Orbi WiFi 7 RBE973
Reply

R7500 Dos attacks

Lucius1972
Aspirant

R7500 Dos attacks

Hi everyone, couple of days ago I noticed in my log several "dos attacks", I sometimes notice that the internet speed slows down for a few seconds but don`t know if this causes it.
I searched several IP`s through the Geo IP Tool and it spits out several countries: canada, netherlands, russia, USA.
How to get rid of this and moreover should I worry?

 

[DoS Attack: TCP/UDP Chargen] from source: 199.180.114.183, port 52950, Tuesday, September 29, 2015 16:18:43
[DoS Attack: SYN/ACK Scan] from source: 119.63.47.68, port 25565, Tuesday, September 29, 2015 13:58:42
[DoS Attack: SYN/ACK Scan] from source: 178.248.236.27, port 80, Tuesday, September 29, 2015 10:24:23
[DoS Attack: RST Scan] from source: 91.238.230.8, port 80, Tuesday, September 29, 2015 10:17:15
[DoS Attack: SYN/ACK Scan] from source: 109.7.6.175, port 80, Tuesday, September 29, 2015 10:00:06
[DoS Attack: SYN/ACK Scan] from source: 119.188.90.19, port 8455, Tuesday, September 29, 2015 09:23:48
[DoS Attack: TCP/UDP Chargen] from source: 74.82.47.17, port 45031, Tuesday, September 29, 2015 08:46:22
[DoS Attack: SYN/ACK Scan] from source: 5.196.218.183, port 53, Tuesday, September 29, 2015 08:32:18
[DoS Attack: SYN/ACK Scan] from source: 190.93.255.198, port 80, Tuesday, September 29, 2015 06:59:23

[DoS Attack: RST Scan] from source: 108.160.172.237, port 443, Tuesday, September 29, 2015 18:55:19
[DoS Attack: RST Scan] from source: 108.160.172.205, port 443, Tuesday, September 29, 2015 17:56:40
[DoS Attack: SYN/ACK Scan] from source: 198.50.200.25, port 80, Tuesday, September 29, 2015 17:42:22
[DoS Attack: RST Scan] from source: 108.160.172.237, port 443, Tuesday, September 29, 2015 17:32:43
[DoS Attack: RST Scan] from source: 108.160.172.225, port 443, Tuesday, September 29, 2015 17:30:46
[DoS Attack: SYN/ACK Scan] from source: 78.140.181.183, port 80, Tuesday, September 29, 2015 17:19:14
[DoS Attack: RST Scan] from source: 108.160.172.205, port 443, Tuesday, September 29, 2015 17:18:54
[DoS Attack: RST Scan] from source: 188.121.36.238, port 80, Tuesday, September 29, 2015 17:17:36

Message 1 of 4

Accepted Solutions
Babylon5
NETGEAR Employee Retired

Re: R7500 Dos attacks

What you are seeing is what many people consider to be background network traffic and not a targeted attack, which you would most certainly recognise in other ways.

 

Those reports are many minutes or hours apart, considering that the router handles tens of thousands of data packets per second, what you are seeing is very low level and not significant enough to cause any slow down issues. If you are suspicious that they may then synchronise a clock with the router clock, and note down times when you believe there is a slow down, then take a look at the log for corresponding reports.

 

You can’t stop that incoming traffic, only your ISP could attempt to do this, and it is not practical for them to try and filter such traffic from what may be legitimate. However your router is blocking that unsolicited traffic from reaching your LAN.

 

So the short answer is, don’t worry about it.

View solution in original post

Message 2 of 4

All Replies
Babylon5
NETGEAR Employee Retired

Re: R7500 Dos attacks

What you are seeing is what many people consider to be background network traffic and not a targeted attack, which you would most certainly recognise in other ways.

 

Those reports are many minutes or hours apart, considering that the router handles tens of thousands of data packets per second, what you are seeing is very low level and not significant enough to cause any slow down issues. If you are suspicious that they may then synchronise a clock with the router clock, and note down times when you believe there is a slow down, then take a look at the log for corresponding reports.

 

You can’t stop that incoming traffic, only your ISP could attempt to do this, and it is not practical for them to try and filter such traffic from what may be legitimate. However your router is blocking that unsolicited traffic from reaching your LAN.

 

So the short answer is, don’t worry about it.

Message 2 of 4
Lucius1972
Aspirant

Re: R7500 Dos attacks

Hi Babylon5,

Ok clear answer, so nothing to worry about.

Thx again.

Message 3 of 4
Pockets
Aspirant

Re: R7500 Dos attacks

If you have Charter Communication ISP you will notice the subnet mask at 255.255.248.0, or 255.255.242.0 ect on a DHCP. DNS attacks are ramped, You try to change the values to proper sequence 255.255.255.0 IP Spoofing occurs. Router and Modem seem to not communicate with each other because modem IP address and router IP address are always different. My DHCP IP address stays the same for 3 and 4 months. Ive notice YouTube, Vimeo, Netflics seem to buffer often. Charter associates say its Netgears issue talk to them. Personally I think its a way to lower Internet demand by dumbing down speeds to accommodate everyone.  If anyone has a solution to sync Modem and Router and a work around for the subnet masks please let me know. On the advanced set up screen ip addresses and Dns are grey when i plug in the proper numbers page turns white.

   By the way Charters random speedtest videos always tell me i have a great connection at 66 Mb download and 4.5 Mb upload which i know is not the case.

Message 4 of 4
Discussion stats
  • 3 replies
  • 6663 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi WiFi 7