Discussion stats
  • 5 replies
  • 174 views
  • 0 kudos
  • 3 in conversation
Announcements

Top Contributors
Reply
Highlighted
Aspirant

DoS Attacks

I am using the MR60 Wifi 6 Mesh with no ISP router as i have FTTP Full Fibre 900, but i am receiving attacks! What should i do?

 

DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, Aug 01,2020 14:13:04
[DHCP IP: (10.0.0.13)] to MAC address 94:9F:3E:05:78:1C, Saturday, Aug 01,2020 14:12:15
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, Aug 01,2020 14:10:59
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, Aug 01,2020 14:08:54
[DHCP IP: (10.0.0.13)] to MAC address 94:9F:3E:05:78:1C, Saturday, Aug 01,2020 14:08:02
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, Aug 01,2020 14:06:49
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, Aug 01,2020 14:04:44
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, Aug 01,2020 14:02:39
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, Aug 01,2020 14:00:34
[DHCP IP: (10.0.0.13)] to MAC address 94:9F:3E:05:78:1C, Saturday, Aug 01,2020 13:59:36
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, Aug 01,2020 13:58:29
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, Aug 01,2020 13:56:24
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, Aug 01,2020 13:54:19
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, Aug 01,2020 13:52:14
[DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, Aug 01,2020 13:50:09 

Message 1 of 6
Highlighted

Re: DoS Attacks

Hi,

Hope this finds you well and safe, I have been having issue like this since 1.08.2020 too after I created port forwarding for port 80 for my IIS Webserver lab and reset my whole router yesterday and disabled also my port forwarding and upnp too and now everything is back to normal. I wish there was a way to configure to be safe when you do port forwarding like block ip that are trying to hack like Synology does on their NAS.

Sorry was ranting a little to have bought Netgear routers for all these years and nothing gets changed and I still love them but next time my money goes to Asus or Synology, for example my issue is when I want to use latest firmware the router doesn’t work as should and I have to downgrade to older firmware which makes the router vulnerable.

To make it short disable any port forwarding if you have them and disable the UPnP.

Hope that is helpful and wish you lovely day
Model: RAX200|Nighthawk Tri-band AX12 12-Stream Wi-Fi 6 Router
Message 2 of 6
Highlighted

Re: DoS Attacks

Here's my logs

 

DOS Attacks

DoS attack: ACK Scan] from source 40.86.223.86,port 33021 Sunday, Aug 02,2020 02:58:58
[DoS attack: ACK Scan] from source 40.86.223.86,port 56338 Sunday, Aug 02,2020 02:58:57
[DoS attack: ACK Scan] from source 40.86.223.86,port 46605 Sunday, Aug 02,2020 02:58:57
[DoS attack: ACK Scan] from source 40.86.223.86,port 50834 Sunday, Aug 02,2020 02:58:57
[DoS attack: RST Scan] from source 172.217.168.10,port 443 Sunday, Aug 02,2020 02:56:08
[DoS attack: RST Scan] from source 54.154.80.134,port 443 Sunday, Aug 02,2020 02:29:48
[DoS attack: ACK Scan] from source 51.79.142.79,port 50002 Sunday, Aug 02,2020 02:08:12

Lan Access

[LAN access from remote] from 121.132.211.244 port 13101 to xxx.xxx.xxx.xxx port 80 Sunday, Aug 02,2020 02:54:01
[LAN access from remote] from 176.126.175.10 port 46592 to xxx.xxx.xxx.xxx port 80 Sunday, Aug 02,2020 02:36:27
[LAN access from remote] from 201.187.99.212 port 50099 to xxx.xxx.xxx.xxx port 80 Sunday, Aug 02,2020 02:09:32
[LAN access from remote] from 201.187.99.212 port 50054 to xxx.xxx.xxx.xxx port 80 Sunday, Aug 02,2020 02:09:31
[LAN access from remote] from 201.187.99.212 port 16420 to xxx.xxx.xxx.xxx port 80 Sunday, Aug 02,2020 02:09:31
[LAN access from remote] from 156.96.58.118 port 46864 to xxx.xxx.xxx.xxx port 50326 Sunday, Aug 02,2020 02:08:00
[LAN access from remote] from 114.35.74.193 port 53078 to xxx.xxx.xxx.xxx port 80 Sunday, Aug 02,2020 02:06:34
[LAN access from remote] from 114.35.74.193 port 9875 to xxx.xxx.xxx.xxx port 80 Sunday, Aug 02,2020 02:06:34

Model: RAX200|Nighthawk Tri-band AX12 12-Stream Wi-Fi 6 Router
Message 3 of 6
Highlighted

Re: DoS Attacks

Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.

 

Search - NETGEAR Communities – DoS attacks

 

Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.

 

Here is a useful tool for that task:

 

IPNetInfo: Retrieve IP Address Information from WHOIS servers

 

 

Just another user.

My network DM200 -> R7800 -> GS316 -> PL1000 -> Orbi RBR40 -> Orbi RBS50Y -> RBS40V
Message 4 of 6
Highlighted

Re: DoS Attacks

Dear michaelkenward,

 

Thank you for sharing that and the tool, you're right as some of the IP's are from well known Companies but the one's below made me change my network, reset my passwords and also started to and extra firewall 😂

 

[LAN access from remote] from 201.187.99.212 port 50099 Sunday, Aug 02,2020 02:08:12

 

Checking Ports = 80,  Information about the IP = 201.187.99.212

 

[DoS attack: ACK Scan] from source 51.79.142.79,port 50002 Sunday, Aug 02,2020 02:08:12

 

Information about the IP = 51.79.142.79

 

[LAN access from remote] from 156.96.58.118 port 46864 Sunday, Aug 02,2020 02:08:12

Information about the IP = 156.96.58.118

 

[LAN access from remote] from 114.35.74.193 port 53078 Sunday, Aug 02,2020 02:08:12

Checking Ports = 80 Information about the IP = 114.35.74.193

 

Thank you again and sorry if i hijacked the post

Model: RAX200|Nighthawk Tri-band AX12 12-Stream Wi-Fi 6 Router
Message 5 of 6
Highlighted

Re: DoS Attacks

PLS - click on the IP's as they will send you to AbuseIPDB, this where i found information about these IP's

 

Sorry i couldn't edit my post as i don't have edit button

Model: RAX200|Nighthawk Tri-band AX12 12-Stream Wi-Fi 6 Router
Message 6 of 6