×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Orbi WiFi 7 RBE973
Reply

DoS attacks escalating. Any solution or possible reason.

dan801
Apprentice

DoS attacks escalating. Any solution or possible reason.

I'm having a lot of DoS attacks registered in my Orbi Log. I haven't been home all day so I dont think they are false positives. I've already restarted the router which assigned a new IP address to me. Any idea/suggestion. I understand they are attempts but it's screwing with my internet.

 

I have noticed my connections drop during these attacks. These are just in the last 3 hours.

[DoS Attack: Ascend Kill] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:58:25

[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:58:24

[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:58:21

[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:58:10

[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:57:29

[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:57:28

[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:57:26

[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:57:24

[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 20:56:24
[DoS Attack: SYN/ACK Scan] from source: 139.99.121.17, port 20364, Friday, December 06, 2019 20:39:13
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Friday, December 06, 2019 20:32:35
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Friday, December 06, 2019 20:08:04
[DoS Attack: SYN/ACK Scan] from source: 148.251.48.231, port 50002, Friday, December 06, 2019 19:59:39
[DoS Attack: TCP/UDP Chargen] from source: 80.82.77.33, port 29921, Friday, December 06, 2019 19:54:45

[DoS Attack: TCP/UDP Chargen] from source: 80.82.77.33, port 29921, Friday, December 06, 2019 19:54:45
[DoS Attack: SYN/ACK Scan] from source: 123.140.238.44, port 8484, Friday, December 06, 2019 19:09:38
[DoS Attack: UDP Port Scan] from source: 77.247.108.90, port 5153, Friday, December 06, 2019 19:03:59

[DoS Attack: UDP Port Scan] from source: 77.247.108.90, port 5153, Friday, December 06, 2019 19:03:49

[DoS Attack: UDP Port Scan] from source: 77.247.108.90, port 5153, Friday, December 06, 2019 19:03:44
[DoS Attack: SYN/ACK Scan] from source: 139.99.121.17, port 20364, Friday, December 06, 2019 17:25:10

[DoS Attack: SYN/ACK Scan] from source: 139.99.121.17, port 20364, Friday, December 06, 2019 17:24:59

[DoS Attack: SYN/ACK Scan] from source: 139.99.121.17, port 20364, Friday, December 06, 2019 17:24:59

[DoS Attack: SYN/ACK Scan] from source: 139.99.121.17, port 20364, Friday, December 06, 2019 17:24:56

[DoS Attack: SYN/ACK Scan] from source: 139.99.121.17, port 20364, Friday, December 06, 2019 17:24:54

[DoS Attack: SYN/ACK Scan] from source: 139.99.121.17, port 20364, Friday, December 06, 2019 17:24:59

[DoS Attack: ACK Scan] from source: 17.248.155.112, port 443, Friday, December 06, 2019 17:13:29
[DoS Attack: ACK Scan] from source: 17.248.219.102, port 443, Friday, December 06, 2019 17:13:28

[DoS Attack: ACK Scan] from source: 17.248.219.102, port 443, Friday, December 06, 2019 17:13:21
[DoS Attack: SYN/ACK Scan] from source: 51.79.134.201, port 30120, Friday, December 06, 2019 16:55:26
[DoS Attack: SYN/ACK Scan] from source: 51.79.134.201, port 30120, Friday, December 06, 2019 16:54:13
[DoS Attack: RST Scan] from source: 113.20.108.19, port 56674, Friday, December 06, 2019 16:52:54

[DoS Attack: RST Scan] from source: 113.20.108.19, port 56674, Friday, December 06, 2019 16:52:50

[DoS Attack: RST Scan] from source: 113.20.108.19, port 56674, Friday, December 06, 2019 16:52:32

[DoS Attack: RST Scan] from source: 113.20.108.19, port 56674, Friday, December 06, 2019 16:52:26

[DoS Attack: RST Scan] from source: 113.20.108.19, port 56674, Friday, December 06, 2019 16:52:17

[DoS Attack: RST Scan] from source: 113.20.108.19, port 56674, Friday, December 06, 2019 16:52:15

[DoS Attack: RST Scan] from source: 113.20.108.19, port 56674, Friday, December 06, 2019 16:52:14

[DoS Attack: RST Scan] from source: 113.20.108.19, port 56674, Friday, December 06, 2019 16:52:10
[DoS Attack: TCP/UDP Chargen] from source: 184.105.139.93, port 58684, Friday, December 06, 2019 16:47:55
[DoS Attack: SYN/ACK Scan] from source: 139.99.123.116, port 30112, Friday, December 06, 2019 16:45:07
[DoS Attack: TCP/UDP Chargen] from source: 80.82.77.245, port 53399, Friday, December 06, 2019 16:39:18
[DoS Attack: SYN/ACK Scan] from source: 87.236.19.165, port 80, Friday, December 06, 2019 16:22:18
[DoS Attack: TCP/UDP Chargen] from source: 45.67.15.69, port 2971, Friday, December 06, 2019 16:12:33

[DoS Attack: SYN/ACK Scan] from source: 87.236.19.165, port 80, Friday, December 06, 2019 16:12:15

Model: RBK53|Orbi AC3000 Tri-band WiFi System
Message 1 of 4
FURRYe38
Guru

Re: DoS attacks escalating. Any solution or possible reason.

Use whois.domtaintools.com to see where these IP addresses are coming from.

FYI:

https://community.netgear.com/t5/Orbi/DOS-attack-from-Germany-now/m-p/1832161/highlight/true#M77324

 

Do you have anything in the RBRs DMZ currently? 

I'd also contact your ISP and ask them to see if there is any thing they notice on there side coming thru the modem. 

 

Message 2 of 4
CrimpOn
Guru

Re: DoS attacks escalating. Any solution or possible reason.


@dan801 wrote:

I'm having a lot of DoS attacks registered in my Orbi Log. I haven't been home all day so I dont think they are false positives. I've already restarted the router which assigned a new IP address to me. Any idea/suggestion. I understand they are attempts but it's screwing with my internet.


I have been saving my Orbi log since last March, and do not notice that the number of what Orbi labels "DoS Attempts" has changed much.  It would be helpful if you can explain how the log entries correlate with specific internet problems.  i.e. is the web browser unable to connect at certain times which correspond to a log entry?  Do video streaming artifacts (pixellation, buffering, etc.) correspond with log entries?

 

At my work, we used to log millions of these attempts every day.  I do not notice any performance problems with my system.

Message 3 of 4

Re: DoS attacks escalating. Any solution or possible reason.

Netgear is great at creating false reports of DoS attacks. Many of them are no such thing.

 

Search - NETGEAR Communities – DoS attacks

 

Just use whois to see who is behind some of them. You may find that they are from places like Facebook, Google, even your ISP.

 

Here is a useful tool for that task:

 

IPNetInfo: Retrieve IP Address Information from WHOIS servers

 

If you find that there are so many attacks that the router gets bogged down, you could see it if it helps to disable the logging. That does not stop the router from doing its thing. It just doesn't eat up the processor writing things to the logs.

Message 4 of 4
Top Contributors
Discussion stats
  • 3 replies
  • 2325 views
  • 0 kudos
  • 4 in conversation
Announcements

Orbi WiFi 7