Since netgear support is completely useless unless you want to pay $30 extra, I’ve decided to seek help from “other customers”. I’ve been having split second disconnects very frustrating because it will interrupt loading web pages, live streams, video game connections, etc.
Here are my router logs: [DoS attack: ACK Scan] from source: 104.43.195.200:443 Monday, February 28,2022 18:42:02 [DoS attack: ACK Scan] from source: 69.192.208.23:443 Monday, February 28,2022 18:40:51 [UPnP set event:AddPortMapping] from source 192.168.1.2 Monday, February 28,2022 18:36:08 [DHCP IP: (192.168.1.2)] to MAC address E4:2A:AC:36:B7:88 Monday, February 28,2022 18:36:05 [admin login] from source 192.168.1.3 Monday, February 28,2022 18:32:30 [DHCP IP: (192.168.1.3)] to MAC address B2:0D:4A:F7:09:35 Monday, February 28,2022 18:24:44 [DoS attack: ACK Scan] from source: 103.155.85.10:443 Monday, February 28,2022 18:09:10 [DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 18:06:35 [DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 18:05:08 [DoS attack: ACK Scan] from source: 212.11.155.166:443 Monday, February 28,2022 18:04:15 [DoS attack: ACK Scan] from source: 158.233.249.231:443 Monday, February 28,2022 18:00:49 [DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 17:57:55 [DoS attack: ACK Scan] from source: 158.233.249.230:443 Monday, February 28,2022 17:48:29 [DoS attack: ACK Scan] from source: 158.233.249.230:443 Monday, February 28,2022 17:42:29 [DoS attack: ACK Scan] from source: 212.11.155.166:443 Monday, February 28,2022 17:41:22 [DoS attack: ACK Scan] from source: 212.11.155.166:443 Monday, February 28,2022 17:40:35 [DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 17:36:16 [DHCP IP: (192.168.1.3)] to MAC address B2:0D:4A:F7:09:35 Monday, February 28,2022 17:34:40 [DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 17:34:25 [DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 17:32:25 [DoS attack: ACK Scan] from source: 125.65.173.231:44147 Monday, February 28,2022 17:28:00 [DHCP IP: (192.168.1.3)] to MAC address B2:0D:4A:F7:09:35 Monday, February 28,2022 17:05:13 [DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 16:57:22 [DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 16:51:48 [DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 16:49:01 [DoS attack: ACK Scan] from source: 103.155.85.10:443 Monday, February 28,2022 16:34:48 [DoS attack: ACK Scan] from source: 103.155.85.10:443 Monday, February 28,2022 16:20:57 [DoS attack: ACK Scan] from source: 146.59.10.143:27015 Monday, February 28,2022 16:17:13 [DoS attack: ACK Scan] from source: 158.233.249.230:443 Monday, February 28,2022 15:56:45 [DoS attack: ACK Scan] from source: 103.155.85.10:443 Monday, February 28,2022 15:34:11 [DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 15:30:21 [DoS attack: ACK Scan] from source: 158.233.249.231:443 Monday, February 28,2022 15:27:41 [DoS attack: ACK Scan] from source: 103.155.85.10:443 Monday, February 28,2022 15:13:40 [DoS attack: ACK Scan] from source: 103.155.85.10:80 Monday, February 28,2022 15:11:21 [DoS attack: TCP Port Scan] from source: 94.102.49.97:58711 Monday, February 28,2022 15:05:15 [DoS attack: ACK Scan] from source: 111.231.84.21:58273 Monday, February 28,2022 15:04:26 [DoS attack: ACK Scan] from source: 195.5.40.110:179 Monday, February 28,2022 14:44:36 [DoS attack: ACK Scan] from source: 109.87.105.72:554 Monday, February 28,2022 14:43:23 [DoS attack: WinNuke Attack] from source: 123.53.79.29:40965 Monday, February 28,2022 13:37:58 [DoS attack: ACK Scan] from source: 148.251.76.173:443 Monday, February 28,2022 13:26:19 [DoS attack: ACK Scan] from source: 148.251.76.173:443 Monday, February 28,2022 13:22:14 [DoS attack: ACK Scan] from source: 168.119.232.76:443 Monday, February 28,2022 13:12:28 [UPnP set event:DeletePortMapping] from source 192.168.1.2 Monday, February 28,2022 13:00:07 [DoS attack: ACK Scan] from source: 52.156.94.70:443 Monday, February 28,2022 12:52:53 [DoS attack: ACK Scan] from source: 162.241.216.182:443 Monday, February 28,2022 12:23:18 [DoS attack: ACK Scan] from source: 52.156.94.70:443 Monday, February 28,2022 12:20:59 [Time synchronized with NTP server time-a.netgear.com] Monday, February 28,2022 12:20:34 [DoS attack: ACK Scan] from source: 40.125.100.15:443 Monday, February 28,2022 12:19:53 [UPnP set event:AddPortMapping] from source 192.168.1.2 Monday, February 28,2022 12:15:03 [DHCP IP: (192.168.1.2)] to MAC address E4:2A:AC:36:B7:88 Monday, February 28,2022 12:15:00 [DoS attack: WinNuke Attack] from source: 183.236.168.50:18917 Monday, February 28,2022 11:58:30 [DoS attack: ACK Scan] from source: 31.13.66.10:443 Monday, February 28,2022 11:20:48 [DoS attack: ACK Scan] from source: 159.224.84.197:554 Monday, February 28,2022 11:00:52 [DHCP IP: (192.168.1.3)] to MAC address B2:0D:4A:F7:09:35 Monday, February 28,2022 10:52:45 [DoS attack: ACK Scan] from source: 46.4.192.213:80 Monday, February 28,2022 10:23:24 [DoS attack: ACK Scan] from source: 193.19.152.20:443 Monday, February 28,2022 10:04:37 [DoS attack: WinNuke Attack] from source: 123.53.79.19:3973 Monday, February 28,2022 10:00:44 [DoS attack: ACK Scan] from source: 182.106.172.60:80 Monday, February 28,2022 07:52:46 [DoS attack: ACK Scan] from source: 52.138.119.101:443 Monday, February 28,2022 07:23:55 [UPnP set event:DeletePortMapping] from source 192.168.1.2 Monday, February 28,2022 07:21:48 [UPnP set event:AddPortMapping] from source 192.168.1.2 Monday, February 28,2022 06:28:56 [DHCP IP: (192.168.1.2)] to MAC address E4:2A:AC:36:B7:88 Monday, February 28,2022 06:28:53 [DoS attack: ACK Scan] from source: 96.16.206.47:443 Monday, February 28,2022 06:28:39 [DHCP IP: (192.168.1.3)] to MAC address B2:0D:4A:F7:09:35 Monday, February 28,2022 06:17:56 [Access Control] Device UNKNOWN with MAC address B2:0D:4A:F7:09:35 is allowed to acces Monday, February 28,2022 06:11:12 [admin login] from source 192.168.1.3 Monday, February 28,2022 06:10:55 [Access Control] Device UNKNOWN with MAC address B2:0D:4A:F7:09:35 is allowed to acces Monday, February 28,2022 06:06:42 [Access Control] Device UNKNOWN with MAC address B2:0D:4A:F7:09:35 is allowed to acces Monday, February 28,2022 06:02:12 [Access Control] Device UNKNOWN with MAC address B2:0D:4A:F7:09:35 is allowed to acces Monday, February 28,2022 05:57:42 [DoS attack: ACK Scan] from source: 182.106.172.60:80 Monday, February 28,2022 05:53:46 [Access Control] Device UNKNOWN with MAC address B2:0D:4A:F7:09:35 is allowed to acces Monday, February 28,2022 05:53:12 [Access Control] Device UNKNOWN with MAC address B2:0D:4A:F7:09:35 is allowed to acces Monday, February 28,2022 05:48:42 [DoS attack: ACK Scan] from source: 183.224.152.18:55024 Monday, February 28,2022 05:45:30 [Access Control] Device UNKNOWN with MAC address B2:0D:4A:F7:09:35 is allowed to acces Monday, February 28,2022 05:44:12 [Access Control] Device UNKNOWN with MAC address B2:0D:4A:F7:09:35 is allowed to acces Monday, February 28,2022 05:39:42 DoS attack: WinNuke Attack] from source: 183.236.168.50:59123 Sunday, February 27,2022 22:19:14
NETGEAR's DoS protection is famously known for many, many false positives. They can come from your ISP, Facebook, Twitter and even from your own devices. If you have problems, disable DoS Protection (you're not losing much). If you don't want to, at least disable loging of these so called "attacks" to relieve the CPU a bit.
I run 4+ years without DoS Protection enabled and never had a problem.
I have already contacted my ISP, everything is fine on their end. I’ve also already gone to the extent of fully factory resetting the router. The DOS PROTECTION isn’t even turned on , so I’m not sure what’s flooding it with these attacks but it is. Interrupting my connection
What Firmware version is currently loaded? What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?
@DONKE wrote: I have already contacted my ISP, everything is fine on their end. I’ve also already gone to the extent of fully factory resetting the router. The DOS PROTECTION isn’t even turned on , so I’m not sure what’s flooding it with these attacks but it is. Interrupting my connection
Thank you for your post. I am happy to help look into this issue and your case further. Can you please send me a private message with your case number, the model number of your router, along with the serial number?
I have the AC2600 R7450 netgear router and Calix modem 716GE-I The firmware is the newest one available, I don’t know the numbers off hand and am not home right this second to check
@DONKE wrote: I have the AC2600 R7450 netgear router and Calix modem 716GE-I The firmware is the newest one available, I don’t know the numbers off hand and am not home right this second to check
Thank you for the prompt response! This model had a recent firmware update and I know you said you're on the latest firmware, but for good measure can you confirm your router is on version 1.2.0.90? This version has some security fixes that may be related.
In the meantime, I'll continue to investigate internally.
