Having frequent DoS Attacks last couple months:
SYNC FLOOD or UDP SCAN or ECHO CHAR GEN
Netgear's brochure for this NightHawk C7800 says:
SECURITY
- Denial-of-service (DoS) attack prevention
However, it does not seem to be prevented! The basic problem is with WiFi disruption to service: My WiFi extender (NightHawk AC2200) drops devices (one gave mesages: need to log into net gear). At other times, my Amazon Echo (Alexa) says: having problems connecting to the internet. I've also lost access to my security camera. According to the log, theses "Denial of Service Attacks" are initiating from various places: Cypress, Russia, China, and a few from USA IP Addresses. I know these may be "spoofed" (?) [fake addresses] but some of them are consistent.
Q. Does anyone know what Netgear means by "preventing" such attacks? They do seem to be a continuing nuisance to me and my connected devices!
Here is log from this morning (1/29/2018):
[admin login] from source 192.168.0.2, Mon, Jan 29, 2018 09:27:21
[UPnP set event: AddPortMapping] from source 192.168.0.2, Mon, Jan 29, 2018 09:24:33
[Time synchronized with NTP server] Mon, Jan 29, 2018 09:24:19
V NOT SURE WHY ENTRIES BELOW ARE USING 1969 DATES ???? V
[DHCP IP: (192.168.0.36)] to MAC address 50:c7:bf:00:92:1c, Wed, Dec 31, 1969 16:01:55
[DHCP IP: (192.168.0.23)] to MAC address 7a:b3:b9:01:8f:fe, Wed, Dec 31, 1969 16:01:39
[DHCP IP: (192.168.0.12)] to MAC address 50:c7:bf:02:b7:5b, Wed, Dec 31, 1969 16:01:37
[DHCP IP: (192.168.0.37)] to MAC address f0:6e:0b:14:cd:08, Wed, Dec 31, 1969 16:01:24
[DHCP IP: (192.168.0.4)] to MAC address dc:ef:ca:c8:e2:40, Wed, Dec 31, 1969 16:01:21
[DHCP IP: (192.168.0.30)] to MAC address 80:d2:1d:1c:5d:52, Wed, Dec 31, 1969 16:01:19
[DHCP IP: (192.168.0.10)] to MAC address 34:d2:70:a4:94:40, Wed, Dec 31, 1969 16:01:19
[DHCP IP: (192.168.0.14)] to MAC address 60:02:b4:c9:52:a8, Wed, Dec 31, 1969 16:01:18
[Internet connected] IP address: 73.92.144.179, Wed, Dec 31, 1969 16:01:15
[DHCP IP: (192.168.0.25)] to MAC address b0:b9:8a:65:b5:17, Wed, Dec 31, 1969 16:01:11
[DHCP IP: (192.168.0.9)] to MAC address a4:5d:36:20:61:07, Wed, Dec 31, 1969 16:01:10
[DHCP IP: (192.168.0.11)] to MAC address 50:c7:bf:02:bf:6c, Wed, Dec 31, 1969 16:01:09
[DHCP IP: (192.168.0.2)] to MAC address 34:17:eb:af:0c:a9, Wed, Dec 31, 1969 16:00:52
[Initialized, firmware version: V3.01.38] Thu, Jan 01, 1970 00:00:07
^^^^^ NOT SURE WHY ABOVE ENTRIES SHOW 1970 AND 1969 DATES ???? ^^^^^^
REBOOTED MODEM/ROUTER MON, JAN 28, 2018 APPROXIMATELY 09:24:00
[DoS attack: Sync flood] from source: 5.8.18.77, port 65534, Mon, Jan 29, 2018 08:52:48
WHOIS Source: RIPE NCC, IP Address: 5.8.18.77, Country: Cyprus
[DoS attack: UDP Scan] from source: 113.96.223.207, port 58908, Mon, Jan 29, 2018 08:05:34
WHOIS Source: CHINA TELECOM, IP Address: 113.96.223.207, Country: China
[DoS attack: UDP Scan] from source: 185.94.111.1, port 48098, Mon, Jan 29, 2018 05:49:56
Location: Moscow, Russia - 185.94.111.1 is a static assigned Cable/DSL IP address allocated to HLL LLC.
[DoS attack: Echo char gen] from source: 139.212.93.68, port 57737, Mon, Jan 29, 2018 05:40:09
IP Address: 139.212.93.68 IP Location: CHINA
[DoS attack: Echo char gen] from source: 125.64.94.208, port 33868, Mon, Jan 29, 2018 05:18:56
125.64.94.208 ISP ChinaNet Sichuan Province Network Country China | |
[UPnP set event: AddPortMapping] from source 192.168.0.2, Mon, Jan 29, 2018 05:16:12
[DoS attack: UDP Scan] from source: 185.94.111.1, port 35655, Mon, Jan 29, 2018 03:39:36
Location: Moscow, Russia - 185.94.111.1 is a static assigned Cable/DSL IP address allocated to HLL LLC.
[DoS attack: Echo char gen] from source: 173.82.2.223, port 4545, Mon, Jan 29, 2018 02:42:16
173.82.2.223 CLOUDCONE, LLC UNITED STATES MINDEN, NEVADA
[DoS attack: Echo char gen] from source: 184.105.139.77, port 27033, Sun, Jan 28, 2018 22:12:02
184.105.139.77 HURRICANE ELECTRIC DENVER, COLORADO
[DoS attack: UDP Scan] from source: 155.94.89.58, port 43326, Sun, Jan 28, 2018 21:32:28
155.94.89.58 NODES DIRECT JACKSONVILLE, FLORIDA
[UPnP set event: DeletePortMapping] from source 192.168.0.7, Sun, Jan 28, 2018 20:54:03
[UPnP set event: DeletePortMapping] from source 192.168.0.8, Sun, Jan 28, 2018 20:53:59
[UPnP set event: DeletePortMapping] from source 192.168.0.37, Sun, Jan 28, 2018 20:38:33
[DoS attack: Echo char gen] from source: 45.63.59.155, port 4545, Sun, Jan 28, 2018 20:30:09
45.63.59.155 Vultr Holdings LLC Los Angeles, CA
[DoS attack: Echo char gen] from source: 52.73.169.169, port 45846, Sun, Jan 28, 2018 19:59:01
52.73.169.169 hostile Malicious Host Amazon Technologies Inc. Ashburn, Virginia | |
