Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

CONSTANT DOS ATTACKS & DISCONNECTION

yagirlchels
Aspirant
Aspirant
‎2021-05-06 12:38 PM
‎2021-05-06 12:38 PM

CONSTANT DOS ATTACKS & DISCONNECTION

Spoiler
Spoiler
 

For the last two weeks, my internet has been acting up and keeps just randomly disconnecting. Only for a couple of seconds but it happens back to back all day long. Can someone help me understand whats happening. I have never had any issues before and the router was bought back in November of last year. This is what my log looks like... 

admin login] from source 0.0.0.01Thu May 06 14:31:10 20210.0.0.0:00.0.0.0:0
[DHCP IP: 192.168.0.13] to MAC address f0:18:98:a4:f6:ab1Thu May 06 14:31:08 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Thu May 06 14:00:01 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 13:59:47 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 13:57:52 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Thu May 06 13:37:50 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 13:37:36 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 13:37:05 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Thu May 06 13:30:01 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 13:29:48 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 13:29:18 20210.0.0.0:00.0.0.0:0
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 13:20:18 202173.28.71.3:640458.8.8.8:53
[DHCP IP: 192.168.0.11] to MAC address 62:18:d3:62:53:1f1Thu May 06 13:20:15 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Thu May 06 13:12:55 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 13:12:40 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 13:12:11 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Thu May 06 12:37:48 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 12:37:34 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 12:37:01 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Thu May 06 11:42:46 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 11:42:33 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 11:42:05 20210.0.0.0:00.0.0.0:0
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 08:49:22 202173.28.71.3:534028.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 08:42:54 202173.28.71.3:638728.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 08:35:26 202173.28.71.3:556268.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 08:19:36 202173.28.71.3:642778.8.8.8:53
[Internet connected] IP address: 73.28.71.31Thu May 06 08:14:17 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 08:14:03 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 08:13:27 20210.0.0.0:00.0.0.0:0
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 07:24:17 202173.28.71.3:562258.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 06:31:20 202173.28.71.3:521038.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 06:07:38 202173.28.71.3:652058.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 06:03:44 202173.28.71.3:493588.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Thu May 06 05:48:26 202173.28.71.3:515778.8.8.8:53
[DHCP IP: 192.168.0.11] to MAC address 62:18:d3:62:53:1f1Thu May 06 05:48:25 20210.0.0.0:00.0.0.0:0
[DHCP IP: 192.168.0.11] to MAC address 62:18:d3:62:53:1f1Thu May 06 05:48:24 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Thu May 06 02:02:13 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 02:01:58 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 02:01:22 20210.0.0.0:00.0.0.0:0
[UPnP set event: DeletePortMapping] from source 192.168.0.171Thu May 06 01:20:59 20210.0.0.0:0192.168.0.17:0
[UPnP set event: GetExternalIPAddress] from source 192.168.0.171Thu May 06 01:20:59 20210.0.0.0:0192.168.0.17:0
[UPnP set event: AddPortMapping] from source 192.168.0.171Thu May 06 01:20:25 20210.0.0.0:0192.168.0.17:0
[UPnP set event: GetExternalIPAddress] from source 192.168.0.171Thu May 06 01:20:25 20210.0.0.0:0192.168.0.17:0
[DHCP IP: 192.168.0.17] to MAC address 4c:3b:df:73:81:1d1Thu May 06 01:20:25 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Thu May 06 00:29:59 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Thu May 06 00:29:44 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Thu May 06 00:29:12 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Wed May 05 23:36:08 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Wed May 05 23:35:54 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Wed May 05 23:32:53 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Wed May 05 22:06:22 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Wed May 05 22:06:09 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Wed May 05 22:05:42 20210.0.0.0:00.0.0.0:0
[DHCP IP: 192.168.0.17] to MAC address 4c:3b:df:73:81:1d1Wed May 05 22:03:01 20210.0.0.0:00.0.0.0:0
[DHCP IP: 192.168.0.17] to MAC address 4c:3b:df:73:81:1d1Wed May 05 22:02:30 20210.0.0.0:00.0.0.0:0
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 21:34:03 202173.28.71.3:562018.8.8.8:53
[DoS attack: SYN Flood] from 52.143.79.188, port 4431Wed May 05 21:17:46 2021192.168.0.17:4994052.143.79.188:443
[DoS attack: SYN Flood] from 52.251.11.100, port 4431Wed May 05 21:17:36 2021192.168.0.17:4988352.251.11.100:443
[DoS attack: SYN Flood] from 40.70.154.148, port 4431Wed May 05 21:17:32 2021192.168.0.17:4984440.70.154.148:443
[DoS attack: SYN Flood] from 104.94.108.9, port 4431Wed May 05 21:17:13 2021192.168.0.17:49802104.94.108.9:443
[UPnP set event: AddPortMapping] from source 192.168.0.171Wed May 05 21:17:06 20210.0.0.0:0192.168.0.17:0
[UPnP set event: GetExternalIPAddress] from source 192.168.0.171Wed May 05 21:17:06 20210.0.0.0:0192.168.0.17:0
[DHCP IP: 192.168.0.17] to MAC address 4c:3b:df:73:81:1d1Wed May 05 21:17:06 20210.0.0.0:00.0.0.0:0
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 21:13:29 202173.28.71.3:553208.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 21:06:01 202173.28.71.3:495358.8.8.8:53
[DHCP IP: 192.168.0.11] to MAC address 62:18:d3:62:53:1f1Wed May 05 21:05:59 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Wed May 05 21:00:17 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Wed May 05 21:00:03 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Wed May 05 20:59:23 20210.0.0.0:00.0.0.0:0
[Internet connected] IP address: 73.28.71.31Wed May 05 18:48:04 20210.0.0.0:00.0.0.0:0
[Time synchronized with ToD server]1Wed May 05 18:47:50 20210.0.0.0:00.0.0.0:0
[Internet disconnected]1Wed May 05 18:47:21 20210.0.0.0:00.0.0.0:0
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 16:59:34 202173.28.71.3:550718.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 16:54:07 202173.28.71.3:583358.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 16:41:31 202173.28.71.3:587118.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 16:36:51 202173.28.71.3:494108.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.4.4, port 531Wed May 05 16:35:20 202173.28.71.3:622358.8.4.4:53
[DoS attack: SYN Flood] from 17.248.137.108, port 4431Wed May 05 16:35:05 2021192.168.0.11:6445917.248.137.108:443
[DoS attack: TCP- or UDP-based Port Scan] from 1.1.1.1, port 531Wed May 05 16:35:04 202173.28.71.3:634011.1.1.1:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 16:34:53 202173.28.71.3:584328.8.8.8:53
[DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 531Wed May 05 16:31:17 202173.28.71.3:576938.8.8.8:53

 

Model: A6100|WiFi USB Mini Adapter
Message 1 of 11
0 Kudos
Reply
DarrenM
Sr. NETGEAR Moderator
Sr. NETGEAR Moderator
‎2021-05-11 08:57 AM
‎2021-05-11 08:57 AM

Re: CONSTANT DOS ATTACKS & DISCONNECTION

Have you checked the logs of the ISP modem to see if you have any T3 or T4 timeouts?

 

DarrenM

Message 2 of 11
0 Kudos
Reply
carapungo
Aspirant
Aspirant
‎2021-11-04 04:01 AM
‎2021-11-04 04:01 AM

Re: CONSTANT DOS ATTACKS & DISCONNECTION

were you able to fix this issue?, what was causing it, and what was the solution?

Message 3 of 11
0 Kudos
Reply
microchip8
Master
Master
‎2021-11-04 10:24 AM
‎2021-11-04 10:24 AM

Re: CONSTANT DOS ATTACKS & DISCONNECTION

NETGEAR is famously known for many false positives DoS attacks. Their "protection" is virtually useless. I suggest turnning off DoS protection completely off and see if you get a stable device. Myself, I've been running without DoS protection since I bought my router (3.5 years ago) and never had an issue.

Message 4 of 11
Reply
FURRYe38
Guru Guru
Guru
‎2021-11-04 11:08 AM
‎2021-11-04 11:08 AM

Re: CONSTANT DOS ATTACKS & DISCONNECTION

What NG product do you have? 

What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

@carapungo wrote:

were you able to fix this issue?, what was causing it, and what was the solution?

 

Message 5 of 11
0 Kudos
Reply
carapungo
Aspirant
Aspirant
‎2021-11-04 02:02 PM
‎2021-11-04 02:02 PM

Re: CONSTANT DOS ATTACKS & DISCONNECTION

Thanks. That's what I did this morning, and now my event log is empty, which I assume is a good thing. I have not seen any connection drops so far.

Message 6 of 11
0 Kudos
Reply
FURRYe38
Guru Guru
Guru
‎2021-11-04 02:12 PM
‎2021-11-04 02:12 PM

Re: CONSTANT DOS ATTACKS & DISCONNECTION

What NG product do you have? 

What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

Message 7 of 11
0 Kudos
Reply
carapungo
Aspirant
Aspirant
‎2021-11-04 02:36 PM
‎2021-11-04 02:36 PM

Re: CONSTANT DOS ATTACKS & DISCONNECTION

I have a Nighthawk C7000v2, using Comcast

Message 8 of 11
0 Kudos
Reply
FURRYe38
Guru Guru
Guru
‎2021-11-05 08:02 AM
‎2021-11-05 08:02 AM

Re: CONSTANT DOS ATTACKS & DISCONNECTION

Netgear has set up a community forum specifically for the Cable Modem products. Most of the people who watch that forum are more likely to have experience with Cable modems and know how to work it better than those of us who follow this router forum. Might be more likely to find someone who has a solution if the question is posted there:
https://community.netgear.com/t5/Cable-Modems-Routers/bd-p/home-cable-modems-routers

Please make a new post there. 


Please use this link to the main forum product list to review and choose where to make your posts. 
https://community.netgear.com/t5/NETGEAR-Forum/ct-p/en-netgear


Thank you.

@carapungo wrote:

I have a Nighthawk C7000v2, using Comcast

 

Message 9 of 11
0 Kudos
Reply
yagirlchels
Aspirant
Aspirant
‎2021-11-05 09:00 AM
‎2021-11-05 09:00 AM

Re: CONSTANT DOS ATTACKS & DISCONNECTION

So, I actually had to contact my ISP (xfinity) and end up getting an entirely new IP address for my router. Nothing else was working. I havent had an issue since then. 

Message 10 of 11
0 Kudos
Reply
FURRYe38
Guru Guru
Guru
‎2021-11-05 12:12 PM
‎2021-11-05 12:12 PM

Re: CONSTANT DOS ATTACKS & DISCONNECTION

Sounds like this was coming in from the ISP side then. 

 

Please mark your thread as solved so others will know. 
Be sure to save off a back up configuration to file for safe keeping. Saves time if a reset is needed.
https://kb.netgear.com/24231/How-do-I-back-up-the-router-configuration-settings-on-my-Nighthawk-rout...
Enjoy.

@yagirlchels wrote:

So, I actually had to contact my ISP (xfinity) and end up getting an entirely new IP address for my router. Nothing else was working. I havent had an issue since then. 

 

Message 11 of 11
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 10 replies
  • ‎2021-05-06 12:38 PM
  • 4017 views
  • 1 kudo
  • 5 in conversation
Announcements

Orbi 770 Series