NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Cvaughn8086's avatar
Cvaughn8086
Aspirant
Oct 11, 2021

R8000P Dos attack:fraggle attack from 10.3.0.1

EVery few tenths of a second I see a log entry for [dos attack : fraggle attack] from source 10.3.0.1, port 67.   10.3.0.1 is a private ip but not one I use in my local network.  The kid's laptop will start to see sluggish internet download speeds and sometimes will be reduced to just kB/sec.  a router reboot is required to remove it from that state.  Oddly, the one laptop is the only device impacted.  Not sure how to tell if this is a false positive or legit and how to stop it, regardless.  I just upgraded to firmware version 1.4.2.84 today but no change.  Any assistance is greatly appreciated.  Thanks. 

3 Replies

  • FURRYe38's avatar
    FURRYe38
    Guru - Experienced User

    What Firmware version is currently loaded?
    What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

    • microchip8's avatar
      microchip8
      Master

      NG is notoriously known for many false positives. 99% of all "DoS attacks" are from legitimate sources.. I suggest turning off logging of DoS entries or completely turning off DoS protection as it is mostly useless.

    • Cvaughn8086's avatar
      Cvaughn8086
      Aspirant

      Firmware version is:  V1.4.2.84_1.3.42

       

      Modem make/model is:  Arris SB8200

       

      FYI, I enabled netgear armor to see if that would help, but it didn't.  I still see the attacks in the logs and the same laptop was reduced down to less than 3mb/sec download speed today.  Had to restart the router to restore normal download speeds.