×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

DoS Attacks in Log

fmalloy
Luminary
Luminary
‎2020-05-27 03:22 PM
‎2020-05-27 03:22 PM

DoS Attacks in Log

New Orbi yesterday, coming from an (awful) Nighthawk R7000. Looking at the log, seeing attacks I never saw with the R7000. Lots of these:

 

[DoS Attack: SYN/ACK Scan] from source: 51.79.160.249, port 55901, Wednesday, May 27, 2020 11:15:21
[DoS Attack: ACK Scan] from source: 162.125.7.13, port 443, Wednesday, May 27, 2020 09:58:20

[DoS Attack: TCP/UDP Echo] from source: 83.97.20.35, port 41468, Wednesday, May 27, 2020 13:21:39

 

I guess it's saying that the router firewall is doing its job, but something to be concerned about?

Model: RBR20|Orbi AC2200 Tri-band WiFi Router
Message 1 of 3
3 people had this problem.
0 Kudos
Reply

Accepted Solutions
CrimpOn
Guru Guru
Guru
‎2020-05-27 03:31 PM
‎2020-05-27 03:31 PM

Re: DoS Attacks in Log

@fmalloy wrote:

I guess it's saying that the router firewall is doing its job, but something to be concerned about?

You are correct.  The firewall is doing what it is supposed to.  There is an option in the Orbi web interface to stop displaying these reports.  I personally leave them in the log for entertainment.  I have never found documentation for what the firewall notice is actually describing, which would make the log more informative.  When I look at my Orbi WAN traffic with Wireshark, for example, my cable system appears to be flooded with ARP packets.  What has led Orbi to think that they are directed at me? And, how many does it take to be a "scan"?

 

p.s. I have kept every Orbi log for over a year.  There are reports such as these every day, and my Orbi has never gone down.

View solution in original post

Message 2 of 3
Reply

All Replies
CrimpOn
Guru Guru
Guru
‎2020-05-27 03:31 PM
‎2020-05-27 03:31 PM

Re: DoS Attacks in Log

@fmalloy wrote:

I guess it's saying that the router firewall is doing its job, but something to be concerned about?

You are correct.  The firewall is doing what it is supposed to.  There is an option in the Orbi web interface to stop displaying these reports.  I personally leave them in the log for entertainment.  I have never found documentation for what the firewall notice is actually describing, which would make the log more informative.  When I look at my Orbi WAN traffic with Wireshark, for example, my cable system appears to be flooded with ARP packets.  What has led Orbi to think that they are directed at me? And, how many does it take to be a "scan"?

 

p.s. I have kept every Orbi log for over a year.  There are reports such as these every day, and my Orbi has never gone down.

Message 2 of 3
Reply
michaelkenward
Guru Guru
Guru
‎2020-05-28 04:32 AM
‎2020-05-28 04:32 AM

Re: DoS Attacks in Log

Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.

 

Search - NETGEAR Communities – DoS attacks

 

Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.

 

Here is a useful tool for that task:

 

IPNetInfo: Retrieve IP Address Information from WHOIS servers

 

In your case, one of those attacks is from Dropbox another is from OVH Hosting, Inc. They may be familiar to you.

 

If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.

 

 

Message 3 of 3
Reply
Top Contributors
See All
Discussion stats
  • 2 replies
  • ‎2020-05-27 03:22 PM
  • 24503 views
  • 2 kudos
  • 3 in conversation
Announcements

Orbi WiFi 7