×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

RBR40 Firmware Version V2.5.1.22 DoS (denial of service) attacks

dostwill
Follower
Follower
‎2020-12-16 09:24 AM
‎2020-12-16 09:24 AM

RBR40 Firmware Version V2.5.1.22 DoS (denial of service) attacks

Here's a snipit of my logs. Seems I'm getting continuous DoS attack that momentarily disrupts service. It's a pain when working from home. 

Anyone know of a solution?

 

[admin login] from source 192.168.1.7, Wednesday, December 16, 2020 09:19:30
[DoS Attack: ACK Scan] from source: 175.194.22.2, port 1124, Wednesday, December 16, 2020 08:56:29
[admin login] from source 192.168.1.7, Wednesday, December 16, 2020 08:45:58
[DHCP IP: 192.168.1.10] to MAC address 00:1e:c0:19:5d:aa, Wednesday, December 16, 2020 08:44:03
[DoS Attack: ACK Scan] from source: 222.119.65.210, port 57451, Wednesday, December 16, 2020 08:29:02
[admin login] from source 192.168.1.7, Wednesday, December 16, 2020 08:24:13
[DHCP IP: 192.168.1.7] to MAC address a4:83:e7:bc:76:b8, Wednesday, December 16, 2020 08:24:07
[DoS Attack: ACK Scan] from source: 162.125.7.20, port 443, Wednesday, December 16, 2020 08:23:52
[DHCP IP: 192.168.1.17] to MAC address 4c:1d:96:ad:fc:ff, Wednesday, December 16, 2020 08:22:17

Message 1 of 2
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2020-12-16 10:51 AM
‎2020-12-16 10:51 AM

Re: RBR40 Firmware Version V2.5.1.22 DoS (denial of service) attacks

@dostwill wrote:

Here's a snipit of my logs. Seems I'm getting continuous DoS attack that momentarily disrupts service. It's a pain when working from home. 

Anyone know of a solution?

I monitor the logs for two Orbi systems. For over 18 months, both systems have reported DOS attempts all day, every day. (So far this month, one Orbi has logged 1,042.  About 70 per day.  There were a couple of occasions where attempts were logged every five minutes for ove 24 hours straight.  Yet, neither system ever loses connectivity.

 

There are some things to keep in mind:

  • This cannot be avoided.  Orbi's have a public IP address, just as we have public street addresses and telephone numbers.  Anyone who wants to can send connection attempts to the Orbi IP, just as they can send junk mail to our mailbox and robocalls to our telephones.
  • The Orbi is not in danger.  Orbi routers (like all residential routers) will not accept connection attempts from the internet unless the user has specifically told it to (by "opening ports", enabling Remote Management, or enabling OpenVPN).  The Orbi log simply says, "there was a string of packets that arrived and my program classifies them as an attack. I did not accept any of them."
  • Including these entries in the Orbi log file is an option.  I throw away junk mail without recording that I got it.  I do not keep a log of phone calls that I choose not to answer.  But, as a curiosity I have the Orbi record them.  There are some users who believe that collecting this information consumes significant Orbi CPU resources, so they prefer not to log them. This is done on the Orbi page among the options toward the bottom of the screen.

I do not doubt for a minute that there are service interruptions.  People post constantly about them.  Since my Orbi remains up for months at a time (37  days since the most recent Edison power outage), I am at a loss to explain how it happens to some people and not to others.  People say their Orbi's reboot spontaneously all the time.  They're not making up this stuff.

 

So, my "bottom line" is that those "attacks" are normal and are not likely to be what is causing the problem, but I have no clue what it is.

 

Message 2 of 2
Reply
Top Contributors
See All
Discussion stats
  • 1 reply
  • ‎2020-12-16 09:24 AM
  • 307 views
  • 1 kudo
  • 2 in conversation
Announcements

Orbi WiFi 7