- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: DoS Attacks in Log
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
New Orbi yesterday, coming from an (awful) Nighthawk R7000. Looking at the log, seeing attacks I never saw with the R7000. Lots of these:
[DoS Attack: SYN/ACK Scan] from source: 51.79.160.249, port 55901, Wednesday, May 27, 2020 11:15:21
[DoS Attack: ACK Scan] from source: 162.125.7.13, port 443, Wednesday, May 27, 2020 09:58:20
[DoS Attack: TCP/UDP Echo] from source: 83.97.20.35, port 41468, Wednesday, May 27, 2020 13:21:39
I guess it's saying that the router firewall is doing its job, but something to be concerned about?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@fmalloy wrote:I guess it's saying that the router firewall is doing its job, but something to be concerned about?
You are correct. The firewall is doing what it is supposed to. There is an option in the Orbi web interface to stop displaying these reports. I personally leave them in the log for entertainment. I have never found documentation for what the firewall notice is actually describing, which would make the log more informative. When I look at my Orbi WAN traffic with Wireshark, for example, my cable system appears to be flooded with ARP packets. What has led Orbi to think that they are directed at me? And, how many does it take to be a "scan"?
p.s. I have kept every Orbi log for over a year. There are reports such as these every day, and my Orbi has never gone down.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@fmalloy wrote:I guess it's saying that the router firewall is doing its job, but something to be concerned about?
You are correct. The firewall is doing what it is supposed to. There is an option in the Orbi web interface to stop displaying these reports. I personally leave them in the log for entertainment. I have never found documentation for what the firewall notice is actually describing, which would make the log more informative. When I look at my Orbi WAN traffic with Wireshark, for example, my cable system appears to be flooded with ARP packets. What has led Orbi to think that they are directed at me? And, how many does it take to be a "scan"?
p.s. I have kept every Orbi log for over a year. There are reports such as these every day, and my Orbi has never gone down.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: DoS Attacks in Log
Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.
Search - NETGEAR Communities – DoS attacks
Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.
Here is a useful tool for that task:
IPNetInfo: Retrieve IP Address Information from WHOIS servers
In your case, one of those attacks is from Dropbox another is from OVH Hosting, Inc. They may be familiar to you.
If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more