This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
entering an invalid ip address in Block Services. How to enter VALID IP address?
I am getting reports of DoS attacks : Port Scans in my log file.
They are being reported as: [DoS attack: TCP- or UDP-based Port Scan]
I can reverse search the ip address, and always come up with a valid foreign ip address that is not linked to critical services such as google or my ISP, as far as i can tell.
I have gone to Advanced -> Security -> Block Services to add a new rule.
Selected Service Type: ALL, TCP/UDP, Port 1 to Port 65535, Service type: ALL
Clicked IP Address Range: entered a valid IP address range.
OR
Clicked Single IP adress and entered the problem IP address.
Netgear always comes back to me and tells me the IP address I have entered is INVALID, which is simply not true.
How do I enter an one of the offending IP addresses so that Netgear will allow me to stop these attacks against my network?
Thank you.
tagging @RicardoF1RST , as they are having a similar problem. Thank you Ricardo.
Re: entering an invalid ip address in Block Services. How to enter VALID IP address?
The only place without your router "seeing" the scan would be on the carrier or ISP side - on the other side, at the ISP.
As I said, you can put as much duct tape under the doorbell button as you want, the kids will continue to ring on your door. and as long as there is nobody opening, there is no imminent risk.
Well, you can't install another router before, because your Internet is cable TV DOCSIS based. If there would be just a cable modem, and you had a dedicated router installed, you could of course install yet another router into the Ethernet link between the modem and the router, so that device will receive the scan ...
The router does everything possible to keep you safe. so it has detected some monkey is port scanning like hell - fine. If it's to much for your heart, report to your ISP, the will put it back to the owner of the public IP address range.
Re: entering an invalid ip address in Block Services. How to enter VALID IP address?
The message is perfectly fine, the feature you are using "Advanced -> Security -> Block Services" is to block services from the LAN side _to_ the Internet, so it expects a LAN IP or a LAN IP range only. FMI: RT*M or the online Help
Simply said, you can not stop these port scans (attacks is a little bit a broad word) going to your router public IP interface. Well possible, it's everything closed anyway (except if there are port forwardings opened manually or by UPnP). It's like putting up isolation tape -under- your door bell button - the doorbell will continue to ring, or the DoS system will continue it's protection actions and let you know.
On the other side, we know the Netgear DoS protection scheme is very sensitive, under some conditions even showing false attacks - other router vendors simply don't log or make other noise....
Re: entering an invalid ip address in Block Services. How to enter VALID IP address?
I see. I understand that 'Block Services' is only used to block from the Local Area Network side. That explains why I am getting the error.
The IP's that continue to port scan me appear to be the same IP's over and over, so I thought there might be some way to block the outside IP's. It appears I am looking in the wrong place.
And you are saying there is nothing I can do to stop them, except if I had an entirely closed system.. say with a specific firewall on a seperate piece of equipment. But that would take a seperate modem & router, (not the equipment I have now), as the firewall would go in between the two.
As I am not able to replace the current equipment, can you make any recomendations as to how to make sure my network is secure as possible at the moment with my current Netgear modem/router combo?
Re: entering an invalid ip address in Block Services. How to enter VALID IP address?
The only place without your router "seeing" the scan would be on the carrier or ISP side - on the other side, at the ISP.
As I said, you can put as much duct tape under the doorbell button as you want, the kids will continue to ring on your door. and as long as there is nobody opening, there is no imminent risk.
Well, you can't install another router before, because your Internet is cable TV DOCSIS based. If there would be just a cable modem, and you had a dedicated router installed, you could of course install yet another router into the Ethernet link between the modem and the router, so that device will receive the scan ...
The router does everything possible to keep you safe. so it has detected some monkey is port scanning like hell - fine. If it's to much for your heart, report to your ISP, the will put it back to the owner of the public IP address range.
