This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I'm seeing about 10 attacks per day in the logs. I've checked their IP's and they are not the false positive scenarios like Facebook, Amazon, or Dropbox.
I have noticed some Internet connection issues from one machine.
Here is a sample from the log:
[DoS attack: snmpQueryDrop] from source 104.140.188.22,port 50991 Sunday, Mar 28,2021 09:36:30 [DoS attack: snmpQueryDrop] from source 147.203.255.20,port 59285 Sunday, Mar 28,2021 09:32:10 [DoS attack: snmpQueryDrop] from source 167.71.186.157,port 44001 Sunday, Mar 28,2021 03:37:58 [DoS attack: snmpQueryDrop] from source 192.241.227.186,port 39491 Sunday, Mar 28,2021 00:43:15 [DoS attack: snmpQueryDrop] from source 104.152.52.24,port 53489 Saturday, Mar 27,2021 22:53:09 [DoS attack: snmpQueryDrop] from source 146.88.240.4,port 34380 Saturday, Mar 27,2021 20:54:14 [DoS attack: snmpQueryDrop] from source 192.35.168.125,port 58949 Saturday, Mar 27,2021 19:33:32 [DoS attack: snmpQueryDrop] from source 184.105.139.67,port 34756 Saturday, Mar 27,2021 18:25:42 [DoS attack: snmpQueryDrop] from source 89.248.167.193,port 48685 Saturday, Mar 27,2021 16:23:18 [DoS attack: snmpQueryDrop] from source 104.206.128.26,port 49765 Saturday, Mar 27,2021 10:10:09 [DoS attack: snmpQueryDrop] from source 37.49.229.191,port 39316 Saturday, Mar 27,2021 08:42:20 [DoS attack: snmpQueryDrop] from source 192.241.227.85,port 43263 Saturday, Mar 27,2021 07:47:17 [DoS attack: snmpQueryDrop] from source 74.120.14.26,port 22280 Saturday, Mar 27,2021 06:18:20 [DoS attack: snmpQueryDrop] from source 167.71.186.157,port 57601 Saturday, Mar 27,2021 00:18:59
I'm seeing about 10 attacks per day in the logs. I've checked their IP's and they are not the false positive scenarios like Facebook, Amazon, or Dropbox.
Should I be concerned?
Yes, Orbi's firewall does not accept connection attempts from the internet until the user deliberately sets up either port forwarding, Remote Administration, or OpenVPN. These log entries are the result of firewall logic which collects connection requests and attempts to assign them to categories. I monitor two Orbi systems and they both regularly log about 30 of these "attacks" every day. (Yes, every day.) I have seen comments that Netgear's logic is flowed and logs things as "attacks" that are not.
I do not recall seeing any "snmp" events in my log files.
Be Concerned? I think not. If you would rather not see the entries in the log file, there is an option to stop logging them.
I'm seeing about 10 attacks per day in the logs. I've checked their IP's and they are not the false positive scenarios like Facebook, Amazon, or Dropbox.
Should I be concerned?
Yes, Orbi's firewall does not accept connection attempts from the internet until the user deliberately sets up either port forwarding, Remote Administration, or OpenVPN. These log entries are the result of firewall logic which collects connection requests and attempts to assign them to categories. I monitor two Orbi systems and they both regularly log about 30 of these "attacks" every day. (Yes, every day.) I have seen comments that Netgear's logic is flowed and logs things as "attacks" that are not.
I do not recall seeing any "snmp" events in my log files.
Be Concerned? I think not. If you would rather not see the entries in the log file, there is an option to stop logging them.
