× Introducing the Orbi 970 Series Mesh System with WiFi 7 technology. For more information visit the NETGEAR Press Room.
Orbi WiFi 7 RBE973
Reply

WNDR4300v2 DoS Attacks HELP!!!

Gamerear19
Aspirant

WNDR4300v2 DoS Attacks HELP!!!

A few months ago my old router went bad so I got the WNDR4300v2. Ever since I got the new router I have noticed alot of dos attacks in the router logs and im unsure if this is normal and is something i should be concerned about or just ignore it. If its normal should I just disable dos attack logging in router settings? Also the router is using the latest firmware. My old router never showed more than 4 or 5 dos attacks per month unlike this router but I have not experienced any loss of internet connection or slowdown of speed even with my log being filled up with these attacks. I know my computer is not infected with any virus/malware because I only use my computer for legit websites and regulary scan my computer with avast and malwarebytes. If it helps I have upnp and remote management disabled on the router.

 

[DoS Attack: SYN/ACK Scan] from source: 199.83.129.95, port 80, Tuesday, November 22, 2016 21:33:17
[DoS Attack: RST Scan] from source: 24.105.29.21, port 80, Tuesday, November 22, 2016 18:54:54
[DoS Attack: SYN/ACK Scan] from source: 154.35.174.2, port 6667, Tuesday, November 22, 2016 16:54:07
[DoS Attack: RST Scan] from source: 24.105.29.21, port 80, Tuesday, November 22, 2016 16:52:38
[DoS Attack: RST Scan] from source: 24.105.29.21, port 80, Tuesday, November 22, 2016 16:00:32
[DoS Attack: ACK Scan] from source: 173.194.63.216, port 443, Tuesday, November 22, 2016 14:30:31
[DoS Attack: ACK Scan] from source: 173.194.132.213, port 443, Tuesday, November 22, 2016 14:05:44
[DoS Attack: RST Scan] from source: 46.137.115.80, port 80, Tuesday, November 22, 2016 12:46:05
[DoS Attack: SYN/ACK Scan] from source: 5.226.176.13, port 80, Tuesday, November 22, 2016 12:03:06
[DoS Attack: ACK Scan] from source: 173.194.132.115, port 443, Tuesday, November 22, 2016 12:00:30
[DoS Attack: ACK Scan] from source: 31.13.71.7, port 443, Tuesday, November 22, 2016 10:31:48
[DoS Attack: SYN/ACK Scan] from source: 51.255.43.40, port 4784, Tuesday, November 22, 2016 09:01:55
[DoS Attack: ACK Scan] from source: 166.98.7.15, port 80, Tuesday, November 22, 2016 08:02:55
[DoS Attack: ACK Scan] from source: 166.98.7.20, port 80, Tuesday, November 22, 2016 08:02:36
[DoS Attack: ACK Scan] from source: 166.98.7.15, port 80, Tuesday, November 22, 2016 08:01:40
[DoS Attack: ACK Scan] from source: 166.98.7.20, port 80, Tuesday, November 22, 2016 08:01:21
[DoS Attack: ACK Scan] from source: 166.98.7.15, port 80, Tuesday, November 22, 2016 08:00:25
[DoS Attack: ACK Scan] from source: 166.98.7.20, port 80, Tuesday, November 22, 2016 08:00:06
[DoS Attack: ACK Scan] from source: 166.98.7.15, port 80, Tuesday, November 22, 2016 07:59:10
[DoS Attack: ACK Scan] from source: 166.98.7.20, port 80, Tuesday, November 22, 2016 07:58:51
[DoS Attack: ACK Scan] from source: 166.98.7.15, port 80, Tuesday, November 22, 2016 07:57:55
[DoS Attack: ACK Scan] from source: 166.98.7.20, port 80, Tuesday, November 22, 2016 07:57:36
[DoS Attack: ACK Scan] from source: 166.98.7.15, port 80, Tuesday, November 22, 2016 07:56:40
[DoS Attack: ACK Scan] from source: 166.98.7.20, port 80, Tuesday, November 22, 2016 07:56:21
[DoS Attack: ACK Scan] from source: 166.98.7.15, port 80, Tuesday, November 22, 2016 07:55:24
[DoS Attack: ACK Scan] from source: 166.98.7.20, port 80, Tuesday, November 22, 2016 07:55:06
[DoS Attack: ACK Scan] from source: 166.98.7.15, port 80, Tuesday, November 22, 2016 07:54:09
[DoS Attack: ACK Scan] from source: 166.98.7.20, port 80, Tuesday, November 22, 2016 07:53:51
[DoS Attack: ACK Scan] from source: 166.98.7.15, port 80, Tuesday, November 22, 2016 07:52:54
[DoS Attack: ACK Scan] from source: 166.98.7.20, port 80, Tuesday, November 22, 2016 07:52:36
[DoS Attack: SYN/ACK Scan] from source: 199.83.131.95, port 80, Tuesday, November 22, 2016 07:35:03
[DoS Attack: SYN/ACK Scan] from source: 162.214.22.88, port 80, Tuesday, November 22, 2016 07:31:41
[DoS Attack: SYN/ACK Scan] from source: 213.32.10.212, port 80, Tuesday, November 22, 2016 06:56:06
[DoS Attack: SYN/ACK Scan] from source: 183.131.49.66, port 80, Tuesday, November 22, 2016 04:25:25
[DoS Attack: SYN/ACK Scan] from source: 103.196.249.5, port 80, Tuesday, November 22, 2016 01:54:23
[DoS Attack: TCP/UDP Chargen] from source: 185.94.111.1, port 36001, Tuesday, November 22, 2016 01:28:02
[DoS Attack: ACK Scan] from source: 166.98.7.25, port 80, Tuesday, November 22, 2016 01:09:04
[DoS Attack: SYN/ACK Scan] from source: 213.88.49.71, port 411, Tuesday, November 22, 2016 01:06:48
[DoS Attack: ACK Scan] from source: 166.98.7.10, port 80, Tuesday, November 22, 2016 00:26:05
[DoS Attack: ACK Scan] from source: 166.98.7.17, port 80, Monday, November 21, 2016 23:54:40
[DoS Attack: ACK Scan] from source: 166.98.7.15, port 80, Monday, November 21, 2016 23:53:39
[DoS Attack: ACK Scan] from source: 166.98.7.17, port 80, Monday, November 21, 2016 23:53:25
[DoS Attack: ACK Scan] from source: 166.98.7.15, port 80, Monday, November 21, 2016 23:44:54
[DoS Attack: TCP/UDP Chargen] from source: 184.105.139.125, port 46366, Monday, November 21, 2016 23:13:10
[DoS Attack: SYN/ACK Scan] from source: 52.169.89.24, port 80, Monday, November 21, 2016 22:43:02
[DoS Attack: SYN/ACK Scan] from source: 52.169.89.24, port 80, Monday, November 21, 2016 18:06:11
[DoS Attack: SYN/ACK Scan] from source: 138.201.205.145, port 10442, Monday, November 21, 2016 17:58:44
[DoS Attack: RST Scan] from source: 109.50.82.15, port 44126, Monday, November 21, 2016 17:42:48
[DoS Attack: SYN/ACK Scan] from source: 52.169.89.24, port 80, Monday, November 21, 2016 17:30:02
[DoS Attack: RST Scan] from source: 52.3.48.122, port 7171, Monday, November 21, 2016 17:27:26
[DoS Attack: RST Scan] from source: 24.105.29.21, port 80, Monday, November 21, 2016 16:10:11
[DoS Attack: ACK Scan] from source: 166.98.7.11, port 80, Monday, November 21, 2016 14:58:44
[DoS Attack: ACK Scan] from source: 166.98.7.13, port 80, Monday, November 21, 2016 14:58:25
[DoS Attack: ACK Scan] from source: 166.98.7.11, port 80, Monday, November 21, 2016 14:57:30
[DoS Attack: ACK Scan] from source: 166.98.7.13, port 80, Monday, November 21, 2016 14:57:12
[DoS Attack: ACK Scan] from source: 166.98.7.11, port 80, Monday, November 21, 2016 14:56:14
[DoS Attack: ACK Scan] from source: 166.98.7.13, port 80, Monday, November 21, 2016 14:55:55
[DoS Attack: ACK Scan] from source: 166.98.7.11, port 80, Monday, November 21, 2016 14:54:59
[DoS Attack: ACK Scan] from source: 166.98.7.13, port 80, Monday, November 21, 2016 14:54:40
[DoS Attack: ACK Scan] from source: 166.98.7.11, port 80, Monday, November 21, 2016 14:53:44
[DoS Attack: ACK Scan] from source: 166.98.7.13, port 80, Monday, November 21, 2016 14:53:25
[DoS Attack: ACK Scan] from source: 166.98.7.11, port 80, Monday, November 21, 2016 14:52:29
[DoS Attack: ACK Scan] from source: 166.98.7.13, port 80, Monday, November 21, 2016 14:52:11
[DoS Attack: ACK Scan] from source: 166.98.7.11, port 80, Monday, November 21, 2016 14:51:14
[DoS Attack: ACK Scan] from source: 166.98.7.13, port 80, Monday, November 21, 2016 14:50:56
[DoS Attack: ACK Scan] from source: 166.98.7.11, port 80, Monday, November 21, 2016 14:49:59
[DoS Attack: ACK Scan] from source: 166.98.7.13, port 80, Monday, November 21, 2016 14:49:41
[DoS Attack: ACK Scan] from source: 166.98.7.11, port 80, Monday, November 21, 2016 14:48:44
[DoS Attack: ACK Scan] from source: 166.98.7.13, port 80, Monday, November 21, 2016 14:48:25
[DoS Attack: SYN/ACK Scan] from source: 188.165.244.152, port 5080, Monday, November 21, 2016 14:41:25
[DoS Attack: RST Scan] from source: 164.132.209.37, port 22, Monday, November 21, 2016 10:11:01
[DoS Attack: SYN/ACK Scan] from source: 87.226.154.130, port 80, Monday, November 21, 2016 07:57:01
[DoS Attack: ACK Scan] from source: 166.98.7.17, port 80, Monday, November 21, 2016 07:39:52
[DoS Attack: SYN/ACK Scan] from source: 121.42.187.114, port 7000, Monday, November 21, 2016 06:47:46
[DoS Attack: SYN/ACK Scan] from source: 87.226.154.130, port 80, Monday, November 21, 2016 06:17:35
[DoS Attack: SYN/ACK Scan] from source: 188.165.244.152, port 5080, Monday, November 21, 2016 06:04:35
[DoS Attack: SYN/ACK Scan] from source: 46.105.29.136, port 4784, Monday, November 21, 2016 02:36:21
[DoS Attack: SYN/ACK Scan] from source: 87.226.154.130, port 80, Monday, November 21, 2016 02:11:08
[DoS Attack: ACK Scan] from source: 166.98.7.17, port 80, Monday, November 21, 2016 01:41:51
[DoS Attack: ACK Scan] from source: 166.98.7.12, port 80, Monday, November 21, 2016 01:41:32
[DoS Attack: ACK Scan] from source: 166.98.7.17, port 80, Monday, November 21, 2016 01:40:36
[DoS Attack: ACK Scan] from source: 166.98.7.12, port 80, Monday, November 21, 2016 01:40:17
[DoS Attack: ACK Scan] from source: 166.98.7.17, port 80, Monday, November 21, 2016 01:39:21
[DoS Attack: ACK Scan] from source: 166.98.7.12, port 80, Monday, November 21, 2016 01:39:02
[DoS Attack: ACK Scan] from source: 166.98.7.17, port 80, Monday, November 21, 2016 01:38:06
[DoS Attack: ACK Scan] from source: 166.98.7.12, port 80, Monday, November 21, 2016 01:37:47
[DoS Attack: ACK Scan] from source: 166.98.7.17, port 80, Monday, November 21, 2016 01:36:51
[DoS Attack: ACK Scan] from source: 166.98.7.12, port 80, Monday, November 21, 2016 01:36:32
[DoS Attack: ACK Scan] from source: 166.98.7.17, port 80, Monday, November 21, 2016 01:35:36
[DoS Attack: ACK Scan] from source: 166.98.7.12, port 80, Monday, November 21, 2016 01:35:17
[DoS Attack: ACK Scan] from source: 166.98.7.17, port 80, Monday, November 21, 2016 01:34:21
[DoS Attack: ACK Scan] from source: 166.98.7.12, port 80, Monday, November 21, 2016 01:34:02
[DoS Attack: ACK Scan] from source: 166.98.7.17, port 80, Monday, November 21, 2016 01:33:06
[DoS Attack: ACK Scan] from source: 166.98.7.12, port 80, Monday, November 21, 2016 01:32:47
[DoS Attack: ACK Scan] from source: 166.98.7.17, port 80, Monday, November 21, 2016 01:31:51
[DoS Attack: ACK Scan] from source: 166.98.7.12, port 80, Monday, November 21, 2016 01:31:32
[DoS Attack: ACK Scan] from source: 194.54.14.131, port 443, Monday, November 21, 2016 01:07:40
[DoS Attack: SYN/ACK Scan] from source: 103.194.169.225, port 80, Monday, November 21, 2016 00:30:41
[DoS Attack: TCP/UDP Chargen] from source: 184.105.139.105, port 35617, Monday, November 21, 2016 00:09:12
[DoS Attack: ACK Scan] from source: 194.54.14.131, port 443, Sunday, November 20, 2016 23:44:52
[DoS Attack: SYN/ACK Scan] from source: 87.226.154.130, port 80, Sunday, November 20, 2016 22:38:46
[DoS Attack: RST Scan] from source: 24.105.29.21, port 80, Sunday, November 20, 2016 22:13:00
[DoS Attack: SYN/ACK Scan] from source: 87.226.154.130, port 80, Sunday, November 20, 2016 22:11:43
[DoS Attack: RST Scan] from source: 24.105.29.21, port 80, Sunday, November 20, 2016 22:05:23
[DoS Attack: SYN/ACK Scan] from source: 87.226.154.130, port 80, Sunday, November 20, 2016 21:39:22
[DoS Attack: RST Scan] from source: 14.169.73.243, port 64092, Sunday, November 20, 2016 21:35:40
[DoS Attack: SYN/ACK Scan] from source: 52.169.89.24, port 80, Sunday, November 20, 2016 21:20:01
[DoS Attack: SYN/ACK Scan] from source: 87.226.154.130, port 80, Sunday, November 20, 2016 20:51:02
[DoS Attack: SYN/ACK Scan] from source: 178.33.196.162, port 14300, Sunday, November 20, 2016 20:48:38
[DoS Attack: SYN/ACK Scan] from source: 87.226.154.130, port 80, Sunday, November 20, 2016 20:11:35
[DoS Attack: SYN/ACK Scan] from source: 52.169.89.24, port 80, Sunday, November 20, 2016 19:30:05
[DoS Attack: SYN/ACK Scan] from source: 123.234.5.214, port 7000, Sunday, November 20, 2016 19:09:10
[DoS Attack: SYN/ACK Scan] from source: 87.226.154.130, port 80, Sunday, November 20, 2016 16:57:20

Model: WNDR4300v2|N750 Wireless Dual Band Gigabit Router
Message 1 of 4

Accepted Solutions
TheEther
Guru

Re: WNDR4300v2 DoS Attacks HELP!!!

I spot checked a few of the IP addresses and none of them look like they would really be the source of any DoS attacks.  A few of us here think that Netgear's DoS attack detection heuristics are borked on some of their routers.  You can actually select Disable Port Scan and DoS Protection in WAN Setup on the router.  This will disable the heuristics.  This won't disable the firewall, so you'll still have basic protection.

 

If you are not comfortable with this, then you could just choose to ignore them.  Except for a few small bursts, the frequency of these logs is not that high.  

View solution in original post

Message 2 of 4

All Replies
TheEther
Guru

Re: WNDR4300v2 DoS Attacks HELP!!!

I spot checked a few of the IP addresses and none of them look like they would really be the source of any DoS attacks.  A few of us here think that Netgear's DoS attack detection heuristics are borked on some of their routers.  You can actually select Disable Port Scan and DoS Protection in WAN Setup on the router.  This will disable the heuristics.  This won't disable the firewall, so you'll still have basic protection.

 

If you are not comfortable with this, then you could just choose to ignore them.  Except for a few small bursts, the frequency of these logs is not that high.  

Message 2 of 4
Gamerear19
Aspirant

Re: WNDR4300v2 DoS Attacks HELP!!!

Im not really comfortable turning off the dos protection. Since it seems like these are all false attacks and nothing to be concerned about would it be a good idea just to turn off dos attacks logging so it wont show in router logs?
Message 3 of 4
TheEther
Guru

Re: WNDR4300v2 DoS Attacks HELP!!!

Well, that's a different way to sweep it under the rug. Of course, if there's a real DoS attack, that won't be logged either.

How about doing nothing? There's really no harm keeping them in the logs.
Message 4 of 4
Discussion stats
  • 3 replies
  • 7840 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 7