× Introducing the Orbi 970 Series Mesh System with WiFi 7 technology. For more information visit the NETGEAR Press Room.
Orbi WiFi 7 RBE973
Reply

RAX120/AX12 - Constant DOS Attack - ISP Provider warning to shut me down if not fixed

migsta
Apprentice

RAX120/AX12 - Constant DOS Attack - ISP Provider warning to shut me down if not fixed

Why am I getting continous DOS attacks in my logs with the RAX120/AX12.  If I put my Asus GT-AC5300, no issue.

 

Worried cause my ISP provider has sent me an email saying I need to take care of this or they will shut me down?  Does that make sense?  I am on the latest firmware .84 of the RAX120/AX12.

Model: RAX120|Nighthawk AX12 12-Stream WiFi Router
Message 1 of 8

Re: RAX120/AX12 - Constant DOS Attack - ISP Provider warning to shut me down if not fixed

Netgear is great at creating false reports of DoS attacks. Many of them are no such thing.

 

Search - NETGEAR Communities – DoS attacks

 

Just use whois to see who is behind some of them. You may find that they are from places like Facebook, Google, even your ISP.

 

Here is a useful tool for that task:

 

IPNetInfo: Retrieve IP Address Information from WHOIS servers

 

In this case something else seems to be going on. The router will usually have no way of telling the ISP what is happening.

 

It might help if you posted one of those logs to show people what is happening.

 

Perhaps your ISP has told you what it is seeing on your connection.

 

 

Message 2 of 8
GmanTechi
Aspirant

Re: RAX120/AX12 - Constant DOS Attack - ISP Provider warning to shut me down if not fixed

I have the same issues. My router seems to drop Ip address. DHCP reboots possible? As soon as I log onto my computer i get these Dos attack logs. usually five at a time. here is some excerpts.

 

- DoS Attack: ACK Scan] from source: 208.111.178.31, port 443, Tuesday, December 03, 2019 04:43:06

- [DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Tuesday, December 03, 2019 04:34:25

- [DoS Attack: ACK Scan] from source: 205.185.216.10, port 80, Monday, December 02, 2019 23:04:28

[DoS Attack: ACK Scan] from source: 34.237.131.21, port 9543, Monday, December 02, 2019 23:04:21

- [DoS Attack: ACK Scan] from source: 69.171.250.52, port 5222, Monday, December 02, 2019 22:53:10

[DoS Attack: ACK Scan] from source: 34.237.131.21, port 9543, Monday, December 02, 2019 22:50:19

Inbetween thes logs the DHCP will reset - [DHCP IP: 192.168.1.135] to MAC address

 

Router is a few days old with latest firmware - V1.0.1.108

Message 3 of 8

Re: RAX120/AX12 - Constant DOS Attack - ISP Provider warning to shut me down if not fixed

See above.

 

Try  IPNetInfo.

 

Facebook!?

 

Message 4 of 8
GabboCH
Apprentice

Re: RAX120/AX12 - Constant DOS Attack - ISP Provider warning to shut me down if not fixed

There is another thread from an RAX120 user who has recently upgraded to the latest firmware & now has the same problems.

He has contacted the ISP responsible for the attacks & is waiting for a response.

 

However, I guess the root cause is that in the new firmware something has changed regarding the open ports or way that the router responds.

Message 5 of 8
CBV
Tutor
Tutor

Re: RAX120/AX12 - Constant DOS Attack - ISP Provider warning to shut me down if not fixed

Hi,
Have you find a solution on DoS attack?
I’m having the same issue since 3 weeks on my RAX120. Bandwidth is 150GB and it drops to less than 1GB. I reboot my ISP modem (Arris TG1662G) and my router and all works fine but after 20 to 24 hrs have no he same issue..!!
Message 6 of 8
CBV
Tutor
Tutor

Re: RAX120/AX12 - Constant DOS Attack - ISP Provider warning to shut me down if not fixed

He is my log

[DoS Attack: SYN/ACK Scan] from source: 84.53.161.129, port 443, Sunday, February 16, 2020 16:43:31
[DoS Attack: SYN/ACK Scan] from source: 84.53.161.129, port 443, Sunday, February 16, 2020 16:43:15
[DoS Attack: SYN/ACK Scan] from source: 84.53.161.129, port 443, Sunday, February 16, 2020 16:43:07
[DoS Attack: SYN/ACK Scan] from source: 84.53.161.129, port 443, Sunday, February 16, 2020 16:43:03
[DoS Attack: SYN/ACK Scan] from source: 84.53.161.129, port 443, Sunday, February 16, 2020 16:43:00
[DoS Attack: ACK Scan] from source: 17.248.131.173, port 443, Sunday, February 16, 2020 16:33:30
[DoS Attack: ACK Scan] from source: 157.240.14.35, port 443, Sunday, February 16, 2020 16:33:20
[DoS Attack: ACK Scan] from source: 52.22.126.152, port 443, Sunday, February 16, 2020 16:32:13
[DoS Attack: ACK Scan] from source: 17.248.131.173, port 443, Sunday, February 16, 2020 16:32:08
[DoS Attack: ACK Scan] from source: 157.240.14.35, port 443, Sunday, February 16, 2020 16:32:02
[DoS Attack: ACK Scan] from source: 157.240.14.63, port 443, Sunday, February 16, 2020 16:31:44
[DoS Attack: ACK Scan] from source: 157.240.14.63, port 443, Sunday, February 16, 2020 16:31:43
[DoS Attack: ACK Scan] from source: 157.240.14.63, port 443, Sunday, February 16, 2020 16:31:43
[DoS Attack: ACK Scan] from source: 157.240.14.63, port 443, Sunday, February 16, 2020 16:31:43
[DoS Attack: ACK Scan] from source: 157.240.14.63, port 443, Sunday, February 16, 2020 16:31:43
[DoS Attack: ACK Scan] from source: 157.240.14.63, port 443, Sunday, February 16, 2020 16:31:42
[DoS Attack: ACK Scan] from source: 52.22.126.152, port 443, Sunday, February 16, 2020 16:31:28
[DoS Attack: ACK Scan] from source: 157.240.14.35, port 443, Sunday, February 16, 2020 16:31:21
[DoS Attack: ACK Scan] from source: 52.22.126.152, port 443, Sunday, February 16, 2020 16:31:05
[DoS Attack: ACK Scan] from source: 157.240.14.35, port 443, Sunday, February 16, 2020 16:31:03
[DoS Attack: ACK Scan] from source: 52.22.126.152, port 443, Sunday, February 16, 2020 16:30:54
[DoS Attack: ACK Scan] from source: 157.240.14.35, port 443, Sunday, February 16, 2020 16:30:53
[DoS Attack: ACK Scan] from source: 52.22.126.152, port 443, Sunday, February 16, 2020 16:30:48
[DHCP IP: 192.168.1.14] to MAC address 88:f5:6e:ec:a9:bb, Sunday, February 16, 2020 16:30:46
[DoS Attack: ACK Scan] from source: 52.22.126.152, port 443, Sunday, February 16, 2020 16:30:45
[DoS Attack: ACK Scan] from source: 17.188.167.20, port 443, Sunday, February 16, 2020 16:30:44
[DoS Attack: ACK Scan] from source: 52.22.126.152, port 443, Sunday, February 16, 2020 16:30:44
[DoS Attack: SYN/ACK Scan] from source: 31.13.66.10, port 443, Sunday, February 16, 2020 16:30:43
[DoS Attack: ACK Scan] from source: 17.188.167.20, port 443, Sunday, February 16, 2020 16:30:43
[DoS Attack: ACK Scan] from source: 157.240.14.35, port 443, Sunday, February 16, 2020 16:30:43
Message 7 of 8

Re: RAX120/AX12 - Constant DOS Attack - ISP Provider warning to shut me down if not fixed


@CBV wrote:
Hi,
Have you find a solution on DoS attack?

Have you read the many messages on this topic? (See links above.)

 

Your log is mostly Apple, Facebook and Amazon.

 

 

Message 8 of 8
Top Contributors
Discussion stats
  • 7 replies
  • 2347 views
  • 0 kudos
  • 5 in conversation
Announcements

Orbi WiFi 7