NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RedBatman89
Nov 25, 2019Guide
DOS attack from Germany now?
This has been showing in my logs recently.
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Monday, November 25, 2019 09:42:27
https://www.ipinfolookup.com/148.251.48.231
Website confirms it's from Berlin, another orbi user posted on there too.
21 Replies
- FURRYe38Guru - Experienced User
The router is doing it's job by blocking that and reporting it to you. If you think these are becoming more and more prominent, contact your ISP and have them change your WAN IP address.
FURRYe38 wrote:The router is doing it's job by blocking that and reporting it to you. If you think these are becoming more and more prominent, contact your ISP and have them change your WAN IP address.
Wow so I come back home after work today and a buch of these dos attack logs showed up around noon today even going to almost 2pm. Same IP address from Germany too. Heck my modem apparently went done a few times today as well I checked my modem logs and loads of uncorrectables and event log had a bunch of errors as well for my SB6190. Apparnelty according to down detector a bucnh of the US today had issues with Comcast internet.
So yeah maybe it is time to change WAN, unless I could block offending IP's manually. Anyway I could do that?
- FURRYe38Guru - Experienced User
The firewall in the RBR is already blocking. It's just reporting what it's seeing. I would make contact with your ISP and let them know whats happening and have them change your WAN IP address there giving you. Usually a power OFF of the ISP modem for 1 minute will be needed. Also something to do, power OFF The ISP modem over night then back on or leave it off if nobody is home for a extended period of time. This can trigger a new IP address from the ISP sometimes.
- KillhippieProdigy
I'm having the same, my logs get filled with attacks from this IP to the same port or port 50003. All this has happened since the firmware update for me the other day, and the router has been factory reset. I have a static IP, but the DoS logs starts as soon as the router boots up with literally everything else turned off. Really odd.
- Ken2122Tutor
Interesting. I rarely check my logs (guess I should).....since October 31, 2019, I am getting hammered everyday by DoS attacks. Looks like Orbi is doing its thing and blocking. My ISP is Comcast. I have an Orbi RBR50 (FW v2.3.5.30).
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002
[DoS Attack: SYN/ACK Scan] from source: 194.88.104.9, port 80
DoS Attack: TCP/UDP Chargen] from source: 80.82.77.245, port 50535
[DoS Attack: SYN/ACK Scan] from source: 195.201.167.44, port 443
I may check-out Reddit-Comcast or DSLReports-Comcast to see if others are reporting an uptick.
- FURRYe38Guru - Experienced User
Id contact your ISP and have them help you with this as well. See if they can get you a different WAN IP.
whois.domaintools.com
Ken2122 wrote:Interesting. I rarely check my logs (guess I should).....since October 31, 2019, I am getting hammered everyday by DoS attacks. Looks like Orbi is doing its thing and blocking. My ISP is Comcast. I have an Orbi RBR50 (FW v2.3.5.30).
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002
[DoS Attack: SYN/ACK Scan] from source: 194.88.104.9, port 80
DoS Attack: TCP/UDP Chargen] from source: 80.82.77.245, port 50535
[DoS Attack: SYN/ACK Scan] from source: 195.201.167.44, port 443
I may check-out Reddit-Comcast or DSLReports-Comcast to see if others are reporting an uptick.