NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Nighthawk AC2300 - False DoS attack interrupts connection of my streaming quotes program
I recently installed the AC2300. No major issues other than, the connection of a streaming quote program I use keeps gettin interrupted. I looked at the log and found:
"[DoS attack: ACK Scan] attack packets in last 20 sec from ip [162.93.226.108], Tuesday, Jan 19,2021 14:02:36"
The time matches the connection interruption, the ip is the quote server from Schwab.
How can I keep this from happening? Is there a way to "whitelist" an ip or an ip range like: 162.93.226.0/24.
Thanks for any help.
Not really, since most are false positives. If a hacker wants to infiltrate your router, there are better ways to do it. DoS is really about pushing so much at the router that he can't handle that much and chokes. NETGEAR's "protection" is really flawed hence for so many false positives. I've run my R7800 for 3+ years now without DoS protection and no one has gained access to my network or bombarded the router so much it can not handle the flood.
6 Replies
There's no way to white/blacklist such IPs. The best way is to completely disable DoS protection which puts extra strain on the router. It's full of false positives too
Thanks for the feedback mirochip8 , but isn't that risky?
Not really, since most are false positives. If a hacker wants to infiltrate your router, there are better ways to do it. DoS is really about pushing so much at the router that he can't handle that much and chokes. NETGEAR's "protection" is really flawed hence for so many false positives. I've run my R7800 for 3+ years now without DoS protection and no one has gained access to my network or bombarded the router so much it can not handle the flood.
microchip8 wrote:
The best way is to completely disable DoS protection which puts extra strain on the router.
Do not disable DoS protection. (Is it even possible?) It isn't necessary and doesn't fix the problem described.
Just disable logging of DoS attacks.
Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.
Search - NETGEAR Communities – DoS attacks
Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.
Here is a useful tool for that task:
IPNetInfo: Retrieve IP Address Information from WHOIS servers
If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.
Hi Michael,
Please read my original question at the top of the thread, you obviously didn't.
Hence: "who's behind some of them". It's RIGHT there on the first post. That's how I knew, well, everything I wrote there.
