Discussion stats
  • 6 replies
  • 238 views
  • 0 kudos
  • 2 in conversation
Announcements

Top Contributors
Reply
Highlighted
Aspirant

DOS Attack

i'm seeing alot of DOS attack's in my log files please help

[DoS attack: ACK Scan] from source 69.171.250.20,port 443 Thursday, Jun 25,2020 21:23:15
[DoS attack: Fraggle Attack] from source 10.38.128.1,port 67 Thursday, Jun 25,2020 21:23:14
[DoS attack: ACK Scan] from source 69.171.250.20,port 443 Thursday, Jun 25,2020 21:23:14
[DoS attack: ACK Scan] from source 54.239.18.66,port 443 Thursday, Jun 25,2020 21:23:12

Model: R8000P|Nighthawk X6S AC4000 Tri Band WiFi Router
Message 1 of 7
Highlighted

Re: DOS Attack

Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.

 

Search - NETGEAR Communities – DoS attacks

 

Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.

 

Here is a useful tool for that task:

 

IPNetInfo: Retrieve IP Address Information from WHOIS servers

 

If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.

 

Just another user.

My network DM200 -> R7800 -> GS316 -> PL1000 -> Orbi RBR40 -> Orbi RBS50Y -> RBS40V
Message 2 of 7
Highlighted
Aspirant

Re: DOS Attack

i tried both sites you sugested and nothing came back on it 10.38.128.1.

Model: CM1000-1AZNAS|Ultra-High Speed Cable Modem—DOCSIS® 3.1 Ready
Message 3 of 7
Highlighted

Re: DOS Attack


@dcarey1964 wrote:

i tried both sites you sugested and nothing came back on it 10.38.128.1.


Why did you pick that one. It looks like a local address.

 

The others were Amazon and Facebook.

 

I thought we were talking about the DOS Attacks in your subject. The local address hints at something else going on. You aren't likely to be attacking yourself.

 

Your footer has changed to the CM1000. That is a cable modem. You started off with the R8000P. What are we talking about here?

 

Is there something else on your network that could explain the 10.38.128.1 address?

 

 

 

 

 

Just another user.

My network DM200 -> R7800 -> GS316 -> PL1000 -> Orbi RBR40 -> Orbi RBS50Y -> RBS40V
Message 4 of 7
Highlighted
Aspirant

Re: DOS Attack

You are correct it is a local but that's what it is attacking my router and I have no clue where it's coming from
Model: CM1000-1AZNAS|Ultra-High Speed Cable Modem—DOCSIS® 3.1 Ready
Message 5 of 7
Highlighted

Re: DOS Attack


@dcarey1964 wrote:
You are correct it is a local but that's what it is attacking my router and I have no clue where it's coming from

Something on your network?

 

Have you looked at attached devices?

Just another user.

My network DM200 -> R7800 -> GS316 -> PL1000 -> Orbi RBR40 -> Orbi RBS50Y -> RBS40V
Message 6 of 7
Highlighted
Aspirant

Re: DOS Attack

yes all my devices are dhcp starting with 192.168.*.*

Model: CM1000-1AZNAS|Ultra-High Speed Cable Modem—DOCSIS® 3.1 Ready
Message 7 of 7