How do I Block- DoS attack: TCP SYN Flood

[Ben0175]

My logs are filled with [DoS attack: TCP SYN Flood] from source 103.141.138.249 how do I block this? I've blocked every device from connecting to the router except my PC and created an Firewall rule to block this on my PC, but still see these. Is there any way that I can see specifically which IP the source is targeting? Then how can I block this IP from ever getting past the router?

[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:48
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:48
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:47
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:47
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:46
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:46
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:45
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:45
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:44
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:44
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:43
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:43
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:42
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:42
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:41
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:41
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:40
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:40
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:39
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:39
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:38
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:38
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:37
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:37
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:36

[Ben0175]

So in my extensive search it appears that you are unable to block an External IP address on a NetGear router!? Really! Do the NetDuma routers have this functionality? This seems like basic security functionality, Why NetGear...why? Epic fail. Freaking expensive XR1000 mistake. 

So this now brings up another concern...I guess the only way to ensure this external IP does not continue to flood my network is to have my ISP change my IP or regardless of the router it will continue. I asked my ISP to block the IP but they refused. Are my assumptions correct?

[Ben0175]

Also when trying to ignore "Known DoS attacks and Port Scans" as suggested in other forums...I get an error. WTH is going on here.

[Newfie]

6 hours ago, Ben0175 said:

So in my extensive search it appears that you are unable to block an External IP address on a NetGear router!? Really! Do the NetDuma routers have this functionality? This seems like basic security functionality, Why NetGear...why? Epic fail. Freaking expensive XR1000 mistake. 

So this now brings up another concern...I guess the only way to ensure this external IP does not continue to flood my network is to have my ISP change my IP or regardless of the router it will continue. I asked my ISP to block the IP but they refused. Are my assumptions correct?

All NG routers have firewall protection that protects against port scans. Sometimes NGs logs are a bit optimistic but it’s stopped your scans. You can’t stop external probes as NG routers don’t have geo location block and if they did in some cases it could create gaming issues but even then the probes still scan you. 
It’s very common to see NG logs full of warnings. 

 

[UK Sentinel]

To help, go to https://www.grc.com/shieldsup and see if any of your ports are OPEN or STEALTH mode, 

If they are all STEALTH (which they should be) then even though you are being scanned they are just really looking.

Also, most consumer grade routers firewalls (even ASUS) are not that adjustable and by default all incoming connections are blocked (denied) by default unless initiated by an outgoing traffic which opens a port etc. or if you have enabled port forwarding etc etc.

Update: IP Address is via Viet Nam, if it was Russia or simular, I would be more concerned, if you want to change IP address and are not on a fixed IP address service, then switch off modem for 30 minuites and it may pick up new ISP IP address when it boots up ?

 Hope that helps and it is not as series at it seems 😀

 

[Killhippie]

If its in the logs its blocked already. You are port scanned every day, and if your IP range does not respond because of stealth mode of your firewall, they know you are there anyway so changing IP is pointless, this is the background noise of the internet, they are not interested in you, don't worry about the logs, and just enjoy whatever you are doing.

[Netduma Fraser]

Good advice from everyone above, it won't be causing you any harm. In regards to the settings page not loading its possible you have an Adblocker on the web browser, if you disable this/whitelist the interface then it should load fine