Netgear D7000

For a strange reason I get a lot of dos attacks, I can see them on my router's log activity, maybe it's time to update to a newer model?

The D7000 is quite old, and discontinued.

It's been a long time before a new firmware update comes out. I guess netgear abonded the older router models and focused to the new products.

---

@Gothamin wrote:

For a strange reason I get a lot of dos attacks, I can see them on my router's log activity, maybe it's time to update to a newer model?

 

---

Most of these are probably fake positives.

Have you tried a WHOIS on the IP addresses? They are often down to people like Google, Amazon and other villains.

Hi, thanks for helping me out here.

Forgot to mention I recently upgraded to FTTH internet from a new internet service provider.

My netgear router is connected to a fiber terminal router model Huawei GPON ONT HG8546M optical network terminal. My Internet service provider said I can't reset the modem because I'll loose my internet settings.

Does it get complicated? How about the Huawei router safety? Does it have any vulnerabilities? Should I upgrade to a better fiber ONT router?

No, I didn't check WHOIS website, I just google some IP addresses.

Here it is what I found with a quick search, I got pretty good almost everything with details:

https://www.whois.com/whois/52.49.43.96 -- Amazon Data Services Ireland Limited

https://www.whois.com/whois/84.205.251.62 -- information society S.A.

https://www.whois.com/whois/66.117.28.86 -- adobe systems

https://www.whois.com/whois/54.239.17.86 -- amazon technologies

https://www.whois.com/whois/52.94.232.32 -- amazon technologies

https://www.whois.com/whois/84.205.251.62 -- information society S.A.

https://www.whois.com/whois/66.254.114.41 -- Reflected Networks, Inc

https://www.whois.com/whois/103.40.232.234 -- ShangHai AnchNet Tec, Inc

I also got multiple DoS attacks: UDP Land Attack] from source: 192.168.100.5:XXXX (I can't write the last 4 digits for safety reasons, I can't tell for sure what exactly are these numbers)

https://www.whois.com/whois/52.94.220.16 -- amazon technologies

https://www.whois.com/whois/18.153.6.75 -- amazon technologies

https://www.whois.com/whois/66.117.28.68 -- adobe systems

https://www.whois.com/whois/5.189.180.204 -- CONTABO BMBH

https://www.whois.com/whois/52.97.137.162 -- microsoft corporation

https://www.whois.com/whois/64.233.162.188 -- Google LLC (GOGL)

https://www.whois.com/whois/172.217.22.46 -- Google LLC (GOGL)

https://www.whois.com/whois/13.91.60.30 -- microsoft corporation

These are not all of them, but you got the idea. Each of above IPs hit me multiple times, but I didn't count them.

These are the last log history file. I deleted the previous logs because the file was getting very big.

Am I in a very bad situation? Do you think I should do a clean Operating System installation? Or it doesn't matter what I do, they will hit again and again.

Any help will be much appreciated it.

I know what is all about the ddos attacks purpose. Attackers hit the prestige of a company to destroy the name,  as a result the market shares change accordingly...

---

@Gothamin wrote:

For a strange reason I get a lot of dos attacks, I can see them on my router's log activity,

---

Ignore these - most likley false positives. If your are DoS'ed on a DSL link (even on the new FTTH) ... you won't get any Internet at all.

And no, they don't hit you - these DoS blushes are typically artifacts from unexpectedly closed network connections, e.g. a mobile going out of the house, a notebook going a sleep, a tablet loosing power, a computer switched off without a proper shutdown.

Denial-of-service attack (DoS attack) is a malicious attack to make a machine or network resource unavailable to users, usually by temporarily or indefinitely disrupting services of a host connected to the Internet.

Today, DoS attack is a common cyber-attack on the network. According to the statistics, every three seconds, there is a DoS attack happened on the Internet. The low cost of launching a DoS attack is one of the major causes of frequent DoS attacks.

Some of the most commonly used DoS attack types include:
Ping of Death, Teardrop, WinNuk, UDP flood, TCP SYN flood, IP Spoofing, Land Attack, Smurf, ICMP flood, etc.

Most of my dos attacks are described on my routers log activity as [DoS attack: ACK Scan]

I got a few [DoS attack: IP Spoofing Attack] from my private network.

I noticed I have DoS attack: UDP Land Attack]

It is ok to turn UPnP off? Anyway, I never use devices that works with incoming remote access. I only use my network when I'm home. What are your thoughts?

> It is ok to turn UPnP off? Anyway, I never use devices that works with
> incoming remote access. [...]

   I'd say that the question is whether it's ok to turn it _on_.  If you
don't actually _need_ it, then why enable it?  What can it do for you,
other than to allow malware to communicate better with malefactors?

You and I think a lot alike 😉

Do you think I should upgrade to a newer router? I can't use qos service on mine, firmware is outdated, netgear doesn't seem to support it anymore, and so on...

Maybe this time I should purchase a router with the security in mind as a starting point?

Any recommendations?