× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973
Reply

DoS messages in log (lead to disconnects)

menmr
Aspirant

DoS messages in log (lead to disconnects)

The Dos messages lead to disconnects of the device or disconnects vpn which the device (in this case laptops) is using. What should i do about this?

 

[admin login] from source 192.168.1.11, Tuesday, March 24, 2020 11:44:34
[DoS Attack: ARP Attack] from source: 192.168.1.12, Tuesday, March 24, 2020 11:44:17
[DHCP IP: 192.168.1.11] to MAC address 3c:15:c2:bc:79:8e, Tuesday, March 24, 2020 10:56:33
[DoS Attack: ARP Attack] from source: 192.168.1.12, Tuesday, March 24, 2020 10:22:47
[DHCP IP: 192.168.1.11] to MAC address 3c:15:c2:bc:79:8e, Tuesday, March 24, 2020 09:53:10
[DHCP IP: 192.168.1.12] to MAC address 10:63:c8:31:eb:c9, Tuesday, March 24, 2020 09:13:36
[DoS Attack: ARP Attack] from source: 192.168.1.12, Tuesday, March 24, 2020 09:12:08
[DHCP IP: 192.168.1.16] to MAC address c4:61:8b:80:56:ca, Tuesday, March 24, 2020 08:52:02

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 1 of 9
FURRYe38
Guru

Re: DoS messages in log (lead to disconnects)

What is the Manufacturer and model of this device at 192.168.1.12?

 

Do you have any Armor or Circle features enabled? 

 

Has a factory reset and setup from scratch been performed since last FW update? 

Message 2 of 9
menmr
Aspirant

Re: DoS messages in log (lead to disconnects)

The device on that IP adres is a Lenovo ThinkPad E495 laptop. Armor is activated, Disney Circle is not. The system is new and has been setup with the new firmware installed....

Message 3 of 9
FURRYe38
Guru

Re: DoS messages in log (lead to disconnects)

Is Armor set up to allow this device? 

You may need to reset the RBR and setup from scratch. This time, do not enable Armor and see if this same laptop appears as a DDoS attack. 

Message 4 of 9
CrimpOn
Guru

Re: DoS messages in log (lead to disconnects)


@menmr wrote:

The device on that IP adress is a Lenovo ThinkPad E495 laptop. Armor is activated, Disney Circle is not. The system is new and has been setup with the new firmware installed....


Netgear has a forum devoted to Armor at https://community.netgear.com/t5/NETGEAR-Armor/bd-p/en-home-armor 

Generally, one would not expect a device within an Orbi LAN to be causing mischief unless it is infected.  While seeking answers from the people who have practical experience with Armor, it might be an opportune time to do a virus check and mailware check on the Lenovo.

 

Good Luck

Message 5 of 9
schumaku
Guru

Re: DoS messages in log (lead to disconnects)


@menmr wrote:

The Dos messages lead to disconnects of the device or disconnects vpn which the device (in this case laptops) is using.

 


Na, more the other way round - leaving alone what is causing the disconnection, the DoS is an effect after a connection loss.

Message 6 of 9
CrimpOn
Guru

Re: DoS messages in log (lead to disconnects)

I feel compelled to mention that I have been collecting every Orbi log on two separate systems (since March, 2019 for one and since August, 2019 for the other).  Both logs show hundreds of these "DoS" events every month, yet neither system has ever "gone down".  Back when I worked in industry, our main router would log millions of "attempts" every day.  (We had a ClassB address space.)  The very fact that Orbi has recognized a pattern of incoming packets and logged something indicates that the Orbi has successfully ignored them.

 

I have no doubt that "something is wrong".  But these DoS attempts are irrelevant.  I should ask the group, "Does anybody have an Orbi that does not log DoS attempts all the time, yet your Orbi stays up?"

Message 7 of 9
schumaku
Guru

Re: DoS messages in log (lead to disconnects)


@CrimpOn wrote:

Both logs show hundreds of these "DoS" events every month, yet neither system has ever "gone down"..


With "gone down" I have things in mind like mobile device roaming off from the home WiFi, computers falling at sleep or simply cut off from the network (cable disconnected) or from the power, .. .the IP stacks out there try to keep the connection active, the NAT router does try to find the device on the LAN - or the other way round where thr NAT router (or something in the routing outside) does bullocks and the IP stacks on the LAN system try an ARP lookup, ...


@CrimpOn wrote:

Back when I worked in industry, our main router would log millions of "attempts" every day.  (We had a ClassB address space.) .


Correct, absolute standard! And then the many unknown ones sliding through under the hood...


Message 8 of 9
CrimpOn
Guru

Re: DoS messages in log (lead to disconnects)

Sorry.  Looking back, my wording was not what I intended.  (There's an extra "not" in there.)


@CrimpOn wrote:

I should ask the group, "Does anybody have an Orbi that does not log DoS attempts all the time, yet your Orbi stays up?"


What I intended to ask was along the lines of a Poll:  "Does anybody watch the Orbi log and find that they have none of these DoS attempts in the log?  If your log shows attempts every day, how often does your Orbi 'fail' in any way?" I have only two Orbi systems.

Message 9 of 9
Top Contributors
Discussion stats
  • 8 replies
  • 1055 views
  • 0 kudos
  • 4 in conversation
Announcements

Orbi WiFi 7