×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Orbi WiFi 7 RBE973
Reply

Re: constant DoS attacxks

Cmo1
Apprentice

constant DoS attacxks

so since upgrading to the newest firmware I see constant dos attacks every few minutes and my connection does slow.

 

 Attack: ACK Scan] from source: 34.230.89.123, port 9543, Tuesday, June 19, 2018 22:15:16
[DoS Attack: ACK Scan] from source: 34.230.89.123, port 9543, Tuesday, June 19, 2018 22:13:16
[DoS Attack: ACK Scan] from source: 34.230.89.123, port 9543, Tuesday, June 19, 2018 22:11:16

 

such as these logs .  they continiue to grow larger and speeds get slower all day.  Netgear support is no help and the firmware they promised would help manage such issues doesn't seem to be coming . . The QoS feature is broken.  How can I fix this?

Model: RBR50| Orbi AC3000 Tri-band WiFi (Router Only)
Message 1 of 14
FURRYe38
Guru

Re: constant DoS attacxks

That IP address belongs to Amazon:

https://whois.domaintools.com/34.230.89.123

 

Have you fully rebooted the router and or do a ERASE on it and set it up from scratch?

Whats the Mfr and model # of your ISP modem? 

 

Besure none of your devices are acessing and amazon services. Disconnect ALL devices accept for 1 wired PC and check speeds and connection and the log. Graduate adding one device at a time until you notice something...

Message 2 of 14
Cmo1
Apprentice

Re: constant DoS attacxks


I have two amazon echoes recently added.  I bet thats what it is.
@FURRYe38 wrote:

That IP address belongs to Amazon:

https://whois.domaintools.com/34.230.89.123

 

Have you fully rebooted the router and or do a ERASE on it and set it up from scratch?

Whats the Mfr and model # of your ISP modem? 

 

Besure none of your devices are acessing and amazon services. Disconnect ALL devices accept for 1 wired PC and check speeds and connection and the log. Graduate adding one device at a time until you notice something...


 

Message 3 of 14
FURRYe38
Guru

Re: constant DoS attacxks

Disable or turn them off and check your stuff. Smiley Wink

Message 4 of 14
Cmo1
Apprentice

Re: constant DoS attacxks

[DoS Attack: TCP/UDP Chargen] from source: 92.63.193.152, port 48961, Tuesday, June 19, 2018 22:36:19

Model: RBR50| Orbi AC3000 Tri-band WiFi (Router Only)
Message 5 of 14
FURRYe38
Guru

Re: constant DoS attacxks

You can look up these addresses here to see who they belong too:

whois.domaintools.com

 

Message 6 of 14
RocketSquirrel
Luminary

Re: constant DoS attacxks

I think these are false alarms. When I was using Orbi as a router, I saw log entries claiming devices internal to my LAN were committing DOS attacks. Ridiculous.

Model: RBK53| Orbi Router + 2 Satellites Orbi WiFi System
Message 7 of 14
FURRYe38
Guru

Re: constant DoS attacxks

Firewall and logging is doing it's job...just reporting what the router is encountering. 

Message 8 of 14
Cmo1
Apprentice

Re: constant DoS attacxks

But once they start my wifi speeds are cut in half.. this never happened in the old firmware... Not sure what exactly changed but the other problem is I can't go back because my homekit was broken in those old ones.
Message 9 of 14
FURRYe38
Guru

Re: constant DoS attacxks

You need to find out if something on your LAN side is accessing those IPs. If your echos are then turn them off and test to see if it still happens or not. If not and you turn them ON again and it does, something in the Amazon services or in the FW needs to be looked at.

 

@DarrenM

Message 10 of 14
sdp123
Initiate

Re: constant DoS attacxks

Hello all - I must say I am sick of these DoS attacks from variety of sources.

 

Have since sent emails (with details) to their "abuse" emails, etc.

 

Very large number from Amazon Technologies (!) and Lime Light Networks

 

[DoS Attack: ACK Scan] from source: 52.25.181.51, port 443, Monday, June 25, 2018 20:34:46
[DoS Attack: TCP/UDP Chargen] from source: 209.126.136.5, port 48682, Monday, June 25, 2018 19:56:21
[DoS Attack: RST Scan] from source: 134.19.190.38, port 80, Monday, June 25, 2018 18:43:41
[DoS Attack: SYN/ACK Scan] from source: 31.13.84.1, port 80, Monday, June 25, 2018 18:22:44
[DoS Attack: ACK Scan] from source: 208.111.149.129, port 80, Monday, June 25, 2018 16:59:01
[DoS Attack: ACK Scan] from source: 208.111.155.129, port 80, Monday, June 25, 2018 16:59:01
[DoS Attack: ACK Scan] from source: 208.111.149.129, port 80, Monday, June 25, 2018 16:59:01
[DoS Attack: ACK Scan] from source: 208.111.155.129, port 80, Monday, June 25, 2018 16:59:01
[DoS Attack: ACK Scan] from source: 208.111.173.167, port 80, Monday, June 25, 2018 16:59:01
[DoS Attack: ACK Scan] from source: 208.111.149.129, port 80, Monday, June 25, 2018 16:57:46
[DoS Attack: ACK Scan] from source: 208.111.155.129, port 80, Monday, June 25, 2018 16:57:46
[DoS Attack: ACK Scan] from source: 208.111.149.129, port 80, Monday, June 25, 2018 16:57:46
[DoS Attack: ACK Scan] from source: 208.111.155.129, port 80, Monday, June 25, 2018 16:57:46
[DoS Attack: ACK Scan] from source: 208.111.173.167, port 80, Monday, June 25, 2018 16:57:46
[DoS Attack: ACK Scan] from source: 208.111.149.129, port 80, Monday, June 25, 2018 16:56:31
[DoS Attack: ACK Scan] from source: 208.111.155.129, port 80, Monday, June 25, 2018 16:56:31
[DoS Attack: ACK Scan] from source: 208.111.149.129, port 80, Monday, June 25, 2018 16:56:31
[DoS Attack: ACK Scan] from source: 208.111.155.129, port 80, Monday, June 25, 2018 16:56:31
[DoS Attack: ACK Scan] from source: 208.111.173.167, port 80, Monday, June 25, 2018 16:56:31
[DoS Attack: ACK Scan] from source: 208.111.155.129, port 80, Monday, June 25, 2018 16:55:16
[DoS Attack: ACK Scan] from source: 208.111.149.129, port 80, Monday, June 25, 2018 16:55:16
[DoS Attack: ACK Scan] from source: 208.111.155.129, port 80, Monday, June 25, 2018 16:55:16
[DoS Attack: ACK Scan] from source: 208.111.173.167, port 80, Monday, June 25, 2018 16:55:16
[DoS Attack: ACK Scan] from source: 208.111.149.129, port 80, Monday, June 25, 2018 16:54:01
[DoS Attack: ACK Scan] from source: 208.111.155.129, port 80, Monday, June 25, 2018 16:54:01
[DoS Attack: ACK Scan] from source: 208.111.173.167, port 80, Monday, June 25, 2018 16:54:01
[DoS Attack: ACK Scan] from source: 86.105.196.110, port 3306, Monday, June 25, 2018 16:35:04
[DoS Attack: RST Scan] from source: 66.225.197.197, port 80, Monday, June 25, 2018 16:31:51
[DoS Attack: SYN/ACK Scan] from source: 37.242.246.38, port 11211, Monday, June 25, 2018 14:41:27
[DoS Attack: SYN/ACK Scan] from source: 167.114.156.139, port 80, Monday, June 25, 2018 14:14:46
[DoS Attack: SYN/ACK Scan] from source: 167.114.156.139, port 80, Monday, June 25, 2018 13:56:51
[DoS Attack: SYN/ACK Scan] from source: 62.210.92.188, port 80, Monday, June 25, 2018 13:55:23
[DoS Attack: SYN/ACK Scan] from source: 167.114.156.139, port 80, Monday, June 25, 2018 13:44:59
[DoS Attack: SYN/ACK Scan] from source: 62.210.92.188, port 80, Monday, June 25, 2018 13:44:17
[DoS Attack: SYN/ACK Scan] from source: 167.114.156.139, port 80, Monday, June 25, 2018 13:38:43
[DoS Attack: ACK Scan] from source: 157.240.22.39, port 443, Monday, June 25, 2018 13:18:06
[DoS Attack: RST Scan] from source: 72.167.18.237, port 80, Monday, June 25, 2018 13:16:42

Message 11 of 14
FURRYe38
Guru

Re: constant DoS attacxks

Message 12 of 14
sdp123
Initiate

Re: constant DoS attacxks

hmmm....remembered that I had an "old" AWS Linux instance running.

 

10 minutes ago, I shut it down.

 

No more DoS attacks - from any source.

If I filter just for DoS, Logs are Empty now! 

 

Whee!

 

🙂

Message 13 of 14
FURRYe38
Guru

Re: constant DoS attacxks

Easy fix. Smiley Wink

 

Message 14 of 14
Top Contributors
Discussion stats
  • 13 replies
  • 6734 views
  • 1 kudo
  • 4 in conversation
Announcements

Orbi WiFi 7