- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
C6900 - Repeated DOS Attacks from same source ip
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
C6900 - Repeated DOS Attacks from same source ip
My home internet has been dropping to near 0MBS for the past week. I checked the logs and see the following the below DOS attacks which continue to repeat over and over. I tried calling my provider (Comcast) and they basically said there was nothing they could do. I looked up the source IP (in Thailand) and emailed their abuse email, but seriously doubt that will have any impact.
My Norton Antivirus is up to date.
The only suggestion from Comcast was to return this modem and purchase one that will let me block specific INCOMING IP addresses. Does Netgear offer that - as I can't find it on this model (AC1900-C6900).
Anyone have any other suggestions?
[DoS attack: Ping Of Death] from 1.0.213.112, port 0 | 2 | Sun Mar 11 18:10:02 2018 | 172.97.162.168:0 | 1.0.213.112:0 |
[DoS attack: Teardrop or derivative] from 1.0.213.112, port 0 | 1 | Sun Mar 11 18:09:50 2018 | 172.97.162.168:0 | 1.0.213.112:0 |
[DoS attack: Ping Of Death] from 1.0.213.112, port 0 | 3 | Sun Mar 11 18:08:16 2018 | 25.54.225.1:0 | 1.0.213.112:0 |
[DoS attack: Teardrop or derivative] from 1.0.213.112, port 0 | 1 | Sun Mar 11 18:02:49 2018 | 116.150.69.226:0 | 1.0.213.112:0 |
[DoS attack: Ping Of Death] from 1.0.213.112, port 0 | 2 | Sun Mar 11 18:02:46 2018 | 116.150.69.226:0 | 1.0.213.112:0 |
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: C6900 - Repeated DOS Attacks from same source ip
If Comcast won't block the traffic on their end, then the only way to stop these kinds of attacks is to change your public IP address. If you had a router that was separated from your modem, then changing the router's MAC address will often coax the ISP to assign you a new address. But with a combination modem/router, like the C6900, there's nothing you can do; you can't change the MAC address on a modem/router.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: C6900 - Repeated DOS Attacks from same source ip
When C6900 shows DoS in the logs it could mean that an actual DoS attack is taking place or it could be a false positive. Sometime, certain IPv6 multicast fragmented packets may be mistaken by the C6900 firewall as DoS attack and that will show up in the logs. In most cases, these logs are harmless and should not cause any network degradation. You should not see these false positives with regular IPv6 or IPv4 traffic.
If you believe that these attacks are false positives or not you can try the following work arounds:
- If you have any printers on the network disable the IPv6 on the Printer and use only IPv4 if it supports both IPv4 and IPv6. Many printers with IPv6 enabled will generate IPv6 multicast fragmented packets. If the issue still occurs check other devices on network and use similar approach.
- Disable the DoS attack setting by login to the C6900 Web UI and go to ADVANCED -> Setup -> WAN Setup, then uncheck the “Disable Port Scan and DoS Protection” button by doing this the DoS and Port Scan protection will be enabled.
User | Count |
---|---|
15 | |
8 | |
7 | |
6 | |
2 |
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more