Orbi WiFi 7 RBE973

dos attack in logs

dagreek
Aspirant

dos attack in logs

Hi, I am getting multiple dos attacks in my logs...During this time my isp modem goes offline and I lose internet... About 5 minutes later it comes back. This happens pretty much on a daily basis some days once, other days multiple times... What can be done to stop this? I have changed my modem got new ip address but it comes back. I released and renewed with new ip address on the router too.. using a vpn service too... this is a home network, have multiple laptops and desktops connected all running windows 10.... PLEASE HELP!!! This is driving me bonkers....

 

[DoS attack: ACK Scan] from source: 162.241.216.182:443 Monday, August 09,2021 16:54:53
[DoS attack: ACK Scan] from source: 23.2.106.84:80 Monday, August 09,2021 16:45:04
[DoS attack: ACK Scan] from source: 23.2.106.84:80 Monday, August 09,2021 15:51:02
[DoS attack: ACK Scan] from source: 23.2.106.84:80 Monday, August 09,2021 15:40:39
[DoS attack: ACK Scan] from source: 23.2.106.84:80 Monday, August 09,2021 15:38:08
[DoS attack: ACK Scan] from source: 23.2.106.84:80 Monday, August 09,2021 15:19:16
[DoS attack: ACK Scan] from source: 23.2.106.84:80 Monday, August 09,2021 15:18:23
[DoS attack: ACK Scan] from source: 174.34.133.151:443 Monday, August 09,2021 14:15:58
[DoS attack: ACK Scan] from source: 104.17.254.46:443 Monday, August 09,2021 14:14:39
[DoS attack: ACK Scan] from source: 174.34.133.151:443 Monday, August 09,2021 14:13:47
[DoS attack: ACK Scan] from source: 104.17.255.46:443 Monday, August 09,2021 14:12:31
[DoS attack: ACK Scan] from source: 174.34.133.151:443 Monday, August 09,2021 14:09:55
[DoS attack: ACK Scan] from source: 52.226.139.121:443 Monday, August 09,2021 14:08:44
[DoS attack: ACK Scan] from source: 52.226.139.121:443 Monday, August 09,2021 14:06:46
[DHCP IP: (xxx.xxx.x.x)] to MAC address xxxxxxxxxxx Monday, August 09,2021 14:05:56
[DHCP IP: (xxx.xxx.x.x)] to MAC address xxxxxxxxxxxx Monday, August 09,2021 14:05:43
[DoS attack: ACK Scan] from source: 23.2.106.84:80 Monday, August 09,2021 13:58:48
[DoS attack: ACK Scan] from source: 23.2.106.84:80 Monday, August 09,2021 13:21:34
[Time synchronized with NTP server time-a.netgear.com] Monday, August 09,2021 12:32:22
[Internet connected] IP address: xx.xxx.x.x Monday, August 09,2021 12:32:02
[Internet disconnected] Monday, August 09,2021 12:32:01
[DoS attack: ACK Scan] from source: 23.105.168.229:443 Monday, August 09,2021 12:16:54
[DoS attack: ACK Scan] from source: 23.105.168.229:443 Monday, August 09,2021 12:14:53
[DoS attack: ACK Scan] from source: 23.2.106.84:80 Monday, August 09,2021 12:10:14
[DoS attack: UDP Port Scan] from source: 185.53.90.101:5084 Monday, August 09,2021 12:08:28
[DoS attack: ACK Scan] from source: 23.105.168.229:443 Monday, August 09,2021 12:06:50
[DoS attack: ACK Scan] from source: 172.65.202.202:443 Monday, August 09,2021 12:04:37
[DoS attack: ACK Scan] from source: 23.105.168.221:443 Monday, August 09,2021 12:04:05
[DoS attack: ACK Scan] from source: 172.65.202.202:443 Monday, August 09,2021 12:03:44
[DoS attack: ACK Scan] from source: 23.105.168.229:443 Monday, August 09,2021 12:03:21
[DoS attack: ACK Scan] from source: 23.2.106.84:80 Monday, August 09,2021 11:46:55
[DoS attack: ACK Scan] from source: 107.174.11.2:80 Monday, August 09,2021 11:31:56
[DHCP IP: (xxx.xxx.x.x)] to MAC address xxxxxxxxxxxxx Monday, August 09,2021 11:06:09

Model: R6900|Nighthawk AC1900 Smart WiFi Router
Message 1 of 5
microchip8
Master

Re: dos attack in logs

Most DoS attacks on NETGEAR routers are false positive (like 98-99 %) and come from legitimate companies. As a first step, you can disable logging of these attacks. If that doesn't work, you can disable DoS pprotection altogether. I run almost 4 years with DoS protection off and have yet to see something fishy

 

The router will not protect you if 98-99% of these are false positives but it puts a heavy strain on the firewall/iptables which is far more expensive than turning DoS logging

Message 2 of 5

Re: dos attack in logs

@microchip8 is spot on about these log entries. I step in only to add another thing to look for.

 

As they say

 


@microchip8 wrote:

Most DoS attacks on NETGEAR routers are false positive (like 98-99 %) and come from legitimate companies.


You can have fun by checking that out.

 

Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.

 

Here is a useful tool for that task:

 

IPNetInfo: Retrieve IP Address Information from WHOIS servers

 

If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.

 

As @microchip8 says, you can also disable DoS protection if you still have problems.

 

Message 3 of 5
dagreek
Aspirant

Re: dos attack in logs

The issue I am having is, I lose internet from the ISP maybe once, twice or three times in a day sometimes more, All cables have been checked and re checked. New modem too... when I lose service, I look into the router logs and everytime I lose service I see all these attacks that happened seconds before I lose service... I am not a tech guy, but logic and other people (techs) tell me that when it floods the ip address with attacks the modem will just kick offline.. Turning off logging in my opinion is like sticking your head in the sand...

Message 4 of 5

Re: dos attack in logs


@dagreek wrote:

I am not a tech guy, but logic and other people (techs) tell me that when it floods the ip address with attacks the modem will just kick offline..


Read the earlier messages again.

 

Nothing is flooding you with attacks. Netgear has written firmware that flags up this innocent traffic (from the like of Google, Amazon, Facebook and others) as DoS attacks. Think of it as the router equivalent of crying wolf.

 


@dagreek wrote:

Turning off logging in my opinion is like sticking your head in the sand...


 

Turning off logging is no such thing. It is just telling your router to ignore these false alarms.

 

Turning of logging also means that your router's processor does not bust a gut and stop working because it is tied up handling this noise.

 

The choice is yours. Live with the disconnections or turn off the pointless messages that may cause them.

 

Had we advised you to "disable DoS protection" you might have a point.. But in reality many people do exactly that and experience no harmful effects. I have never felt the need to do that because my router doesn't fall over.

 

 

 

 

 

 

 

Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 7955 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi WiFi 7