- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Orbi RBR20 DoS attacks disrupting internet connectivity
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello.
Recently I started losing the internet connection from time to time. Upon checking of my router log I noticed that there are repeated DoS attacks in the forms of ACK Scan, SYN/ACK Scan, RTN etc. Basically it seems like these DoS attacks happen, the internet connectivity goes down, after 5 minutes or so it is back up again on its own. During this period all lights on the optical fiber modem are green and according to the internet service providers their end of the connectivity is up & running.
This has been happening for the last 2 months or so.
Searching the net i understand that such items are common and I have no issues with that unless it was stopping my interenet.
I am reaching out hoping someone here will be able to help me with this. Sample log from the Router is appended.
- Hardware Version RBR20
- Firmware Version V2.3.5.36
- GUI Language Version V1.0.0.360
- Operation Mode Router
- DHCP Server On
- Region Asia
- 2.4G Channel 11
- 2.4G Mode Up to 400 Mbps
- 5G Channel 36(P)+40+44+48
- 5G Mode Up to 866.7 Mbps
- 5G-2 Channel 157
- 5G-2 Mode Up to 866.7 Mbps
[DoS Attack: RST Scan] from source: 185.176.27.122, port 56206, Sunday, January 26, 2020 20:17:11
[DoS Attack: RST Scan] from source: 185.176.27.122, port 56206, Sunday, January 26, 2020 20:14:25
[admin login] from source 192.168.1.8, Sunday, January 26, 2020 20:12:51
[DHCP IP: 192.168.1.8] to MAC address 50:1a:c5:f9:fc:e9, Sunday, January 26, 2020 20:10:13
[DHCP IP: 192.168.1.8] to MAC address 50:1a:c5:f9:fc:e9, Sunday, January 26, 2020 20:08:37
[DoS Attack: SYN/ACK Scan] from source: 137.74.85.93, port 443, Sunday, January 26, 2020 19:29:51
[DHCP IP: 192.168.1.7] to MAC address fc:b6:d8:8f:5e:a7, Sunday, January 26, 2020 19:21:41
[DHCP IP: 192.168.1.7] to MAC address fc:b6:d8:8f:5e:a7, Sunday, January 26, 2020 18:56:34
[DoS Attack: SYN/ACK Scan] from source: 172.253.118.119, port 443, Sunday, January 26, 2020 18:51:07
[DoS Attack: RST Scan] from source: 18.141.6.154, port 443, Sunday, January 26, 2020 18:31:03
[DHCP IP: 192.168.1.4] to MAC address cc:44:63:36:58:0e, Sunday, January 26, 2020 18:29:07
[DoS Attack: SYN/ACK Scan] from source: 137.74.85.93, port 443, Sunday, January 26, 2020 16:59:56
[DHCP IP: 192.168.1.7] to MAC address fc:b6:d8:8f:5e:a7, Sunday, January 26, 2020 16:58:57
[DoS Attack: SYN/ACK Scan] from source: 139.99.22.195, port 6703, Sunday, January 26, 2020 15:26:25
[DoS Attack: SYN/ACK Scan] from source: 139.99.22.195, port 6001, Sunday, January 26, 2020 15:00:39
[DoS Attack: SYN/ACK Scan] from source: 23.50.17.214, port 443, Sunday, January 26, 2020 14:57:52
[DoS Attack: SYN/ACK Scan] from source: 23.66.156.134, port 443, Sunday, January 26, 2020 14:56:03
....
[DoS Attack: ACK Scan] from source: 103.246.200.148, port 443, Sunday, January 26, 2020 05:02:08
[DoS Attack: ACK Scan] from source: 103.246.200.148, port 443, Sunday, January 26, 2020 04:57:05
[DoS Attack: ACK Scan] from source: 103.246.200.148, port 443, Sunday, January 26, 2020 04:52:02
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi. This was eventually reswolved by the ISP changing my IP. No one could conclusively tell me what actually had gone wrong.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR20 DoS attacks disrupting internet connectivity
What is the Mfr and model# of the ISP modem the NG router is connected too?
What happens if you power OFF the RBR and ISP modem for 5 minutes, then back ON?
You might have your ISP help you change the WAN IP address on the modem to something else...
use whois.domaintools.com to look up where those IP addresses are coming from.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR20 DoS attacks disrupting internet connectivity
Hi and thanks for the quick response.
The manufacturer of the Mfr seems something local but the model number written is FD600-504G-HR220.
When i power off the modem and the router there is another issue - the modem is back up in 1 min but the router says there is no internet. This deters me from turning off the devices as it takes 3/4 attempts to have the router working. the router and Mfr is connected by wire.
My ISP told me that changing the WAN would only be a temporary solution. They are suggesting for a factory reset of the Orbi.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR20 DoS attacks disrupting internet connectivity
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR20 DoS attacks disrupting internet connectivity
Can try a reset though I doubt this will help.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR20 DoS attacks disrupting internet connectivity
No other suggestions? What would be causing these disruptions?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR20 DoS attacks disrupting internet connectivity
See if your ISP can change the WAN IP address on the ONT. All this is coming in from the WAN side.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR20 DoS attacks disrupting internet connectivity
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR20 DoS attacks disrupting internet connectivity
Before going to bed, turn OFF the ISP Modem. I'd turn OFF the RBR as well. Get up in the morning and turn both back on. See if the RBR still reports these attacks.
This is someting your ISP needs to figure out.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi. This was eventually reswolved by the ISP changing my IP. No one could conclusively tell me what actually had gone wrong.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR20 DoS attacks disrupting internet connectivity
Glad they changed the IP of your WAN side. Yes seems that once those with nefarious means get ahold of a users WAN IP address, they can cause havoc to any connected router.
Glad its working now. Enjoy.
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more