NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DoS attacks escalating. Any solution or possible reason.
I'm having a lot of DoS attacks registered in my Orbi Log. I haven't been home all day so I dont think they are false positives. I've already restarted the router which assigned a new IP address to me. Any idea/suggestion. I understand they are attempts but it's screwing with my internet.
I have noticed my connections drop during these attacks. These are just in the last 3 hours.
[DoS Attack: Ascend Kill] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:58:25
[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:58:24
[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:58:21
[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:58:10
[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:57:29
[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:57:28
[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:57:26
[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:57:24
[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:56:24
[DoS Attack: SYN/ACK Scan] from source: 139.99.121.17, port 20364, Friday, December 06, 2019 20:39:13
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Friday, December 06, 2019 20:32:35
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Friday, December 06, 2019 20:08:04
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Friday, December 06, 2019 19:59:39
[DoS Attack: TCP/UDP Chargen] from source: 80.82.77.33, port 29921, Friday, December 06, 2019 19:54:45
[DoS Attack: TCP/UDP Chargen] from source: 80.82.77.33, port 29921, Friday, December 06, 2019 19:54:45
[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 19:09:38
[DoS Attack: UDP Port Scan] from source: 77.247.108.90, port 5153, Friday, December 06, 2019 19:03:59
[DoS Attack: UDP Port Scan] from source: 77.247.108.90, port 5153, Friday, December 06, 2019 19:03:49
[DoS Attack: UDP Port Scan] from source: 77.247.108.90, port 5153, Friday, December 06, 2019 19:03:44
[DoS Attack: SYN/ACK Scan] from source: 139.99.121.17, port 20364, Friday, December 06, 2019 17:25:10
[DoS Attack: SYN/ACK Scan] from source: 139.99.121.17, port 20364, Friday, December 06, 2019 17:24:59
[DoS Attack: SYN/ACK Scan] from source: 139.99.121.17, port 20364, Friday, December 06, 2019 17:24:59
[DoS Attack: SYN/ACK Scan] from source: 139.99.121.17, port 20364, Friday, December 06, 2019 17:24:56
[DoS Attack: SYN/ACK Scan] from source: 139.99.121.17, port 20364, Friday, December 06, 2019 17:24:54
[DoS Attack: SYN/ACK Scan] from source: 139.99.121.17, port 20364, Friday, December 06, 2019 17:24:59
[DoS Attack: ACK Scan] from source: 17.248.155.112, port 443, Friday, December 06, 2019 17:13:29
[DoS Attack: ACK Scan] from source: 17.248.219.102, port 443, Friday, December 06, 2019 17:13:28
[DoS Attack: ACK Scan] from source: 17.248.219.102, port 443, Friday, December 06, 2019 17:13:21
[DoS Attack: SYN/ACK Scan] from source: 51.79.134.201, port 30120, Friday, December 06, 2019 16:55:26
[DoS Attack: SYN/ACK Scan] from source: 51.79.134.201, port 30120, Friday, December 06, 2019 16:54:13
[DoS Attack: RST Scan] from source: 113.20.108.19, port 56674, Friday, December 06, 2019 16:52:54
[DoS Attack: RST Scan] from source: 113.20.108.19, port 56674, Friday, December 06, 2019 16:52:50
[DoS Attack: RST Scan] from source: 113.20.108.19, port 56674, Friday, December 06, 2019 16:52:32
[DoS Attack: RST Scan] from source: 113.20.108.19, port 56674, Friday, December 06, 2019 16:52:26
[DoS Attack: RST Scan] from source: 113.20.108.19, port 56674, Friday, December 06, 2019 16:52:17
[DoS Attack: RST Scan] from source: 113.20.108.19, port 56674, Friday, December 06, 2019 16:52:15
[DoS Attack: RST Scan] from source: 113.20.108.19, port 56674, Friday, December 06, 2019 16:52:14
[DoS Attack: RST Scan] from source: 113.20.108.19, port 56674, Friday, December 06, 2019 16:52:10
[DoS Attack: TCP/UDP Chargen] from source: 184.105.139.93, port 58684, Friday, December 06, 2019 16:47:55
[DoS Attack: SYN/ACK Scan] from source: 139.99.123.116, port 30112, Friday, December 06, 2019 16:45:07
[DoS Attack: TCP/UDP Chargen] from source: 80.82.77.245, port 53399, Friday, December 06, 2019 16:39:18
[DoS Attack: SYN/ACK Scan] from source: 87.236.19.165, port 80, Friday, December 06, 2019 16:22:18
[DoS Attack: TCP/UDP Chargen] from source: 45.67.15.69, port 2971, Friday, December 06, 2019 16:12:33
[DoS Attack: SYN/ACK Scan] from source: 87.236.19.165, port 80, Friday, December 06, 2019 16:12:15
3 Replies
Use whois.domtaintools.com to see where these IP addresses are coming from.
FYI:
https://community.netgear.com/t5/Orbi/DOS-attack-from-Germany-now/m-p/1832161/highlight/true#M77324
Do you have anything in the RBRs DMZ currently?
I'd also contact your ISP and ask them to see if there is any thing they notice on there side coming thru the modem.
dan801 wrote:I'm having a lot of DoS attacks registered in my Orbi Log. I haven't been home all day so I dont think they are false positives. I've already restarted the router which assigned a new IP address to me. Any idea/suggestion. I understand they are attempts but it's screwing with my internet.
I have been saving my Orbi log since last March, and do not notice that the number of what Orbi labels "DoS Attempts" has changed much. It would be helpful if you can explain how the log entries correlate with specific internet problems. i.e. is the web browser unable to connect at certain times which correspond to a log entry? Do video streaming artifacts (pixellation, buffering, etc.) correspond with log entries?
At my work, we used to log millions of these attempts every day. I do not notice any performance problems with my system.
Netgear is great at creating false reports of DoS attacks. Many of them are no such thing.
Search - NETGEAR Communities – DoS attacks
Just use whois to see who is behind some of them. You may find that they are from places like Facebook, Google, even your ISP.
Here is a useful tool for that task:
IPNetInfo: Retrieve IP Address Information from WHOIS servers
If you find that there are so many attacks that the router gets bogged down, you could see it if it helps to disable the logging. That does not stop the router from doing its thing. It just doesn't eat up the processor writing things to the logs.
