NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Optimum Modem, Orbi RBK50, DoS attacks, hardwire several to modem directly?
Dear all, thank you very much in advance. My tech support ran out with Orbi and hopefully i can find answers here. The quick and dirty: I have Optimum internet which works as described. My Orbi RBK50 (router+satellite) works great, zero coverage issues. I have several devices hardwired to the router via 1gb "switch" boxes which also works great, including my work computer/phone... "most of the time".
The issue is that on random days i get "DoS attacks", which i have confirmed using orbilogin.net (see examples below). Normal devices streaming music, video, surfing the web will not show any signs of a network "hiccup", in fact we've never noticed any service issues. I assume this is because most "streaming" these days has some sort of cache and preloads some content.
On the other hand my work software (finance based) is extremely sensitive and what i'm told is that these DoS attacks are enough to cause my hardwired work computer programs to all reset (Bloomberg, brokertec, internet webpages), along with a work Cato VPN client and an Avaya ethernet phone. Meanwhile my streaming TV / Music either hard wired or on wifi never skip a beat.
[DoS Attack: ACK Scan] from source: 152.199.24.185, port 443
[DoS Attack: SYN/ACK Scan) from source: 51.79.204.186, port 5500
[DoS Attack: ACK Scan] from source: 192.229.173.16, port 443
[DoS Attack: ACK Scan) from source: 104.244.42.66, port 443
[DoS Attack: ACK Scan] from source: 104.244.42.70, port 443
My questions to the group please....
1. Is there a setting or other i am missing that will prevent these otherwise random DoS Attacks? Am i doing something wrong or is this common in our world these days?
2. Can i switch/split the single ethernet port from my modem to allow both my work computer to be hard wired to the Optimum modem AND allow my RBK50 to be it's normal wifi router? My first attempt to do this caused the router to NOT find the internet. Perhaps this is a setting or tweak i am doing wrong? For now, i can only get RBK50 to connect to modem internet when it is direct to the modem. Everything else wired must come from the RBK50 router which i believe is subject to these DoS attacks. Optimum is telling me connection to their modem direct will not have these issues.
3. If the RBK50 is vulnerable to these DoS attacks, and Optimum tells me i need to be wired to their modem to avoid these, BUT with only one modem ethernet port i cannot have work computer and RBK50 both hard wired, are there any other possibilities i'm missing to see this scenario work? Can i somehow take one modem ethernet main port and connect a computer and RBK50 and have RBK50 still be a normal wireless rounter? As mentioned above my first attempt doing this using a 1gb switch port resulted in RBK50 not finding an internet signal from modem. Perhaps a full reset to factory settings is called for? Yet once i went back to the direct wiring (modem to RBK50) the router quickly found the internet again and worked normal.
Any help is greatly appreciated as solving this provides me the solution i need to continue work from home while still having my entire house keep the RBK50 home network. Hope to hear back, kind regards, JW
1 Reply
dissdigg wrote:1. Is there a setting or other i am missing that will prevent these otherwise random DoS Attacks? Am i doing something wrong or is this common in our world these days?
Any time a device is connected to the Interent, there will be attempts to connect. Just as when a telephone has a public phone number, it will get calls. Just as there are robo callers, there are also robots constantly trying to connect across the internet. It cannot be stopped. Orbi router firewalls have logic to track certain kinds of repeated connection attempts and log them as "attacks". But, it does not accept connections. EVER. The only time Orbi accepts a connection from the internet is when the Orbi owner has specifically told it to. (activate Remote Management, "forward a port" to an internal device, etc.) I collect log files from two Orbi systems and both of them log over 60 "attacks" every day. Yet, neither of them ever fails.
dissdigg wrote:2. Can i switch/split the single ethernet port from my modem to allow both my work computer to be hard wired to the Optimum modem AND allow my RBK50 to be it's normal wifi router?
As you have discovered, a modem supports only one connection. It cannot be split between two (or more) devices. If the Optimum device were a combination modem/router, then it would have more than one ethernet connection available and you could do as you suggest. This introduces a number of potentially unwanted side-effects (see https://kb.netgear.com/30186/What-is-Double-NAT ) Thousands of subscribers do this all the time and never notice a problem. (When they do, it is ugly.)
dissdigg wrote:3. If the RBK50 is vulnerable to these DoS attacks,
My opinion is that something else is going on. One step you CAN take is to tell the Orbi to quit spending time analyzing connection requests that it is not going to accept anyway. On the Orbi web interface, Advanced Tab, WAN setup, check the box "Disable Port Scan and DoS Protection". This is not "protection". It is analysis.
