Jump to content

Repeated [DoS Attack: IP Spoofing] from source: 192.168.1.1


Recommended Posts

I have just setup and started to use a Nighthawk XR500 (Previously using R1 with DumaOS installed), when I looked at the log all I could see was [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985 (This is the routers IP address) . It seems to happen multiple times a minute,  the port address changes, and the internet seems to reconnect occasionally. I have added a text file of the full log.

I have to have my router connected to the houses main router, though it does come through a DMZ. The R1 worked fine without any complaints with this configuration. Do you have any suggestions?

p.s. This is my first post on here, so apologies if I have messed up.

Netduma DDOS.rtf

Edited by Mrbchambers
Missed it is the routers IP address.
Link to comment
Share on other sites

  • Administrators

Welcome to the forum! 

Logs are a NETGEAR feature, and they're very sensitive, so I wouldn't be too concerned. If you Google your issue, the conclusion is that it's likely to be nothing to worry about (read all of this thread for example: https://arstechnica.com/civis/viewtopic.php?f=10&t=1321917)

If you're still concerned, I recommend you give NETGEAR's support a call: https://www.netgear.com/support/contact.aspx

Hope that helps.

 

Link to comment
Share on other sites

Guest Killhippie
On 3/4/2019 at 1:43 PM, Mrbchambers said:

That has put my mind at rest, though you know what it is like when you get a new piece of tech, and it looks like it's throwing a wobbler.

Thanks for the fast response.

I would mention these to netgear.  They should not be happening, the locking of the firewall has got worse with the latest firmware and if they’re informed maybe they can do something about it. I’ve had ARP spoofing from my TV,  ascend kill and echo DoS attacks from my ISP’s dns servers and you should not have the router thinking it’s being attacked by a spoofed version of the default IP.  The thing is with all these false positive is the day something does happen it’s going to get ignored as “the router that cried DoS”  so this really does need working on.  

Link to comment
Share on other sites

I have raised this as a concern on the netgear support forum, and they appear to be looking into it. If/when I get a solution to this problem I will post back on here to let this community know what if anything is happening.

Link to comment
Share on other sites

7 hours ago, Killhippie said:

I would mention these to netgear.  They should not be happening, the locking of the firewall has got worse with the latest firmware and if they’re informed maybe they can do something about it. I’ve had ARP spoofing from my TV,  ascend kill and echo DoS attacks from my ISP’s dns servers and you should not have the router thinking it’s being attacked by a spoofed version of the default IP.  The thing is with all these false positive is the day something does happen it’s going to get ignored as “the router that cried DoS”  so this really does need working on.  

 

6 hours ago, Mrbchambers said:

I have raised this as a concern on the netgear support forum, and they appear to be looking into it. If/when I get a solution to this problem I will post back on here to let this community know what if anything is happening.

The Netgear guy on the forum has given me an answer, and it solved the problem. I was running the XR500 off the back of my TP-Link AC5400 (even when using DMZ), and that is what was causing ARP spoofing. So it is fixed now, I just need to know what to do with the TP-Link AC5400.

 

Link to comment
Share on other sites

On 3/5/2019 at 11:13 PM, Netduma Fraser said:

Fantastic to hear that! You could connect the TP-Link behind the XR500 and use it in AP mode for wireless devices

 

Exactly what I have done, and I would like to say that I thought of it before you mentioned it, but the credit has to go to you. Thank you.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...