Jump to content

XR500 - DoS Attack - Information in Logs - suspect false but...


Recommended Posts

My NG 500 has been fine for about a year. Recently it started dropping wifi connections ..... Looking in the log is can see some DOS reports - one is from my internal WDCloud drive and another from an external IP address which is an Amazon IP ..... i suspect neither of these is a real DOS attack so whats going on .

[DoS Attack: ACK Scan] from source: 192.168.0.41, port 445, Tuesday, July 27, 2021 18:56:37 [DoS Attack: ACK Scan] from source: 192.168.0.41, port 445, Tuesday, July 27, 2021 18:56:37

and

[DoS Attack: ACK Scan] from source: 54.174.140.138, port 443, Tuesday, July 27, 2021 18:27:43 [DoS Attack: ACK Scan] from source: 54.174.140.138, port 443, Tuesday, July 27, 2021 18:27:38

Log file attached :

Running : XR500 V2.3.2.114 / DumaOS 3.0.203

Anyone any idea's?

log-1627412376730.txt

Link to comment
Share on other sites

  • Administrators

Hey, welcome to the forum!

The DoS entries are completely normal and nothing to worry about, they're very unlikely to be causing the WiFi to drop. Are you using Smart Connect for WiFi? If not, does it occur on 2.4/5GHz? Is it ALL WiFi devices? 

I'd suggest you upgrade to the latest beta here: https://community.netgear.com/t5/Nighthawk-Pro-Gaming-DumaOS-3-0/New-Firmware-v2-3-2-120-XR500/td-p/2071196/ and see if that helps with the disconnections

Link to comment
Share on other sites

Thanks for the response. I never use Smart Connect (prefer to keep the bands discrete as I find the smart connect to be unreliable in any router) . 
 

i can upgrade and see how it goes. 
 

On closer inspection it keeps the wifi attached but drops the wlan port ….

It connects to my ISP router (wired) and that remains connected to the internet. I have reviewed the logs on that but they show nothing unusual. I have a new ISP device coming in a couple of weeks so in the interim I will just try the upgrade , monitor things and then see how it goes with the new ISP router in early August.

 

Link to comment
Share on other sites

  • 2 weeks later...

ok since I reserved the IP address in the ISP router its been fine - assume its something to do with the ISP's router doing something odd with DHCP as it wasnt a reserved address ... v odd

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...