As part of my Obssessive Compulsive Disorder, I collect and save the Orbi log from two RBR50 systems, storing each in an Excel file by the month.  There is no practical value to doing this, but it doesn't hurt anybody and is cheaper than fly fishing or playing golf.


One system connected to a small fiber optic network in North Carolina has been filling the Orbi log every three minutes for about eight hours with "[DoS Attack: SYN/ACK Scan]".  One Excel file holds only about 32,000 lines so I have another 90-odd log reports to process, but there is a definite pattern. It appears that only about 4-6 scans come from each individual IP addresse, always from ports 21, 22, 23, 53, 80, 443, and 7547 (a well-known vulnerability of some routers).  One IP address will hit the Public IP with 4-6 attempts and then never show up again.


Either someone is spoofing thousands of IP addresses (but, why?) or there are thousands of devices "out there" that have been sent on a mission to search for open ports.


My Orbi connected to Spectrum shows the typical number of "attacks", about 110 of various types in a 24-hour period.  This has happened every day for the past year.  I consider it "normal."  I have seen comments that Orbi is "too sensitive" about deciding random connection attempts are "attacks".


But, filling the Orbi log every three minutes?  Wow!




