NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DrSagan
Dec 09, 2021Aspirant
entering an invalid ip address in Block Services. How to enter VALID IP address?
 I am getting reports of DoS attacks : Port Scans in my log file.   They are being reported as: [DoS attack: TCP- or UDP-based Port Scan]  I can reverse search the ip address, and always come up with ...
- Dec 09, 2021The only place without your router "seeing" the scan would be on the carrier or ISP side - on the other side, at the ISP. As I said, you can put as much duct tape under the doorbell button as you want, the kids will continue to ring on your door. and as long as there is nobody opening, there is no imminent risk. Well, you can't install another router before, because your Internet is cable TV DOCSIS based. If there would be just a cable modem, and you had a dedicated router installed, you could of course install yet another router into the Ethernet link between the modem and the router, so that device will receive the scan ... The router does everything possible to keep you safe. so it has detected some monkey is port scanning like hell - fine. If it's to much for your heart, report to your ISP, the will put it back to the owner of the public IP address range. 
schumaku
Dec 09, 2021Guru - Experienced User
The message is perfectly fine, the feature you are using "Advanced -> Security -> Block Services" is to block services from the LAN side _to_ the Internet, so it expects a LAN IP or a LAN IP range only. FMI: RT*M or the online Help
Simply said, you can not stop these port scans (attacks is a little bit a broad word) going to your router public IP interface. Well possible, it's everything closed anyway (except if there are port forwardings opened manually or by UPnP). It's like putting up isolation tape -under- your door bell button - the doorbell will continue to ring, or the DoS system will continue it's protection actions and let you know.
On the other side, we know the Netgear DoS protection scheme is very sensitive, under some conditions even showing false attacks - other router vendors simply don't log or make other noise....
DrSagan
Dec 09, 2021Aspirant
I see. I understand that 'Block Services' is only used to block from the Local Area Network side. That explains why I am getting the error.
The IP's that continue to port scan me appear to be the same IP's over and over, so I thought there might be some way to block the outside IP's. It appears I am looking in the wrong place.
And you are saying there is nothing I can do to stop them, except if I had an entirely closed system.. say with a specific firewall on a seperate piece of equipment. But that would take a seperate modem & router, (not the equipment I have now), as the firewall would go in between the two.
As I am not able to replace the current equipment, can you make any recomendations as to how to make sure my network is secure as possible at the moment with my current Netgear modem/router combo?
Thank you for your time and reply.
- schumakuDec 09, 2021Guru - Experienced UserThe only place without your router "seeing" the scan would be on the carrier or ISP side - on the other side, at the ISP. As I said, you can put as much duct tape under the doorbell button as you want, the kids will continue to ring on your door. and as long as there is nobody opening, there is no imminent risk. Well, you can't install another router before, because your Internet is cable TV DOCSIS based. If there would be just a cable modem, and you had a dedicated router installed, you could of course install yet another router into the Ethernet link between the modem and the router, so that device will receive the scan ... The router does everything possible to keep you safe. so it has detected some monkey is port scanning like hell - fine. If it's to much for your heart, report to your ISP, the will put it back to the owner of the public IP address range.