Re: Orbi RBR50 suddenly getting [DoS Attack: ARP Attack]

---

@PSIU wrote:

Not sure what happened and hoping some can help. My Orbi RBR50 is getting a lot of messages similar to the ones shown below for some reason. What should i do? 

---

There is nothing anyone can do about attempts to connect to the public IP address from the internet.  It is "public".  The post says "suddenly".  Is this correct?  Or, was this the first time you looked at the Orbi log?

I collect the logs from two separate Orbi systems (typical OCD behavior).  Both systems log this sort of thing all day, every day, typically about 65 entries per day.  This has been going on for 18 months, and neither system has ever failed in any way.  There were two periods when the number of events suddenly increased to every two seconds for about 24 hours before whoever was doing that quit.  There is an option to have the Orbi no longer log these events.  They still happen, but the log does not fill up with entries about them.

The fact that these "attempts" are logged indicates that the Orbi is aware of them, rejected them, and made a note.

This is similar to Robocalls.  There is no way to stop people from making them.  What customers CAN do it (a) never answer a call from a number they do not recognize, and (b) set up their phone to automatically reject calls with certain parameters (such as no CallerID at all). But, they cannot stop Robocalls from happening.

Some forum members have commented:

• Creating the log entries consumer some Orbi resources. (no one knows how much).
  Stopping the log function will free up those resources.
• Some people feel that Netgear's algorithms detect "attacks" that are not actually real.
  i.e. they count how many packets of a certain type arrive from a specific IP address in a certain time and decide, "THIS time it's malicious. Log it."  Since Netgear does not publish their algorithms, there is no way to validate this possibility.

Wow. This rant wasn't what you wanted. Sorry.

What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

ok, sounds like this isn't anything much i can do or i should worry about. thanks.

i'm using a modem plus router (ZTE VDSL CPE ZXHN H168N)provided by the service provider call Netvigator. My router is connected to one of the LAN port of this router.

IF this is the case, if there is a built in router at the modem, This would be a double NAT (two router) condition which isn't recommended. https://kb.netgear.com/30186/What-is-Double-NAT
https://kb.netgear.com/30187/How-to-fix-issues-with-Double-NAT
Couple of options,
1. Configure the modem for transparent bridge or modem only mode. Then use the Orbi router in router mode. You'll need to contact the ISP for help and information in regards to the modem being bridged correctly.
2. If you can't bridge the modem, disable ALL wifi radios on the modem, configure the modems DMZ/ExposedHost or IP Pass-Through for the IP address the Orbi router gets from the modem. Then you can use the Orbi router in Router mode.
3. Or disable all wifi radios on the modem and connect the Orbi router to the modem, configure AP mode on the Orbi router. https://kb.netgear.com/31218/How-do-I-configure-my-Orbi-router-to-act-as-an-access-point and https://www.youtube.com/watch?v=H7LOcJ8GdDo&app=desktop 

---

@PSIU wrote:

i'm using a modem plus router (ZTE VDSL CPE ZXHN H168N)provided by the service provider call Netvigator. My router is connected to one of the LAN port of this router.

---

This comes as sort of a surprise (to me).  I would have thought that the ZTE device would have blocked these connection attempts from reaching the Orbi. 

Thanks for the valuable dvice. i have ask the ISP for the access to their modem/router before but they refused to provide this information. I will try to ask them if they can set this for me instead then. Hopefully they are willing to assist.