Orbi WiFi 7 RBE973
Reply

DOS Attacks on Nighthawk R6900P cause network down several times a day

DonaldDuck
Aspirant

DOS Attacks on Nighthawk R6900P cause network down several times a day

The R6900P is behind a xfinity cable modem/router which also have the routing/wireless enabled.  I like the R6900P because it comes with the circle 1st generation software so I can manage the kids online activities.  I have been having issues on my Nighthawk R6900P for few months now. 

 

Following is the log (the local DHCP assignment logs have been removed) for the past 24 hours.  As you can see, there are many Internet connec and disconnect.  Lots of DoS attacks were detected.  The issue is only seen on the R6900P and not seen on the xfinity cable modem/router.  I have changed the public IP once but the issue happened again.  The Intrernet connection drops make the remote learning so difficult for kids.  Does anyone have any solution or workaround?  I have the latest firmware:

Firmware Version
V1.3.2.124_10.1.64

 

thanks,

 

Donald Duck


[DoS attack: FIN Scan] attack packets in last 20 sec from ip [17.248.138.20], Saturday, Jan 09,2021 13:42:39
[Time synchronized with NTP server] Saturday, Jan 09,2021 13:41:01
[Internet connected] IP address: 10.0.0.235, Saturday, Jan 09,2021 13:41:00
[Internet disconnected] Saturday, Jan 09,2021 13:40:28

[Internet connected] IP address: 10.0.0.235, Saturday, Jan 09,2021 12:00:25
[Internet disconnected] Saturday, Jan 09,2021 11:59:48
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [72.30.3.55], Saturday, Jan 09,2021 11:40:26
[Time synchronized with NTP server] Saturday, Jan 09,2021 11:36:44
[Internet connected] IP address: 10.0.0.235, Saturday, Jan 09,2021 11:36:40
[Internet disconnected] Saturday, Jan 09,2021 11:36:11

[Time synchronized with NTP server] Saturday, Jan 09,2021 11:13:51
[Internet connected] IP address: 10.0.0.235, Saturday, Jan 09,2021 11:13:49
[Internet disconnected] Saturday, Jan 09,2021 11:13:18

[Time synchronized with NTP server] Saturday, Jan 09,2021 10:14:50
[Internet connected] IP address: 10.0.0.235, Saturday, Jan 09,2021 10:14:47
[Internet disconnected] Saturday, Jan 09,2021 10:14:23

[Time synchronized with NTP server] Saturday, Jan 09,2021 09:35:34
[Internet connected] IP address: 10.0.0.235, Saturday, Jan 09,2021 09:35:32
[Internet disconnected] Saturday, Jan 09,2021 09:35:05

[Time synchronized with NTP server] Saturday, Jan 09,2021 07:56:11
[Internet connected] IP address: 10.0.0.235, Saturday, Jan 09,2021 07:56:10
[Internet disconnected] Saturday, Jan 09,2021 07:55:42

[Time synchronized with NTP server] Saturday, Jan 09,2021 04:19:10
[Internet connected] IP address: 10.0.0.235, Saturday, Jan 09,2021 04:19:07
[Internet disconnected] Saturday, Jan 09,2021 04:18:40
[Time synchronized with NTP server] Saturday, Jan 09,2021 03:52:00
[Internet connected] IP address: 10.0.0.235, Saturday, Jan 09,2021 03:51:56
[Internet disconnected] Saturday, Jan 09,2021 03:51:33

[Time synchronized with NTP server] Saturday, Jan 09,2021 01:56:33
[Internet connected] IP address: 10.0.0.235, Saturday, Jan 09,2021 01:56:27
[Internet disconnected] Saturday, Jan 09,2021 01:56:05

[Time synchronized with NTP server] Saturday, Jan 09,2021 01:03:14
[Internet connected] IP address: 10.0.0.235, Saturday, Jan 09,2021 01:03:12
[Internet disconnected] Saturday, Jan 09,2021 01:02:35
[Time synchronized with NTP server] Saturday, Jan 09,2021 00:50:01
[Internet connected] IP address: 10.0.0.235, Saturday, Jan 09,2021 00:50:00
[Internet disconnected] Saturday, Jan 09,2021 00:49:23

[DoS attack: FIN Scan] attack packets in last 20 sec from ip [34.193.6.218], Friday, Jan 08,2021 22:33:10
[Time synchronized with NTP server] Friday, Jan 08,2021 22:32:58
[Internet connected] IP address: 10.0.0.235, Friday, Jan 08,2021 22:32:55
[Internet disconnected] Friday, Jan 08,2021 22:32:24
[Time synchronized with NTP server] Friday, Jan 08,2021 20:59:52
[Internet connected] IP address: 10.0.0.235, Friday, Jan 08,2021 20:59:46
[Internet disconnected] Friday, Jan 08,2021 20:59:28
[Time synchronized with NTP server] Friday, Jan 08,2021 19:07:23
[Internet connected] IP address: 10.0.0.235, Friday, Jan 08,2021 19:07:20
[Internet disconnected] Friday, Jan 08,2021 19:06:46
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [65.8.195.55], Friday, Jan 08,2021 18:37:25
[Time synchronized with NTP server] Friday, Jan 08,2021 18:35:48
[Internet connected] IP address: 10.0.0.235, Friday, Jan 08,2021 18:35:44
[Internet disconnected] Friday, Jan 08,2021 18:35:21
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [74.6.145.75], Friday, Jan 08,2021 18:34:08
[Time synchronized with NTP server] Friday, Jan 08,2021 18:32:55
[Internet connected] IP address: 10.0.0.235, Friday, Jan 08,2021 18:32:54
[Internet disconnected] Friday, Jan 08,2021 18:32:26

[Time synchronized with NTP server] Friday, Jan 08,2021 15:48:36
[Internet connected] IP address: 10.0.0.235, Friday, Jan 08,2021 15:48:35
[Internet disconnected] Friday, Jan 08,2021 15:48:01

[DoS attack: FIN Scan] attack packets in last 20 sec from ip [172.217.6.194], Friday, Jan 08,2021 13:49:24
[Time synchronized with NTP server] Friday, Jan 08,2021 13:48:37
[Internet connected] IP address: 10.0.0.235, Friday, Jan 08,2021 13:48:34
[Internet disconnected] Friday, Jan 08,2021 13:47:59
[Time synchronized with NTP server] Friday, Jan 08,2021 13:45:07
[Internet connected] IP address: 10.0.0.235, Friday, Jan 08,2021 13:45:04
[Internet disconnected] Friday, Jan 08,2021 13:44:41
[Time synchronized with NTP server] Friday, Jan 08,2021 13:43:39
[Internet connected] IP address: 10.0.0.235, Friday, Jan 08,2021 13:43:38
[Internet disconnected] Friday, Jan 08,2021 13:42:52
[Time synchronized with NTP server] Friday, Jan 08,2021 13:41:16
[Internet connected] IP address: 10.0.0.235, Friday, Jan 08,2021 13:41:11
[Internet disconnected] Friday, Jan 08,2021 13:40:45

  

Model: R6900P|Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router
Message 1 of 4

Re: DOS Attacks on Nighthawk R6900P cause network down several times a day

Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.

 

Search - NETGEAR Communities – DoS attacks

 

Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.

 

Here is a useful tool for that task:

 

IPNetInfo: Retrieve IP Address Information from WHOIS servers

 

If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.

 

Message 2 of 4
DonaldDuck
Aspirant

Re: DOS Attacks on Nighthawk R6900P cause network down several times a day

michaelkenward

 

Hi Michael,

  That is really interesting.  I have now disabled the log for "Known DoS attacks and Port Scans" and "Known BOT Attacks and Port Scans".  I will update the result in a week.  Thank you for the infomration.  Figure crossed.

thanks,

Donald

Message 3 of 4
DonaldDuck
Aspirant

Re: DOS Attacks on Nighthawk R6900P cause network down several times a day

Disable the log does not seem to fix the issue.  The  R6900P disconnected for 12 times in a day..

 


@michaelkenward wrote:

Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.

 

Search - NETGEAR Communities – DoS attacks

 

Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.

 

Here is a useful tool for that task:

 

IPNetInfo: Retrieve IP Address Information from WHOIS servers

 

If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.

 


 

[Admin login] from source 10.118.1.29, Monday, Jan 11,2021 12:57:37

[Time synchronized with NTP server] Monday, Jan 11,2021 12:42:17
[Internet connected] IP address: 10.0.0.235, Monday, Jan 11,2021 12:42:13
[Internet disconnected] Monday, Jan 11,2021 12:41:45

[Time synchronized with NTP server] Monday, Jan 11,2021 12:13:40
[Internet connected] IP address: 10.0.0.235, Monday, Jan 11,2021 12:13:38
[Internet disconnected] Monday, Jan 11,2021 12:13:09

[Time synchronized with NTP server] Monday, Jan 11,2021 08:50:22
[Internet connected] IP address: 10.0.0.235, Monday, Jan 11,2021 08:50:21
[Internet disconnected] Monday, Jan 11,2021 08:49:48

[Time synchronized with NTP server] Monday, Jan 11,2021 08:17:24
[Internet connected] IP address: 10.0.0.235, Monday, Jan 11,2021 08:17:24
[Internet disconnected] Monday, Jan 11,2021 08:16:53

[Time synchronized with NTP server] Monday, Jan 11,2021 07:48:23
[Internet connected] IP address: 10.0.0.235, Monday, Jan 11,2021 07:48:22
[Internet disconnected] Monday, Jan 11,2021 07:47:52

[Time synchronized with NTP server] Monday, Jan 11,2021 06:26:05
[Internet connected] IP address: 10.0.0.235, Monday, Jan 11,2021 06:26:02
[Internet disconnected] Monday, Jan 11,2021 06:25:30

[Time synchronized with NTP server] Monday, Jan 11,2021 05:42:53
[Internet connected] IP address: 10.0.0.235, Monday, Jan 11,2021 05:42:52
[Internet disconnected] Monday, Jan 11,2021 05:42:20

[Time synchronized with NTP server] Monday, Jan 11,2021 03:50:49
[Internet connected] IP address: 10.0.0.235, Monday, Jan 11,2021 03:50:47
[Internet disconnected] Monday, Jan 11,2021 03:50:19

[Time synchronized with NTP server] Sunday, Jan 10,2021 22:30:01
[Internet connected] IP address: 10.0.0.235, Sunday, Jan 10,2021 22:29:56
[Internet disconnected] Sunday, Jan 10,2021 22:29:33

[Time synchronized with NTP server] Sunday, Jan 10,2021 18:21:39
[Internet connected] IP address: 10.0.0.235, Sunday, Jan 10,2021 18:21:37
[Internet disconnected] Sunday, Jan 10,2021 18:21:07
[Time synchronized with NTP server] Sunday, Jan 10,2021 18:16:04
[Internet connected] IP address: 10.0.0.235, Sunday, Jan 10,2021 18:16:03
[Internet disconnected] Sunday, Jan 10,2021 18:15:31

[Time synchronized with NTP server] Sunday, Jan 10,2021 18:06:25
[Internet connected] IP address: 10.0.0.235, Sunday, Jan 10,2021 18:06:24
[Internet disconnected] Sunday, Jan 10,2021 18:05:53

[Log Cleared] Sunday, Jan 10,2021 17:00:53

Message 4 of 4
Top Contributors
Discussion stats
  • 3 replies
  • 709 views
  • 1 kudo
  • 2 in conversation
Announcements

Orbi 770 Series