Daily Dos Attacks shutting off internet

aliraza2 · ‎2022-01-13

Hi I'm receiving daily Dos Attacks in my logs which shutoff my internet for upwards of 30minutes if I dont restart my modem and router. The logs look something like this and they happen daily

XR500 pro paired with a CM1000 Modem

[admin login] from source 192.168.1.5, Thursday, January 13, 2022 00:42:05
[UPnP set event: add_nat_rule] from source 192.168.1.5, Thursday, January 13, 2022 00:41:11
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:40:38
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:40:37
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:40:25
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:40:24
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:39:21
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:39:20
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:38:48
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:38:47
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:38:36
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:38:35
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:38:24
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:38:22
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:37:50
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:37:49
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:37:27
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:37:26
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:37:05
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:37:03
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:36:42
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:36:40
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:36:18
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:36:17
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:35:55
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:35:53
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:35:32
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:35:30
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:35:08
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:35:07
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:34:45
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:34:44
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:34:22
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:34:21
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:34:00
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:33:58
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:33:37
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:33:35
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:33:13
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:33:12
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:32:50
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:32:49
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:32:27
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:32:26
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:32:15
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:32:13
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:31:51
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:31:50
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:31:28
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:31:27
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:31:05
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:31:03
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:30:32
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:30:30
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:30:09
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:30:08
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:29:56
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:29:55
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:29:13
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:29:12
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:29:00
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:28:59
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:28:37
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:28:36
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:28:25
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:28:23
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:27:51
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:27:50
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:27:39
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:27:37
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:27:06
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:27:04
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:26:53
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:26:51
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:26:20
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:26:18
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:26:07
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:26:05
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:25:34
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:25:32
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:25:21
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:25:19
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:24:48
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:24:47
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:24:35
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:24:34
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:24:02
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:24:01
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:23:49
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:23:48
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:23:16
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:23:15
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:23:03
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:23:02
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:22:51
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:22:49
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:22:38
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:22:36
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:22:05
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:22:03
[DoS Attack: TCP/UDP Echo] from source: 80.82.77.193, port 59891, Thursday, January 13, 2022 00:21:53
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:21:52
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:21:50
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:20:28
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:20:27
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:20:16
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:20:14
[DoS Attack: SYN/ACK Scan] from source: 156.54.36.151, port 5060, Thursday, January 13, 2022 00:19:57
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:19:43
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:19:41
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:19:20
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:19:18
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:19:07
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:19:06
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:18:54
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:18:53
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:18:21
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:18:19
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:17:48
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:17:47
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:17:35
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:17:34
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:17:23
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:17:21
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:16:49
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:16:48
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:16:26
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:16:25
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:15:53
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:15:52
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:15:41
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:15:39
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:14:27
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:14:26
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:14:14
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:14:12
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:13:41
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:13:39
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:13:28
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:13:26
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:13:05
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:13:04
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:12:53
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:12:51
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:12:20
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:12:18
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:11:57
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:11:55
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:11:34
[DumaOS] applying qos for zone wan, Thursday, January 13, 2022 00:11:33
[DumaOS] applying qos for zone lan, Thursday, January 13, 2022 00:11:22
[DumaOS] applying qos for zone wan, Wednesday, January 12, 2022 23:57:59
[DumaOS] applying qos for zone lan, Wednesday, January 12, 2022 23:57:37
[DumaOS] applying qos for zone wan, Wednesday, January 12, 2022 23:57:36
[DumaOS] applying qos for zone lan, Wednesday, January 12, 2022 23:57:14
[DumaOS] applying qos for zone wan, Wednesday, January 12, 2022 23:57:12
[DumaOS] applying qos for zone lan, Wednesday, January 12, 2022 23:56:51
[DumaOS] applying qos for zone wan, Wednesday, January 12, 2022 23:56:49
[DoS Attack: WinNuke Attack] from source: 218.76.236.71, port 19300, Wednesday, January 12, 2022 23:56:33
[DumaOS] applying qos for zone lan, Wednesday, January 12, 2022 23:56:28
[DumaOS] applying qos for zone wan, Wednesday, January 12, 2022 23:56:26
[DumaOS] applying qos for zone lan, Wednesday, January 12, 2022 23:56:05
[DumaOS] applying qos for zone wan, Wednesday, January 12, 2022 23:56:03
[DumaOS] applying qos for zone lan, Wednesday, January 12, 2022 23:55:41
[DumaOS] applying qos for zone wan, Wednesday, January 12, 2022 23:55:40
[DumaOS] applying qos for zone lan, Wednesday, January 12, 2022 23:55:18

any help appreciated thanks.

aliraza2 · ‎2022-01-13

CrimpOn · ‎2022-01-13

Those log entries are not Denial of Service (DoS). They are reports that the router has applied a Quality of Service (QoS) to a "zone" that was defined by the user. Starting about page 54 of the user manual:

https://www.downloads.netgear.com/files/GDC/XR500/XR500_UM_EN.pdf

There is a discussion in that section about what happens if 100% is allocated to one device, then that effectively shuts off every other device.

Gaming routers are entirely different than 'ordinary' routers, such as the Orbi that we talk about in this forum. You are more likely to find someone who has experience with the XR500 in the gaming forum:

https://community.netgear.com/t5/Nighthawk-Pro-Gaming-Routers/bd-p/en-home-nighthawk-pro-gaming-rout...

aliraza2 · ‎2022-01-14

The Qos is not what i'm worried about as I have it turned on and set to 50%. I'm worried about the

" [DoS Attack: WinNuke Attack] from source: 218.76.236.71, port 19300, Wednesday, January 12, 2022 23:56:33\

[DoS Attack: TCP/UDP Echo] from source: 80.82.77.193, port 59891, Thursday, January 13, 2022 00:21:53

[DoS Attack: SYN/ACK Scan] from source: 156.54.36.151, port 5060, Thursday, January 13, 2022 00:19:57

CrimpOn · ‎2022-01-14

Sorry (My Bad. Yes, those entries were buried in the log file and I missed them.) My Orbi records the same WinNuke events and does not loss internet.

Two Netgear Orbi systems email me their log files every time they fill up, and I have been keeping those logs for over two years.

Denial of Service (DoS) "attacks" are continuous. Every day, both of these routers record dozens. So far this January (13 days), one system has logged 654 and the other 754 DoS entries. (A rate of 50-60 per day.) There have been some weeks when the Internet "goes wild" with some jerk banging away with hundreds of attempts for day after day (until it stops). Neither system has ever lost internet. Not once.

There have been several discussions on the forum about these log entries. The concensus appears to be:

Router firewalls do not accept incomming connections unless a port has been forwarded (deliberately) to a device on the LAN.
There are hooks into the firewall software which detect certain patterns of connection attempts and classify them as "attacks", with the option to record this observation in the router log.
No one seems to have found any documentation as to how these detections routine determine when connection attempts are just "random noise" and then they "fit a pattern".
This detection activity does consume some router CPU cycles. (How much no one has seemed to determine.) It would be interesting to see if disabling the detection/logging activity makes a measurable difference in processor usage.
Whether the router logs these conclusions is an option that can be set. No matter whether they are logged or not, the connections attempts still occur and are still not accepted.

I have no doubt that "something is going on", but have serious doubts that it is these reported Denial of Service attempts.