×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

DoS attacks (ACK & STORM) - causing DNS issues and connection drops?

marteeleigh
Tutor
Tutor
‎2021-10-04 05:57 PM
‎2021-10-04 05:57 PM

DoS attacks (ACK & STORM) - causing DNS issues and connection drops?

This is a continuation of issues here: For the last month+, DNS issues and dropped Wi-Fi (now using R7000P) 

 

Netgear support emailed me back and said I have a DoS attack. This is part of the information they sent:

Based on the logs that you have provided, it appears that your router is experiencing a DOS attack. A Denial-of-service attack (DoS attack) is an attempt to make a computer or network resource unavailable to its intended users.
In a Denial of Service (DoS) attack, an attacker attempts to prevent the users from accessing information or services, usually by flooding the network with large amounts of fake traffic. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services on the affected computer.
You may find additional information and suggestion on this link [https://kb.netgear.com/19957/What-does-Disable-Port-Scan-and-DoS-Protection-do]. 

Having said that the router is under DoS attack, I highly recommend that you contact your ISP and ask them to reset your connection. Kindly relay to them that the reason for this request is due to a DOS attack that is visible on your Network.

 

Some of the items in my log:

  • [DoS attack: ACK Scan] attack packets in last 20 sec from ip [2.19.132.98], Monday, Sep 27,2021 04:49:39
  • [DoS attack: STORM] attack packets in last 20 sec from ip [72.21.81.237], Monday, Sep 27,2021 04:32:53
  • [DoS attack: ACK Scan] attack packets in last 20 sec from ip [23.62.158.65], Saturday, Oct 02,2021 19:04:13
  • [DoS attack: STORM] attack packets in last 20 sec from ip [206.81.81.71], Saturday, Oct 02,2021 20:32:44

I've contacted Sparklight (my ISP), as instructed. They said due to the issue, they can't even see my modem status (It's showing offline to them, even though I have internet access). Sparklight advised me to contact law enforcement. Whattttttt?

Today (before I learned about the DoS attacks), I actually switched from the R7000P to a TP-Link router, because I thought this was a Netgear router issue. There is nothing in the TP-Link router log that indicates any sort of DoS attack. BUT Sparklight still insists they can't access my modem (which I purchased separately). 

 

Can anyone please help me? 

 

Model: R7000P|Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router
Message 1 of 7
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2021-10-04 07:35 PM
‎2021-10-04 07:35 PM

Re: DoS attacks (ACK & STORM) - causing DNS issues and connection drops?

@marteeleigh wrote:

Can anyone please help me? 

 

I am puzzled how this issue popped up in the Netgear Orbi community forum, as there is no Orbi involved in the problem and whatever the problem is, it appears to affect both a Netgear router and a TP-Link router.

However.......

 

It would be helpful to understand exactly what is wrong, right now.

 

  • The Motorolla 8600 appears to be on the Sparklight list of approved modems:
    https://support.sparklight.com/hc/en-us/articles/115009158227-Supported-Cable-Modems-Residential-Onl... 
    If Sparklight is not able to access the modem, "something is wrong," and it has nothing to do with Netgear.
  • Is there still a "DNS Problem"?  What are the symptoms?
  • I can attest to the simple fact that "attacks" are constant and (in my opinion) have little effect on routers. I collect the logs from two Orbi systems and they both report "attacks" every day of the month, and they never fail.  How many Robo-Calls do you receive? Does your phone still function?

Sorry to appear confused, but this post has been going on for two weeks and I am unable to get a sense of "where things are".

 

 

 

Message 2 of 7
Reply
marteeleigh
Tutor
Tutor
‎2021-10-04 07:49 PM
‎2021-10-04 07:49 PM

Re: DoS attacks (ACK & STORM) - causing DNS issues and connection drops?

Oh, dear. User error. I can post again in the correct forum. 

 

But I appreciate you taking a moment to respond. 

 

As of this morning, I had the same issue (internet randomly dropped). The Nighthawk app couldn't resolve the issue, but the Netgear Genie on my work laptop forced a reboot, and I was reconnected. The Netgear support agent suggested I talk to my ISP, but my ISP said that due to the DoS attack, they can't access my modem. To my ISP, they show my modem as offline, even though that isn't the case. 

 

I guess I am uncertain what to do now. Both Sparklight and Netgear have been unhelpful in getting this resolved, and I really have no idea what I'm actually dealing with. Could this simply be a modem malfunction? A router malfunction (TWO different Nighthawk models)? Since I connected the TP-Link router, I see no DoS attacks in the log, and the internet connection has been fine. So do I need a new modem? 

 

Apologies for the question. I just have no idea where to go from here. 

Message 3 of 7
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2021-10-04 08:03 PM
‎2021-10-04 08:03 PM

Re: DoS attacks (ACK & STORM) - causing DNS issues and connection drops?

I would be tempted to "let it ride" with the TP-Link router for now.

 

(in my opinion) "DOS attacks" are no reason for the ISP to be unable to reach the modem.

If you provide the specific model of TP-Link router, we can check the user manual to see if it even reports "DOS attacks."

  • There is no actual reason to log these events. The router rejects all these connection attempts.  I (personally) view it as entertainment.
    Does your telephone present you with a log of Robo-Calls?
    Does the Post Office give you a list of Junk Mail?
  • There have been posts which suggest that Netgear's algorithms for detecting these "attacks" are too sensitive.
    (I have no idea.)

If the TP-Link router maintains internet connectivity for days, I would be tempted to leave things as they are.

Message 4 of 7
0 Kudos
Reply
FURRYe38
Guru Guru
Guru
‎2021-10-05 07:38 AM
‎2021-10-05 07:38 AM

Re: DoS attacks (ACK & STORM) - causing DNS issues and connection drops?

Please continue to post about this over in the NH router forum:

https://community.netgear.com/t5/Nighthawk-WiFi-Routers/DoS-attacks-ACK-amp-STORM-causing-DNS-issues...

 

Thank you. 

Message 5 of 7
Reply
marteeleigh
Tutor
Tutor
‎2021-10-05 08:34 AM
‎2021-10-05 08:34 AM

Re: DoS attacks (ACK & STORM) - causing DNS issues and connection drops?

Thanks again for responding. I posted in the correct forum: https://community.netgear.com/t5/Nighthawk-WiFi-Routers/DoS-attacks-ACK-amp-STORM-causing-DNS-issues...

 

I called Sparklight again and asked if they can reset my connection without connection to my modem. They said no, and that I'm still showing offline on their end.

 

TP-Link AC4000: https://www.tp-link.com/us/support/download/archer-c4000/. UG here. I skimmed it and didn't see anything about logging DoS attacks.

 

(I'll consider this thread closed now.)

 

Thanks again! 

Message 6 of 7
0 Kudos
Reply
FURRYe38
Guru Guru
Guru
‎2021-10-05 08:59 AM
‎2021-10-05 08:59 AM

Re: DoS attacks (ACK & STORM) - causing DNS issues and connection drops?

👍

Message 7 of 7
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 6 replies
  • ‎2021-10-04 05:57 PM
  • 1443 views
  • 2 kudos
  • 3 in conversation
Announcements

Orbi WiFi 7