Reply

Dos attack

Nottechatall
Luminary

Dos attack

Hi 

So my internet has been dropping today - im with Virgin Media - so i know theyre having issues atm with TV & phone but not showing any issues on their own website for internet my area. Checked my intenet log and showing this .... any ideas what it means would be much appreciated

 

 

[DoS Attack: ACK Scan] from source: 172.97.56.86, port 7501, Thursday, March 04, 2021 13:03:59
[DoS Attack: ACK Scan] from source: 74.208.5.13, port 993, Thursday, March 04, 2021 13:04:18
[DoS Attack: ACK Scan] from source: 74.208.5.13, port 993, Thursday, March 04, 2021 13:04:25
[DoS Attack: ACK Scan] from source: 74.208.5.13, port 993, Thursday, March 04, 2021 13:04:27
[DoS Attack: ACK Scan] from source: 74.208.5.13, port 993, Thursday, March 04, 2021 13:04:33
[DoS Attack: ACK Scan] from source: 74.208.5.13, port 993, Thursday, March 04, 2021 13:04:34
[DoS Attack: ACK Scan] from source: 74.208.5.13, port 993, Thursday, March 04, 2021 13:04:36
[DoS Attack: ACK Scan] from source: 74.208.5.13, port 993, Thursday, March 04, 2021 13:05:19
[DoS Attack: ACK Scan] from source: 74.208.5.13, port 993, Thursday, March 04, 2021 13:05:26
[DoS Attack: ACK Scan] from source: 74.208.5.13, port 993, Thursday, March 04, 2021 13:05:29
[DoS Attack: ACK Scan] from source: 74.208.5.13, port 993, Thursday, March 04, 2021 13:05:35
[DoS Attack: ACK Scan] from source: 74.208.5.13, port 993, Thursday, March 04, 2021 13:05:36
[DoS Attack: ACK Scan] from source: 74.208.5.13, port 993, Thursday, March 04, 2021 13:05:38
[DoS Attack: ACK Scan] from source: 84.17.50.11, port 443, Thursday, March 04, 2021 13:06:17
[DHCP IP: 192.168.1.7] to MAC address 08:3e:8e:b5:54:b7, Thursday, March 04, 2021 13:06:55
[DumaOS] DHCP lease change., Thursday, March 04, 2021 13:06:55
[UPnP set event: del_nat_rule] from source 192.168.1.8, Thursday, March 04, 2021 13:07:21
[DoS Attack: SYN/ACK Scan] from source: 51.255.81.155, port 25565, Thursday, March 04, 2021 13:21:30
[DHCP IP: 192.168.1.10] to MAC address 4a:01:83:5f:9c:b3, Thursday, March 04, 2021 13:26:02
[DumaOS] DHCP new event., Thursday, March 04, 2021 13:26:02
[DumaOS] DHCP lease change., Thursday, March 04, 2021 13:26:02
[DHCP IP: 192.168.1.5] to MAC address 1c:91:48:05:f6:f8, Thursday, March 04, 2021 13:29:27
[DumaOS] DHCP new event., Thursday, March 04, 2021 13:29:27
[DumaOS] DHCP lease change., Thursday, March 04, 2021 13:29:27
[DHCP IP: 192.168.1.5] to MAC address 1c:91:48:05:f6:f8, Thursday, March 04, 2021 13:29:28
[DumaOS] DHCP new event., Thursday, March 04, 2021 13:29:28
[DumaOS] DHCP lease change., Thursday, March 04, 2021 13:29:28
[DoS Attack: SYN/ACK Scan] from source: 92.122.19.13, port 443, Thursday, March 04, 2021 13:30:09
[DoS Attack: SYN/ACK Scan] from source: 178.63.41.58, port 80, Thursday, March 04, 2021 13:37:23
[DoS Attack: TCP/UDP Chargen] from source: 194.168.4.100, port 53, Thursday, March 04, 2021 13:44:19
[DoS Attack: TCP/UDP Chargen] from source: 194.168.8.100, port 53, Thursday, March 04, 2021 13:44:24
[DoS Attack: TCP/UDP Chargen] from source: 194.168.4.100, port 53, Thursday, March 04, 2021 13:44:24
[DoS Attack: ARP Attack] from source: 81.98.80.1, Thursday, March 04, 2021 13:46:16
[DHCP IP: 192.168.1.4] to MAC address 7a:a1:db:21:01:1b, Thursday, March 04, 2021 13:51:24
[DumaOS] DHCP new event., Thursday, March 04, 2021 13:51:24
[DumaOS] DHCP lease change., Thursday, March 04, 2021 13:51:24
[DoS Attack: ACK Scan] from source: 86.86.173.75, port 80, Thursday, March 04, 2021 13:55:16
[DoS Attack: SYN/ACK Scan] from source: 84.201.185.110, port 80, Thursday, March 04, 2021 14:01:11
[DoS Attack: SYN/ACK Scan] from source: 23.228.66.219, port 6667, Thursday, March 04, 2021 14:05:12
[DHCP IP: 192.168.1.7] to MAC address 08:3e:8e:b5:54:b7, Thursday, March 04, 2021 14:15:09
[DumaOS] DHCP new event., Thursday, March 04, 2021 14:15:09
[DumaOS] DHCP lease change., Thursday, March 04, 2021 14:15:09
[DHCP IP: 192.168.1.11] to MAC address 70:af:24:0b:b6:0b, Thursday, March 04, 2021 14:30:23
[DumaOS] DHCP new event., Thursday, March 04, 2021 14:30:23
[DumaOS] DHCP lease change., Thursday, March 04, 2021 14:30:23
[DoS Attack: TCP/UDP Echo] from source: 194.168.4.100, port 53, Thursday, March 04, 2021 14:38:31
[DoS Attack: TCP/UDP Echo] from source: 194.168.4.100, port 53, Thursday, March 04, 2021 14:38:31
[DoS Attack: TCP/UDP Echo] from source: 194.168.8.100, port 53, Thursday, March 04, 2021 14:38:31
[DoS Attack: TCP/UDP Echo] from source: 194.168.4.100, port 53, Thursday, March 04, 2021 14:38:32
[DoS Attack: TCP/UDP Echo] from source: 194.168.8.100, port 53, Thursday, March 04, 2021 14:38:32
[DoS Attack: TCP/UDP Echo] from source: 194.168.4.100, port 53, Thursday, March 04, 2021 14:38:34
[DoS Attack: TCP/UDP Echo] from source: 194.168.8.100, port 53, Thursday, March 04, 2021 14:38:34
[DoS Attack: TCP/UDP Echo] from source: 194.168.4.100, port 53, Thursday, March 04, 2021 14:38:38
[DoS Attack: TCP/UDP Echo] from source: 194.168.8.100, port 53, Thursday, March 04, 2021 14:38:38
[DoS Attack: SYN/ACK Scan] from source: 54.36.178.5, port 25565, Thursday, March 04, 2021 14:39:55
[DHCP IP: 192.168.1.11] to MAC address 70:af:24:0b:b6:0b, Thursday, March 04, 2021 15:00:54
[DumaOS] DHCP new event., Thursday, March 04, 2021 15:00:54
[DumaOS] DHCP lease change., Thursday, March 04, 2021 15:00:54
[DoS Attack: ACK Scan] from source: 67.210.208.53, port 10009, Thursday, March 04, 2021 15:08:09
[DoS Attack: ACK Scan] from source: 67.210.208.53, port 10009, Thursday, March 04, 2021 15:08:30
[DoS Attack: ACK Scan] from source: 93.158.134.119, port 443, Thursday, March 04, 2021 15:19:15
[DoS Attack: ACK Scan] from source: 93.158.134.119, port 443, Thursday, March 04, 2021 15:19:25
[DoS Attack: ACK Scan] from source: 93.158.134.119, port 443, Thursday, March 04, 2021 15:19:35
[DoS Attack: ACK Scan] from source: 93.158.134.119, port 443, Thursday, March 04, 2021 15:19:45
[DoS Attack: ACK Scan] from source: 93.158.134.119, port 443, Thursday, March 04, 2021 15:19:56
[DoS Attack: ACK Scan] from source: 93.158.134.119, port 443, Thursday, March 04, 2021 15:20:06
[DoS Attack: SYN/ACK Scan] from source: 54.37.245.236, port 30120, Thursday, March 04, 2021 15:22:04
[DHCP IP: 192.168.1.7] to MAC address 08:3e:8e:b5:54:b7, Thursday, March 04, 2021 15:31:58
[DumaOS] DHCP new event., Thursday, March 04, 2021 15:31:58
[DumaOS] DHCP lease change., Thursday, March 04, 2021 15:31:58
[DHCP IP: 192.168.1.7] to MAC address 08:3e:8e:b5:54:b7, Thursday, March 04, 2021 15:32:00
[DumaOS] DHCP new event., Thursday, March 04, 2021 15:32:00
[DumaOS] DHCP lease change., Thursday, March 04, 2021 15:32:00
[DHCP IP: 192.168.1.7] to MAC address 08:3e:8e:b5:54:b7, Thursday, March 04, 2021 15:32:02
[DumaOS] DHCP new event., Thursday, March 04, 2021 15:32:02
[DumaOS] DHCP lease change., Thursday, March 04, 2021 15:32:02
[admin login] from source 192.168.1.7, Thursday, March 04, 2021 15:32:40

Model: XR500|Nighthawk Pro Gaming Router
Message 1 of 5
microchip8
Master

Re: Dos attack

A lot of these entries are false positives. NETGEAR is notoriously known for producing false positives and thus straining the router. I'd suggest turning off DoS protection and see if it fixes the issue you have

Routing: NETGEAR RAX43 - Firmware: V1.0.11.112 (1 Gbps down, 50 Mbps up)
Switching: 2x NETGEAR 8-ports (GS108v4) / 1x NETGEAR 16-ports (JGS516v2)
Desktop: AMD Ryzen 7 3700X - Server: Intel Core i7-7700K - NAS: Intel Pentium G4400, 20 TB
Message 2 of 5
Nottechatall
Luminary

Re: Dos attack

Thanks will give it a try 👍🏻
Message 3 of 5

Re: Dos attack


@microchip8 wrote:

I'd suggest turning off DoS protection and see if it fixes the issue you have


A safer option might be to turn off logging of DoS attacks. This does nothing to change the function of the device.

 

  • Advanced
  • Administration
  • Logs
  • Uncheck "Known DoS attacks and Port Scans"

 

The logging uses up processor time and that can lead to the crashes and slowdowns that some people experience.

 

Turning off QoS and other processor intensive features, such as traffic metering, can also help.

 

 

 

 

Just another user.

My network DM200 -> R7800 -> GS316 -> PL1000 -> Orbi RBR40 -> Orbi RBS50Y -> RBS40V
Message 4 of 5
microchip8
Master

Re: Dos attack


@michaelkenward wrote:

@microchip8 wrote:

I'd suggest turning off DoS protection and see if it fixes the issue you have


A safer option might be to turn off logging of DoS attacks. This does nothing to change the function of the device.

 

  • Advanced
  • Administration
  • Logs
  • Uncheck "Known DoS attacks and Port Scans"

 

The logging uses up processor time and that can lead to the crashes and slowdowns that some people experience.

 

Turning off QoS and other processor intensive features, such as traffic metering, can also help.

 

 

 


Actually, logging is cheap but blocking/filtering with the Linux firewall which is used for DoS prevention is expensive CPU-wise. I run Linux at home on 4 PCs and know very well how iptables behaves when you're dealing with a large set of IP blocking/filtering, especially on routers with limited processing power. Turning off logging will give you a false sense of "security" due to the large amount of false positive. Logging off is not enough to relieve the CPUs on these routers

Routing: NETGEAR RAX43 - Firmware: V1.0.11.112 (1 Gbps down, 50 Mbps up)
Switching: 2x NETGEAR 8-ports (GS108v4) / 1x NETGEAR 16-ports (JGS516v2)
Desktop: AMD Ryzen 7 3700X - Server: Intel Core i7-7700K - NAS: Intel Pentium G4400, 20 TB
Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 893 views
  • 2 kudos
  • 3 in conversation
Announcements

Orbi WiFi 6E