Reply
Highlighted

[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17 [DoS

I have just setup and started to use a Nighthawk XR500 (Previously using R1 with DumaOS installed), when I looked at the log all I could see was [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985 (This is the routers IP address) . It seems to happen multiple times a minute,  the port address changes, and the internet seems to reconnect occasionally.

 

The firmware is upto date. I have to have my router connected to the houses main router, though it does come through a DMZ. The R1 worked fine without any complaints with this configuration. Do you have any suggestions?

 

What follows is a small sample of the Routers log:-

 

[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 48311, Monday, March 04, 2019 14:33:58
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 48311, Monday, March 04, 2019 14:33:58
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 48311, Monday, March 04, 2019 14:33:58
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 48311, Monday, March 04, 2019 14:33:58

 

 

 

 

 

 

Model: XR500| Nighthawk Pro Gaming Router
Message 1 of 7

Accepted Solutions
Highlighted
Guru

Re: [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17

Ah, That explains it. Yes, having another router infront of the XR router would probably generate this condition. This would be a double NAT condition which isn't recommended.

 

What happens if you replace the TP=Link router with the XR router? I presume it would work well. 

 

FYI, I tried the AC5400, nice and all. Not good for multiple game consoles playing same game at the same time and forum support is lacking. Also upgrading FW, you can revert back FW versions either. I sent mine back. 


@Mrbchambers wrote:

Sorry I should have told you this from the start, my current configuration is:- TP-Link N600 Model TD-W9980 in bridge mode, to supply a VDSL connection (Via PPOE) to a TP-Link AC5400 gaming router, and then onto the XR500.

 

I removed the XR from the main host routers DMZ as you suggested, and I couldn't see any reduction in generation of [DoS Attack: IP Spoofing] from source: 192.168.1.1messages. Also I have removed all wired access, and wireless access, and left the routers to do their own thing. On reconnection of this (imac) machine the log seems to have the same number of entries as it would have with everything connected.


 


My Setup (Cable 900Mbps/50Mbps)>CAX80>RBK50 v2.7.0.70(AP Mode)
Additional NG HW: C7800/CM1100/CM1200/CM2000, Orbi CBK40, RBK853, R7800, R7960P,
EX7500/EX7700, XR450 and WNHDE111

View solution in original post

Message 5 of 7

All Replies
Highlighted
Guru

Re: [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17

What is the Mfr and model# of the ISP modem the NG router is connected too?

 

What happens if you remove the XR router from the main host routers DMZ? 


@Mrbchambers wrote:

I have just setup and started to use a Nighthawk XR500 (Previously using R1 with DumaOS installed), when I looked at the log all I could see was [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985 (This is the routers IP address) . It seems to happen multiple times a minute,  the port address changes, and the internet seems to reconnect occasionally.

 

The firmware is upto date. I have to have my router connected to the houses main router, though it does come through a DMZ. The R1 worked fine without any complaints with this configuration. Do you have any suggestions?

 

What follows is a small sample of the Routers log:-

 

[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 48311, Monday, March 04, 2019 14:33:58
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 48311, Monday, March 04, 2019 14:33:58
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 48311, Monday, March 04, 2019 14:33:58
[DoS Attack: IP Spoofing] from source: 192.168.1.1, port 48311, Monday, March 04, 2019 14:33:58

 

 

 

 

 

 


 


My Setup (Cable 900Mbps/50Mbps)>CAX80>RBK50 v2.7.0.70(AP Mode)
Additional NG HW: C7800/CM1100/CM1200/CM2000, Orbi CBK40, RBK853, R7800, R7960P,
EX7500/EX7700, XR450 and WNHDE111
Message 2 of 7
Highlighted

Re: [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17

Sorry I should have told you this from the start, my current configuration is:- TP-Link N600 Model TD-W9980 in bridge mode, to supply a VDSL connection (Via PPOE) to a TP-Link AC5400 gaming router, and then onto the XR500.

 

I removed the XR from the main host routers DMZ as you suggested, and I couldn't see any reduction in generation of [DoS Attack: IP Spoofing] from source: 192.168.1.1messages. Also I have removed all wired access, and wireless access, and left the routers to do their own thing. On reconnection of this (imac) machine the log seems to have the same number of entries as it would have with everything connected.

Message 3 of 7
Highlighted
NetDuma Partner

Re: [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17

Hi Mrb - just going to paste our response that we gave to you on our own forum, so anyone searching for this topic will see it in future:

 

Logs are a NETGEAR feature, and they're very sensitive, so I wouldn't be too concerned.

 

If you Google your issue, the conclusion is that it's likely to be nothing to worry about (read all of this thread for example: https://arstechnica.com/civis/viewtopic.php?f=10&t=1321917)

 

If you're still concerned, I recommend you give NETGEAR's support a call: https://www.netgear.com/support/contact.aspx

 

Hope that helps.

Message 4 of 7
Highlighted
Guru

Re: [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17

Ah, That explains it. Yes, having another router infront of the XR router would probably generate this condition. This would be a double NAT condition which isn't recommended.

 

What happens if you replace the TP=Link router with the XR router? I presume it would work well. 

 

FYI, I tried the AC5400, nice and all. Not good for multiple game consoles playing same game at the same time and forum support is lacking. Also upgrading FW, you can revert back FW versions either. I sent mine back. 


@Mrbchambers wrote:

Sorry I should have told you this from the start, my current configuration is:- TP-Link N600 Model TD-W9980 in bridge mode, to supply a VDSL connection (Via PPOE) to a TP-Link AC5400 gaming router, and then onto the XR500.

 

I removed the XR from the main host routers DMZ as you suggested, and I couldn't see any reduction in generation of [DoS Attack: IP Spoofing] from source: 192.168.1.1messages. Also I have removed all wired access, and wireless access, and left the routers to do their own thing. On reconnection of this (imac) machine the log seems to have the same number of entries as it would have with everything connected.


 


My Setup (Cable 900Mbps/50Mbps)>CAX80>RBK50 v2.7.0.70(AP Mode)
Additional NG HW: C7800/CM1100/CM1200/CM2000, Orbi CBK40, RBK853, R7800, R7960P,
EX7500/EX7700, XR450 and WNHDE111

View solution in original post

Message 5 of 7
Highlighted

Re: [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17


@FURRYe38 wrote:

Ah, That explains it. Yes, having another router infront of the XR router would probably generate this condition. This would be a double NAT condition which isn't recommended.

 

What happens if you replace the TP=Link router with the XR router? I presume it would work well. 

 

FYI, I tried the AC5400, nice and all. Not good for multiple game consoles playing same game at the same time and forum support is lacking. Also upgrading FW, you can revert back FW versions either. I sent mine back. 


@Mrbchambers wrote:

Sorry I should have told you this from the start, my current configuration is:- TP-Link N600 Model TD-W9980 in bridge mode, to supply a VDSL connection (Via PPOE) to a TP-Link AC5400 gaming router, and then onto the XR500.

 

I removed the XR from the main host routers DMZ as you suggested, and I couldn't see any reduction in generation of [DoS Attack: IP Spoofing] from source: 192.168.1.1messages. Also I have removed all wired access, and wireless access, and left the routers to do their own thing. On reconnection of this (imac) machine the log seems to have the same number of entries as it would have with everything connected.


 


That worked, no more DoS Attack:IP Spoofing messages, well if I do get them at least I will be able to see them!

 

Thank you.

 

Re the TP-Link AC5400, I may just sell  it. 

 

Thank you againg really appreciate this.

Message 6 of 7
Highlighted
Guru

Re: [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985, Monday, March 04, 2019 14:34:17

Glad that worked. Ya, I think the 5400 is ok. Lacks a few things. I was not impressed by there forum support. Zero Reponses there to questions I posted. Nothing much from officials there. I returned mine. 

 

Please mark your post as solved so others will know for future reference. 

 

Enjoy the XR router. Smiley Wink


@Mrbchambers wrote:

@FURRYe38 wrote:

Ah, That explains it. Yes, having another router infront of the XR router would probably generate this condition. This would be a double NAT condition which isn't recommended.

 

What happens if you replace the TP=Link router with the XR router? I presume it would work well. 

 

FYI, I tried the AC5400, nice and all. Not good for multiple game consoles playing same game at the same time and forum support is lacking. Also upgrading FW, you can revert back FW versions either. I sent mine back. 


@Mrbchambers wrote:

Sorry I should have told you this from the start, my current configuration is:- TP-Link N600 Model TD-W9980 in bridge mode, to supply a VDSL connection (Via PPOE) to a TP-Link AC5400 gaming router, and then onto the XR500.

 

I removed the XR from the main host routers DMZ as you suggested, and I couldn't see any reduction in generation of [DoS Attack: IP Spoofing] from source: 192.168.1.1messages. Also I have removed all wired access, and wireless access, and left the routers to do their own thing. On reconnection of this (imac) machine the log seems to have the same number of entries as it would have with everything connected.


 


That worked, no more DoS Attack:IP Spoofing messages, well if I do get them at least I will be able to see them!

 

Thank you.

 

Re the TP-Link AC5400, I may just sell  it. 

 

Thank you againg really appreciate this.


 


My Setup (Cable 900Mbps/50Mbps)>CAX80>RBK50 v2.7.0.70(AP Mode)
Additional NG HW: C7800/CM1100/CM1200/CM2000, Orbi CBK40, RBK853, R7800, R7960P,
EX7500/EX7700, XR450 and WNHDE111
Message 7 of 7
Top Contributors
Discussion stats
  • 6 replies
  • 3394 views
  • 2 kudos
  • 3 in conversation
Announcements