Reply

Re: Constant False DOS Attacks, KEEP losing connection! Nighthawk 6700v2

MontanaNate
Aspirant

Constant False DOS Attacks, KEEP losing connection! Nighthawk 6700v2

I have Nighthawk R6700V2 and my wifi internet is dropping for 30-60 seconds almost hourly at this point.  I did ensure that I have the most updated Firmware (V1.2.0.24_1.0.1) and have done resets and this does not seem to help at all.  Any other suggestions?  It's getting very frustrating.  If I use a wired connection, I don't get any problems.

 

The router is connected to a Charter/Spectrum supplied Arris TM1602 Modem.  We have a Mac and Windows laptop connected wirelessly and a TCL TV and Apple TV connected via Ethernet cables.

Model: R6700|Nighthawk AC1750 Smart WiFi Router
Message 1 of 8
IrvSp
Master

Re: Constant False DOS Attacks, KEEP losing connection! Nighthawk 6700v2


@MontanaNate wrote:

I have Nighthawk R6700V2 and my wifi internet is dropping for 30-60 seconds almost hourly at this point.  I did ensure that I have the most updated Firmware (V1.2.0.24_1.0.1) and have done resets and this does not seem to help at all.  Any other suggestions?  It's getting very frustrating.  If I use a wired connection, I don't get any problems.

 

The router is connected to a Charter/Spectrum supplied Arris TM1602 Modem.  We have a Mac and Windows laptop connected wirelessly and a TCL TV and Apple TV connected via Ethernet cables.


Since you are only dropping wireless signal, then DOS attacks are a red herring. Has nothing to do with wireless.

 

So, does the drop happen on both SSID's, the 2.4Ghz and 5Ghz bands or only one.

 

It could even be interference on the band causing this? Have you tried using a WiFi Scanner like ACRYLIC to see if there is congestion on the band?

Message 2 of 8
MontanaNate
Aspirant

Re: Constant False DOS Attacks, KEEP losing connection! Nighthawk 6700v2

Thank you for the advice, greatly appreciated.  I am a complete newbie to all this, so I'll have to look up what "DOS attacks" are and what I could use Acrylic to find.

 

It does happen on both the 2.4Ghz and 5Ghz bands for sure.

 

Message 3 of 8
IrvSp
Master

Re: Constant False DOS Attacks, KEEP losing connection! Nighthawk 6700v2


@MontanaNate wrote:

 

I'll have to look up what "DOS attacks" are and what I could use Acrylic to find.

 


DOS attacks vary in type. The purpose is basically to mess up the operation of your router/server. Attacks on private routers are rare... but FALSE POSTIVES, that is a router declaring it was attacked happens, and if you Google 'DOS Attacks'  you can read up on them (yes, there are many types). If you Google a specific type, you'll find many if not most are on Netgear routers. Not one of its strong points and many false calls, probably due to a coding error or the router too busy to track the TCP/IP packets.

 

Real attacks will occur within seconds from the same IP address repeatedly. I've NEVER seen this. Supposedly, and I can't find any documentation that supports this, the router will 'close' the internet for 20 seconds when it determines it is under attack (so you should see 20 seconds of no attacks and it starting up again).

 

Acrylic will show you the bands, 2.4 and 5Ghz and all the SSID's being broadcast on it. If your channel (each band has many) is congested, set the router to a lesser used channel.

 

Since it happens on both SSID's, that doesn't bode well. Could be a router problem (h/w) or firmware. Going back in firmware might determine if it is the router or firmware in this case?

Message 4 of 8
MontanaNate
Aspirant

Re: Constant False DOS Attacks, KEEP losing connection! Nighthawk 6700v2

Since I am on a Mac, I am trying NetSpot (free version) first to find out what I can see.  The PC in our home is my wife's work laptop, so I can't download Arcylic to that, unfortunately.

 

I also checked out my log on my router, not sure I know what I am looking at, but it sounds like what you are describing;

 

[DoS attack: ACK Scan] from source: 74.125.199.108:993 Monday, November 05,2018 14:08:24
[DoS attack: ACK Scan] from source: 74.125.199.108:993 Monday, November 05,2018 14:07:54
[DoS attack: ACK Scan] from source: 74.125.199.108:993 Monday, November 05,2018 14:07:24
[DoS attack: ACK Scan] from source: 74.125.199.108:993 Monday, November 05,2018 14:06:54
[DoS attack: ACK Scan] from source: 54.198.161.12:9543 Monday, November 05,2018 14:06:31
[DoS attack: ACK Scan] from source: 54.198.161.12:9543 Monday, November 05,2018 14:06:05
[DoS attack: ACK Scan] from source: 159.180.84.16:443 Monday, November 05,2018 14:05:43
[DoS attack: ACK Scan] from source: 185.11.145.249:80 Monday, November 05,2018 14:01:42
[DoS attack: ACK Scan] from source: 63.251.252.12:443 Monday, November 05,2018 13:49:16
[DoS attack: ACK Scan] from source: 63.251.252.12:443 Monday, November 05,2018 13:48:45
[DoS attack: ACK Scan] from source: 63.251.252.12:443 Monday, November 05,2018 13:48:15
[DoS attack: ACK Scan] from source: 63.251.252.12:443 Monday, November 05,2018 13:47:31
[DoS attack: ACK Scan] from source: 63.251.252.12:443 Monday, November 05,2018 13:46:45
[DoS attack: ACK Scan] from source: 151.101.54.76:443 Monday, November 05,2018 13:13:21

 

Any thoughts on the above?  Thanks again for any insight.

Message 5 of 8
IrvSp
Master

Re: Constant False DOS Attacks, KEEP losing connection! Nighthawk 6700v2

Well just Google 'DoS attack: ACK Scan' and this should help to put your mind at ease... count the number that ARE NOT Netgear routers.

 

Another thing is to see 'who' is attacking you. Just search the web for the IP address...

74.125.199.108 = https://ipinfo.io/74.125.199.108 and it is Google... if you can match the time to what you were doing it was problem a Google search...

 

Also look at the PORT (the part of the IP Address after the 🙂

993 = Encrypted IMAP mail

 

Guess you have a GMAIL account and use IMAP (or someone else does in the house).

 

54.198.161.12 - AmazonAWS,  a service Amazon provides...

Port 9543, usually for NEST devices.

 

159.180.84.16 - hosts Neiman Marcus and Bergdorf Goodman, someone looking at those sites?

Port 443. Secure HTTPS...

 

Might want to look at this, some IP's match, http://www.tomshardware.com/answers/id-3086418/router-log-lots-dos-attacks-recieved.html.

 

 

Message 6 of 8
IrvSp
Master

Re: Constant False DOS Attacks, KEEP losing connection! Nighthawk 6700v2

I should add that attacks are probably due to the router losing track of what it sent out from which LAN device so when it gets a packet in and it didn't expect it as it can't match it to a packet sent out it calls/logs it as an attack.

 

If it continues to happen, it basically will 'slow' your Internet down. TCP/IP on the device is waiting for a response back... and it didn't get it because the router 'dropped it' as it thought it was an attack... so TCP/IP on the device sends out the packet again and waits... and meanwhile you have nothing happening... happens sequentially often enough and you might think you have no Internet I guess?

 

Cause could be ANYTHING, bad firmware, heavy Internet usage at the same time saturating the router handling capability, overheating of the router, noisy cables, you name it...

Message 7 of 8
chert
Apprentice

Re: Constant False DOS Attacks, KEEP losing connection! Nighthawk 6700v2

I'm also experiencing the same thing. I'm getting these constant false DOS attack : STORM messages in my router log resulting  in my internet going very slow or losing it altogether. What I did was DISABLE DOS PROTECTION and PORT SCAN, rebooted and now my internet is back to full speed and no more internet connection problems. I'm now relying solely on my fiber modem's built-in DOS protection and Anti-port scan. Hopefully, that will be enough. Just another example how messed up the stock firmware of our NETGEAR routers are.

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 8 of 8
Discussion stats
  • 7 replies
  • 9044 views
  • 1 kudo
  • 3 in conversation
Announcements

Orbi WiFi 6E