With two people now working from home, I have noticed some unusual behaviors/slowdowns in browser response. I'm just learning the basics as far as diagnosing what might be improved and looked into the log on board my AX12. It shows a lot of "DoS Attack: ARP Attack" and "DoS Attack: TCP/UDP Echo" and "DoS Attack: SYN/ACK Scan". I can see the IP addresses associated with these attacks. I'm trying to figure out if these attacks might be the reasons for the change in performance/behavior on my browser and what to do to protect against/reduce/prevent them.
Interesting. I parsed through most of the log from Thursday/Friday and indeed most of the IP addresses were from Charter, but there were a few from China and Indonesia.
Rather than blocking IP addresses, should I look for Ports to block?
Interesting. I parsed through most of the log from Thursday/Friday and indeed most of the IP addresses were from Charter, but there were a few from China and Indonesia.
Rather than blocking IP addresses, should I look for Ports to block?
My internet provider is Spectrum (Charter) and had many DOS logged coming from IP within Spectrum. I was using an older firmware version for my router RAX80 1.0.1.56 after I upgraded to the latest 1.0.1.70 the entries went away. I believe the log entries with the older firmware were logged falsely. Because the router was logging the DOS attacks so often it was slowing down my connection. After I upgraded the firmware internet speed has returned to normal & no more DOS attack in the log.
My firmware is already on the latest (1.0.1.114) so I can't at the moment eliminate the DoS entries from the log, however, I accept that they may be false. Nevertheless I'm left trying to dianose why the addition of my wife's work PC to the network has resulted in a change in the behavior of the network. A response on a different forum has suggested that I place her work PC on an isolated "VLAN". Thoughts?
...I can't at the moment eliminate the DoS entries from the log...
I don't know what "eliminate" means.
We still don't know what this AX12 might be – perhaps RAX120 or RAX200 – but the browser graphical user interface on most Netgear routers allows you to clean out the logs.
Get the manual and read the bit View and Manage Logs of Router Activity.
This will also explain how to turn off logging for various events, including these events.
Disabling that bit of the logging does not reduce your protection from nasties, but it does mean that your router will not bust a gut, and slow itself down, as it tries to write those events into the logs.
A response on a different forum has suggested that I place her work PC on an isolated "VLAN". Thoughts?
I don't know what that means or where you read it, so my thoughts on that are worthless, beyond suggesting that trying a particular solution is not much help when you don't know what the problem is.
It does look like I have the ability to disable logging of DoS attacks, but I'm hesitant to do that if it will help me determine what the issue is. As you said, I "don't know what the problem is." I'm trying to figure out the best way to go about figuring out what the problem is.
My firmware is already on the latest (1.0.1.114) so I can't at the moment eliminate the DoS entries from the log, however, I accept that they may be false. Nevertheless I'm left trying to dianose why the addition of my wife's work PC to the network has resulted in a change in the behavior of the network. A response on a different forum has suggested that I place her work PC on an isolated "VLAN". Thoughts?
