and answers specific to your device, in the appropriate section for your hardware. That's probably here:
Nighthawk Routers with WiFi 6 (AX) - NETGEAR Communities
I will ask the Netgear moderator to move your message.
In the meantime you could visit the support pages:
Support | NETGEAR
Feed in your model number and check the documentation for your hardware. Look at the label on the device for the model number.
You may have done this already. I can't tell from your message.
I mention it because Netgear stopped supplying printed manuals and CD versions some years ago and people sometimes miss the downloads.
- I used Whois.net and they are from China and Brazil. I think they are malicious attacks on me!
179.107.48.81 is from someone named LULIV4! I know no one or have gone to any websites that are not located in the usa. Even with my VPN enabled I use the fastest connection!
Ravinderjay wrote:
I used Whois.net and they are from China and Brazil. I think they are malicious attacks on me!
179.107.48.81 is from someone named LULIV4! I know no one or have gone to any websites that are not located in the usa. Even with my VPN enabled I use the fastest connection!My search found nothing in China or Brazil. A few in Uruguay. Rambla Republica de Mexico 6125
I used this:
IPNetInfo: Retrieve IP Address Information from WHOIS servers
- Are they safe or are they malicious?
- My modem is a Motorola MB8611
- What do you mean with “plain vanilla modem”?
I found nothing in the search box pertaining to my modem. I have a Motorola MB8611.
I am just going to return the NG router my sister has a TP link and in her Logs I see no logs like I have. turning off the DoS log doesn't mean someone is not attacking me with bots just because they do not appear in the log. The bottom line is there still is an underlying issue. Especially the WinNuke attack which crashed my PC. I did use Whois.net the other one is so convuluted that I dont know how to begin to use it. Maybe you just want me to go away. But there is issue with NG routers if any one can spam your router with Dos Attack!