Orbi WiFi 7 RBE973
Reply

DoS Attacks

0x00A
Follower

DoS Attacks

Hi, I've been getting these Dos attacks for a couple weeks...

 

8E59B347-C685-4190-914C-8436BA7834CC.jpeg

 

I want to know if this is a fake report from the router or if there is a real DoS Attack...Every time it is accompanied by the network almost unusable.

@michaelkenward 

Message 1 of 4
FURRYe38
Guru

Re: DoS Attacks

Would be helpful to what what NG router product your seeing this on.

 

You can do a WHOIS lookup on those IP addresses to see where they come from as well. 

 

What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?
Be sure your using a good quality LAN cable between the modem and router. CAT6 is recommended.

 

 

Most times the log is just reporting what the router is preventing or stopping...

 

 

Has a power off for 1 minute then back ON with the ISP modem and router been performed since last update?
Be sure to restart your network in this sequence:
Turn off and unplug modem.
Turn off router and computers.
Plug in and turn on modem. Wait 2 minutes for it to connect.
Turn on the router and wait 2 minutes for it to connect.
Turn on computers and rest of network.

 

Has a factory reset and setup from scratch been performed since last FW update? A complete pull of the power adapters for a period of time after the factory reset then walk thru the setup wizard and setup from scratch. Recommend setting the default DHCP IP address pool range to the following after applying and a factory reset: 192.168.#.100 to 192.168.#.200.

Message 2 of 4
schumaku
Guru

Re: DoS Attacks

if something is not replying on the IP stack, the Netgear known flawed "DoS attack" does tend to spill masses of such messages. Typical issues on flooded NAT sessions, not receiving expected answers in time, and often if the Internet connection uplink is segregated ... it's amazing how much theories are developed and pushed on this subject to these communities over the year. Gee, if an ISP or different service provider with this massive bandwidth available would DoS most users Internet connections would immediate lead to a interruption of your Internet services - faster than you can think of or figure out IP whois ownerships.

 

last, then i shut up and stay silent on the subject: what is the point of submitting lists of suspect IP addresses in graphics format? 100% useless: We know the IP ownerships of virtually all services for suspect flawed attackers - virtually all are providing https services on port 443 8-)

 

i wish Netgear would immediately go and disable this DoS attack junk, avoiding leading their customers mislead for things which are normal in daily network and IP operations.   

Message 3 of 4

Re: DoS Attacks

Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.

 

Search - NETGEAR Communities – DoS attacks

 

Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.

 

Here is a useful tool for that task:

 

IPNetInfo: Retrieve IP Address Information from WHOIS servers

 

If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.

 

Message 4 of 4
Top Contributors
Discussion stats
  • 3 replies
  • 1772 views
  • 0 kudos
  • 4 in conversation
Announcements

Orbi WiFi 7