× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

DOS attack UDP port scan from private network address

weichuan
Aspirant
Aspirant
‎2021-08-17 10:42 PM
‎2021-08-17 10:42 PM

DOS attack UDP port scan from private network address

Hi,

 

I have been getting non-stop DOS attack: UDP port scan from a private network address, is it some device in my network that is causing this issue? Can anyone guide me on how to identify the culprit device?

 

Example of the log shown

 

[DoS Attack: UDP Port Scan] from source: 169.254.32.5, port 35834, Wednesday, August 18, 2021 11:36:38
[DoS Attack: UDP Port Scan] from source: 169.254.32.5, port 34617, Wednesday, August 18, 2021 11:36:09
[DoS Attack: UDP Port Scan] from source: 169.254.32.5, port 41504, Wednesday, August 18, 2021 11:35:41
[DoS Attack: UDP Port Scan] from source: 169.254.32.5, port 46924, Wednesday, August 18, 2021 11:35:11
[DoS Attack: UDP Port Scan] from source: 169.254.32.5, port 54570, Wednesday, August 18, 2021 11:34:40

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 1 of 5
0 Kudos
Reply

Accepted Solutions
CrimpOn
Guru Guru
Guru
‎2021-08-17 10:49 PM
‎2021-08-17 10:49 PM

Re: DOS attack UDP port scan from private network address

This is called a "Link Local" IP address, which is created by a device when it is unable to get an IP from the network using DHCP.

I would start with the Orbi web interface Attached Devices display  All of the devices shown with valid IP addresses (usually starting with 192.168.1) can be ruled out.  Are there any other devices connected to the network that are not on the Attached Devices list?

View solution in original post

Message 2 of 5
0 Kudos
Reply

All Replies
CrimpOn
Guru Guru
Guru
‎2021-08-17 10:49 PM
‎2021-08-17 10:49 PM

Re: DOS attack UDP port scan from private network address

This is called a "Link Local" IP address, which is created by a device when it is unable to get an IP from the network using DHCP.

I would start with the Orbi web interface Attached Devices display  All of the devices shown with valid IP addresses (usually starting with 192.168.1) can be ruled out.  Are there any other devices connected to the network that are not on the Attached Devices list?

Message 2 of 5
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2021-08-17 10:56 PM
‎2021-08-17 10:56 PM

Re: DOS attack UDP port scan from private network address

A more technical approach would be to activate the feature on the debug page to Enable LAN/WAN Packet Capture.

(http://orbilogin.net/debug.htm)

If you are able to capture some of these "attacks", then a tool such as Wireshare (free for Windows, Linux, Mac) will provide the MAC address that is sending the packets. Put that into an on-line tool to identify which company manufactured the network card in the device.

(I like to use https://www.wireshark.org/tools/oui-lookup.html 

Message 3 of 5
0 Kudos
Reply
weichuan
Aspirant
Aspirant
‎2021-08-17 10:57 PM
‎2021-08-17 10:57 PM

Re: DOS attack UDP port scan from private network address

Wow, i have too many devices connected. I think the culprit might be the yeelight with WIFI connection for home automation. Seems like one of the light is not connected to the wifi. Let me try turning them off to see if it will solve this issue.

Message 4 of 5
0 Kudos
Reply
weichuan
Aspirant
Aspirant
‎2021-08-17 11:00 PM
‎2021-08-17 11:00 PM

Re: DOS attack UDP port scan from private network address

Yup, after turning off that light, the DOS attach UDP scan is gone. Thanks!

Message 5 of 5
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 4 replies
  • ‎2021-08-17 10:42 PM
  • 1948 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 7