Mrbchambers Posted March 4, 2019 Share Posted March 4, 2019 (edited) I have just setup and started to use a Nighthawk XR500 (Previously using R1 with DumaOS installed), when I looked at the log all I could see was [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 57985 (This is the routers IP address) . It seems to happen multiple times a minute, the port address changes, and the internet seems to reconnect occasionally. I have added a text file of the full log. I have to have my router connected to the houses main router, though it does come through a DMZ. The R1 worked fine without any complaints with this configuration. Do you have any suggestions? p.s. This is my first post on here, so apologies if I have messed up. Netduma DDOS.rtf Edited March 4, 2019 by Mrbchambers Missed it is the routers IP address. Link to comment Share on other sites More sharing options...
Administrators Netduma Admin Posted March 4, 2019 Administrators Share Posted March 4, 2019 Welcome to the forum! Logs are a NETGEAR feature, and they're very sensitive, so I wouldn't be too concerned. If you Google your issue, the conclusion is that it's likely to be nothing to worry about (read all of this thread for example: https://arstechnica.com/civis/viewtopic.php?f=10&t=1321917) If you're still concerned, I recommend you give NETGEAR's support a call: https://www.netgear.com/support/contact.aspx Hope that helps. Link to comment Share on other sites More sharing options...
Mrbchambers Posted March 4, 2019 Author Share Posted March 4, 2019 That has put my mind at rest, though you know what it is like when you get a new piece of tech, and it looks like it's throwing a wobbler. Thanks for the fast response. Netduma Admin 1 Link to comment Share on other sites More sharing options...
Administrators Netduma Admin Posted March 5, 2019 Administrators Share Posted March 5, 2019 You're very welcome! And completely understood, those logs are a little disconcerting! Link to comment Share on other sites More sharing options...
Guest Killhippie Posted March 5, 2019 Share Posted March 5, 2019 On 3/4/2019 at 1:43 PM, Mrbchambers said: That has put my mind at rest, though you know what it is like when you get a new piece of tech, and it looks like it's throwing a wobbler. Thanks for the fast response. I would mention these to netgear. They should not be happening, the locking of the firewall has got worse with the latest firmware and if they’re informed maybe they can do something about it. I’ve had ARP spoofing from my TV, ascend kill and echo DoS attacks from my ISP’s dns servers and you should not have the router thinking it’s being attacked by a spoofed version of the default IP. The thing is with all these false positive is the day something does happen it’s going to get ignored as “the router that cried DoS” so this really does need working on. Link to comment Share on other sites More sharing options...
Mrbchambers Posted March 5, 2019 Author Share Posted March 5, 2019 I have raised this as a concern on the netgear support forum, and they appear to be looking into it. If/when I get a solution to this problem I will post back on here to let this community know what if anything is happening. Netduma Admin and Netduma Fraser 2 Link to comment Share on other sites More sharing options...
Mrbchambers Posted March 5, 2019 Author Share Posted March 5, 2019 7 hours ago, Killhippie said: I would mention these to netgear. They should not be happening, the locking of the firewall has got worse with the latest firmware and if they’re informed maybe they can do something about it. I’ve had ARP spoofing from my TV, ascend kill and echo DoS attacks from my ISP’s dns servers and you should not have the router thinking it’s being attacked by a spoofed version of the default IP. The thing is with all these false positive is the day something does happen it’s going to get ignored as “the router that cried DoS” so this really does need working on. 6 hours ago, Mrbchambers said: I have raised this as a concern on the netgear support forum, and they appear to be looking into it. If/when I get a solution to this problem I will post back on here to let this community know what if anything is happening. The Netgear guy on the forum has given me an answer, and it solved the problem. I was running the XR500 off the back of my TP-Link AC5400 (even when using DMZ), and that is what was causing ARP spoofing. So it is fixed now, I just need to know what to do with the TP-Link AC5400. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted March 5, 2019 Administrators Share Posted March 5, 2019 Fantastic to hear that! You could connect the TP-Link behind the XR500 and use it in AP mode for wireless devices Link to comment Share on other sites More sharing options...
Mrbchambers Posted March 7, 2019 Author Share Posted March 7, 2019 On 3/5/2019 at 11:13 PM, Netduma Fraser said: Fantastic to hear that! You could connect the TP-Link behind the XR500 and use it in AP mode for wireless devices Exactly what I have done, and I would like to say that I thought of it before you mentioned it, but the credit has to go to you. Thank you. Netduma Jack and Netduma Fraser 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now