DOS attack reported on legitimate traffic on XR500

[ziggy29]

I seem to be having some connectivity issues with an application, and when I look in the logs I see that any connection to its IP and port are generating a report of a DOS attack in the logs.  

Does this mean that the router blocked this traffic?  And if so, can I whitelist this combination of IP address and port?  (I know what I am doing there, and I know this is legit.)   The port number is 8190.

This is an XR500 running the .56 firmware.

[Netduma Fraser]

Hey, welcome to the forum!

No it doesn't mean it's been blocked. It's a common occurence with Netgear routers showing these normal connections as DoS attacks, I have no idea why but it's nothing to worry about. What are the connectivity issues you've been experiencing?

[Guest Killhippie]

On 12/13/2019 at 9:32 PM, ziggy29 said:

I seem to be having some connectivity issues with an application, and when I look in the logs I see that any connection to its IP and port are generating a report of a DOS attack in the logs.  

Does this mean that the router blocked this traffic?  And if so, can I whitelist this combination of IP address and port?  (I know what I am doing there, and I know this is legit.)   The port number is 8190.

This is an XR500 running the .56 firmware.

it means malformed packets were dropped, they could be spoofed but the firewall dropped them. Normally they will pass though but data packets can get corrupted and then they get dropped, the router has two layers of protection Nat which is a pain and was never mean to be security but IPv4 gives you it and a SPI firewall. IPv6 and all devices face the internet, no Nat, each has its own address. That can be a blessing and  a nightmare depending on how often your hardware is kept up to date by vendor security updates.