NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Repeated DOS attacks causing dropped connections
I have an RBR40 Router and associated satellite, running Firmware v.2.3.5.34 in a Mac/IOS based environment (no Windows Machines on the network). Following a lack of stability in the WiFi connect...
GeoffChesh wrote:
So my questions are .....
- Are these entries likely to be genuine attempts to compromise my security ?
- Should I be bothered about these 'attacks' ?
No and No.
These "false positives" of DOS attack are a "feature" of Netgear's crummy logging system. There is a steady stream of messages here about them.
GeoffChesh wroteWhat other options do I have to prevent the dropped connections ?
If these really are the cause of the dropped connections – which may or may not be the case – then an easy option is to tell the thing not to log these events.
GeoffChesh wrote:
Are there any other (realistic) consequences for the network if I leave the protection disabled?
What are you doing that you think disables the protection? Telling your router to ignore "Known DoS attacks and Port Scans" does not affect your security. It merely tells the thing to ignore those events.
Whether or not this will prevent the dropouts is another matter. One way ion which logging can cause that sort of behaviour is if it puts a lot of strain on the router's processor. Is there really enough going on in your logs to suggest that this might be the case?
Other things that can cause a hissy fit on the router are enabling QoS, Traffic Meter and anything else that requires the router to do anything out of the ordinary.
michaelkenward wrote:
Other things that can cause a hissy fit on the router are enabling QoS, Traffic Meter and anything else that requires the router to do anything out of the ordinary.It is not clear to me that the user has any control over QoS on the Orbi product. There are QoS parameters (nvram show), so one would expect that Orbi is doing "something", but I cannot find a way to affect what.
I like the theory that excessive CPU load overwhelms the Orbi and can cause "problems", such as dropped connections. If turning off features makes the "problem go away", that would be supporting evidence.
CrimpOn wrote:
It is not clear to me that the user has any control over QoS on the Orbi product. There are QoS parameters (nvram show), so one would expect that Orbi is doing "something", but I cannot find a way to affect what.
I agree. I was just talking generalities to try to illustrate how these things might happen.
CrimpOn wrote:
I like the theory that excessive CPU load overwhelms the Orbi and can cause "problems", such as dropped connections. If turning off features makes the "problem go away", that would be supporting evidence.
It is a regular explanation around here as to how wifi and stuff can slow down when anything processor intensive is going on on a router. Logging would seem to be another possibility.
Again, it is more theory than anything that Netgear has owned up to.
I remain to be convinced that this is what is going on here. And it still isn't clear to me what GeoffChesh has gone to "disable the protection in the Wan".
My Orbi is an AP mode, which disables some of the stuff that gets logged. All I see is [Time synchronized with NTP server]. I can't get in deep enough to see if it is possible to disable the protection in the Wan. On the R7800, I see nothing on that front, merely options to disable logging.
Any thoughts on that front?
Thanks for the thoughts folks.
To confirm my action so far is to disable the Port Scan and DoS Protection in the Wan Setup screen of the Roiuter's admin. I've attached a screenshot to show what I am on about.
This is more than telling the router not to log the events any more (as to my mind, that is just hiding the issue). Elsewhere on the web (and in historic posts on this and other forums), I read a theory that the router's response to suspected DoS attacks, resulted in a break in WiFi connectivity (akin to a mini reset). So I thought thsat if I stopped the router reacting to such events, I would get a more stable connection.
However, if there are more enlightened and experienced views out there, I would be pleased to hear them.
Regards
