NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Why over 200 smurf attack packets from Comcast IP's within a day.
For about a two weeks, I've been getting 100's of smurf attack packets on my Netgear R7000P NightHawk. The ip's seem to be comcast's.
On Oct. 29, 2022 there seems to be over 200.
Is there a setting I can change to prevent this, or any other suggestion?
Ed Roberts
4 Replies
one2busy wrote:
Is there a setting I can change to prevent this, or any other suggestion?
Prevent what? The attacks? Those reports?
Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.
Search - NETGEAR Communities – DoS attacks
Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.
Here is a useful tool for that task:
IPNetInfo: Retrieve IP Address Information from WHOIS servers
If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.
False positives. NG is famously known for that. Either disable logging of these or completely disable DoS protection.
And yes michaelkenward processing/dropping/blocking at iptables levels is far more expensive than just logging somme entries in the logs
Besides, what's the point keeping it on if 85-90% are false positives? The rest 10-15% is just yoour regular spambots testing trying to get in. It's useless
microchip8 wrote:
Besides, what's the point keeping it on if 85-90% are false positives? The rest 10-15% is just yoour regular spambots testing trying to get in. It's uselessKeeping what on? Protection or logging?
