Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

DoS Attacks from Level 3 Parent, LLC

Ale-Bun
Aspirant
Aspirant
‎2020-11-25 02:51 PM
‎2020-11-25 02:51 PM

DoS Attacks from Level 3 Parent, LLC

Hello,

 

For a while now i've been getting DoS Flooding attack from [DoS attack] ICMP Flood from 4.71.251.139 and another one from 35.181.49.150... and more. I run who's on both iP's and comes up as Level 3 Parents, LLC (Century link) and Amazon Technologies Inc. I've also checked the devices connected to the router and only the devices i own are listed. I don't have CenturyLink service or Amazon.

 

The Netgear product virsion is shown below. V3.01.12

 

Its also worth mentioning that, the product i own is listed as vulnerable products:

https://kb.netgear.com/000038560/Security-Advisory-for-Vulnerability-on-Select-Cable-Modems-and-Gate...

 

Does anyone have a solution?

Model: C6300|AC1750 Cable Modem Router Docsis 3.0
Message 1 of 7
0 Kudos
Reply
FURRYe38
Guru Guru
Guru
‎2020-11-25 02:57 PM
‎2020-11-25 02:57 PM

Re: DoS Attacks from Level 3 Parent, LLC

See if your ISP will change your WAN IP address on the modem. 

Also power OFF the modem for 1 minute or more if you can to see if the IP address will change on the modem. 

Might contact your ISP for additional help and information. 

Message 2 of 7
Reply
Ale-Bun
Aspirant
Aspirant
‎2020-11-25 03:22 PM
‎2020-11-25 03:22 PM

Re: DoS Attacks from Level 3 Parent, LLC

@FURRYe38 wrote:

See if your ISP will change your WAN IP address on the modem. 

Also power OFF the modem for 1 minute or more if you can to see if the IP address will change on the modem. 

Might contact your ISP for additional help and information. 

Starting with ISP WAN IP change and will see about troubleshooting more. Will update to see if this wlll resolve the issue.

 

Thank you,

Model: C6300|AC1750 Cable Modem Router Docsis 3.0
Message 3 of 7
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2020-11-25 05:51 PM
‎2020-11-25 05:51 PM

Re: DoS Attacks from Level 3 Parent, LLC

@Ale-Bun wrote:

For a while now i've been getting DoS Flooding attack from [DoS attack] ICMP Flood from 4.71.251.139 and another one from 35.181.49.150... and more. I run who's on both iP's and comes up as Level 3 Parents, LLC (Century link) and Amazon Technologies Inc. I've also checked the devices connected to the router and only the devices i own are listed. I don't have CenturyLink service or Amazon.

The important question is "how are you informed about these events?"  Is it from the router log file?

 

Once any device is connected to the internet, there are gazillions of folks out there who will probe the public IP address.  At my last job, we would log millions of "attacks" every day.  My own Orbi logs several hundred every day.  The point is that the router has identified and blocked these attempts to connect.  If seeing the log entries is concerning, there is probably an option to turn off the logging.  If your ISP gives you a new IP address, that IP will be probed immediately.

 

There have been several commentators on the forum who sincerely believe that the Netgear firmware mid-identifies things as "attacks" that are not.  (I have no opinion on this, as I am not concerned about them.)

 

For additional peace of mind, it might be useful to post in the Netgear community forum for the product (C6300), rather than in this Orbi forum.  Many "vulnerable" products have updated firmware.

 

Countless devices and applications connect to Amazon Web Services, which is only one of dozens of "clouds".  (It would be a serious effort to count how many "clouds" my house is connected to.)  You may not have an Amazon "device" in your house, but you could have something that "talks to Amazon".

 

 

Message 4 of 7
Reply
Ale-Bun
Aspirant
Aspirant
‎2020-11-25 08:13 PM
‎2020-11-25 08:13 PM

Re: DoS Attacks from Level 3 Parent, LLC

@vajim wrote:

 

If you’re not able to reset your IP address on your own, you may contact your ISP directly to request a new address.

If you’re a frequent target of DDoS attacks, you can ask for a “dynamic IP,” which changes your IP address on a regular schedule. However, many ISPs don’t allow consumer-level users to hold a dynamic IP and it often is not effective against a determined attacker. Additionally, a dynamic IP may lead to technical difficulties with your chosen streaming site if you’re a regular game streamer.

good luck 

 

 

@vajimAccording to my ISP, at consumer level, IP addesses set to switch dynamically after turning the Modem Off for 4 to 5 hours. However, that does not seem to help resolve the issue. The next option i have is to use a Static IP.

Message 5 of 7
0 Kudos
Reply
Ale-Bun
Aspirant
Aspirant
‎2020-11-25 08:27 PM
‎2020-11-25 08:27 PM

Re: DoS Attacks from Level 3 Parent, LLC

@CrimpOn wrote:
@Ale-Bun wrote:

For a while now i've been getting DoS Flooding attack from [DoS attack] ICMP Flood from 4.71.251.139 and another one from 35.181.49.150... and more. I run who's on both iP's and comes up as Level 3 Parents, LLC (Century link) and Amazon Technologies Inc. I've also checked the devices connected to the router and only the devices i own are listed. I don't have CenturyLink service or Amazon.

The important question is "how are you informed about these events?"  Is it from the router log file?

 

Once any device is connected to the internet, there are gazillions of folks out there who will probe the public IP address.  At my last job, we would log millions of "attacks" every day.  My own Orbi logs several hundred every day.  The point is that the router has identified and blocked these attempts to connect.  If seeing the log entries is concerning, there is probably an option to turn off the logging.  If your ISP gives you a new IP address, that IP will be probed immediately.

 

There have been several commentators on the forum who sincerely believe that the Netgear firmware mid-identifies things as "attacks" that are not.  (I have no opinion on this, as I am not concerned about them.)

 

For additional peace of mind, it might be useful to post in the Netgear community forum for the product (C6300), rather than in this Orbi forum.  Many "vulnerable" products have updated firmware.

 

Countless devices and applications connect to Amazon Web Services, which is only one of dozens of "clouds".  (It would be a serious effort to count how many "clouds" my house is connected to.)  You may not have an Amazon "device" in your house, but you could have something that "talks to Amazon".

 

@CrimpOnI check the router at times to see if its up to date or not and also see log files. To answer how i was informed, that is part of the router log file.

As for dismissing as fake report by the router, i did see that a lot in different places online and would be good to confirm from Netgear.

 

Message 6 of 7
0 Kudos
Reply
Ale-Bun
Aspirant
Aspirant
‎2020-11-25 08:37 PM
‎2020-11-25 08:37 PM

Re: DoS Attacks from Level 3 Parent, LLC

@vajim wrote:

Most are fake.  Do a search for Netgear DOS attacks.  Also keep in mind the 'D' in DOS stands for denial.  Are these logs from your modem or Orbi?

@vajimThis logs are from my router and not an Orbi system at all. To be honest, i did some search online for known DoS attacks and part of the report states its false report.

Message 7 of 7
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 6 replies
  • ‎2020-11-25 02:51 PM
  • 1317 views
  • 2 kudos
  • 3 in conversation
Announcements

Orbi WiFi 7