NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
What is access log actually showing
I have a Nighthawk, R6700 v2 wireless router. When looking at the access log, I have a question on what is appearing there. Are the items displayed simply items that attempted connection, or are th...
DoS attacks are blocked, period, but are logged. You should not have "Disable Port Scan and DoS Protection" checked on the Advanced tab, on left Setup, WAN setup page. If you uncheck that box you lose that protection and they will get in. No need to block that IP Address as long as that box is unchecked, router never lets them in to even be blocked.
If they ARE legitimate and the router rejected a valid packet, TCP/IP is smart enough to regenerate the packet and it eventually gets to you. If logging in, you might notice it took longer.Multiple DoS entry seconds apart are more than likely to be a real attack, although in some cases it is just someone trying ping you I think. If they are very fast, seconds apart, the router is supposed to shutdown entry for everything for a few minutes, but I have NEVER seen that happen.
O.k., thanks. The ones that I get primarily concerned about are the same type of commentary, but with IP addresses from Russia, China, Turkey, Ukraine, etc. There are the typical port scans, which you can do nothing about, but I am more concerned with the blocking of bad, foreign parties. I had one, from China, two nights ago, which produced at least twenty 'DOS' listings, in a row, in the log. I have that IP as a blocked IP address, was not sure how the router was handling it. I had presumed that if I blocked an IP, it would not show up in the log, as the router would not have allowed access. That came down to the question for me that if an IP was showing up in the access log, did that mean the router HAD allowed access to the IP.
DoS attacks are blocked, period, but are logged. You should not have "Disable Port Scan and DoS Protection" checked on the Advanced tab, on left Setup, WAN setup page. If you uncheck that box you lose that protection and they will get in. No need to block that IP Address as long as that box is unchecked, router never lets them in to even be blocked.
If they ARE legitimate and the router rejected a valid packet, TCP/IP is smart enough to regenerate the packet and it eventually gets to you. If logging in, you might notice it took longer.
Multiple DoS entry seconds apart are more than likely to be a real attack, although in some cases it is just someone trying ping you I think. If they are very fast, seconds apart, the router is supposed to shutdown entry for everything for a few minutes, but I have NEVER seen that happen.
THANKS!! That answers all of my questions. The selections that you mentioned, for blocking, are active and working. I can ignore all of entries, as the router is taking care of what I was worried about. Happiness is!!
It can be entertaining to trace some of those "DOS attacks".
People turn up here with long lists of IP addresses of people they think are attacking them. A quick whois reveals that they often come from Google, Microsoft and places like their own ISP.
Yes, you are correct on that! I spent time looking at my log, doing the standard 'whois', to see what my connection activity was. I learned to recognize the 'standard' ranges from Google, Carbonite, Amazon, and other standard sites, for which I made connections with. I also learned to identify folks that I was not interested in.
For anyone that is looking for a good toolset site to use (and I know there are many out there), a good one is here: https://www.ultratools.com/ .
