Why Are There Constant Dos Attacks On Router Appear To Be Taking Out My Internet Connection? How Do I Prevent It?
So I'm a noob here and have been doing some research on why my internet (cable modem) locks up about once or twice a week ever since installing a Netgear N900 router a few months ago. After asking around a bit someone recommended I look at my router logs. When I did that I noticed quite a bunch of DoS attacks on router of mine, which may or may not be real, malicious attacks. Below is a snippet of my logs over the last 2 days.
After doing a quick google search on some of the IP's it looks like there are some Facebook and Dropbox IPs in the list. Many of the others seem to be located in Germany, UK, Canada, etc. Not sure what they are or if they are harmful, but I'm beginning to believe that the frequency of these "attacks" is what is causing my modem to lock up. Does anyone know if these are harmful attacks? How can I resolve these types of things from locking up my modem? There is a setting in the router to allow DoS but I'm extremely hesitant to do that, especially if someone is indeed trying to get on my network. FWIW I have about 30 wired and wireless devices on my network (couple of laptops, smartphones, tablets, IP cameras, Sonos speakers, Amazon Echo's, Nest products, other smart home products, etc.). I'm really just trying to figure out why my modem keeps locking up ever since purchasing this new router. Thinking these DoS attacks on router might be the culprit. Any help would be greatly appreciated!
SOHO Routers (I've seen this on dlink and netgear at least) are fond of displaying 24hours/mission CRITICAL drama-logs like those. Try installing ddwrt or something similar on that router instead. Then install tcpdump, connect to the router over ssh (putty -log somethingAwry.log 192.168.0.1 (or whatever ip your router uses) and cast the spell tcpdump -ni eth0 dst host yourPublicIP - any flooding will show up here. Otherwise try eth1, wan0, or find the appropriate interface using the spell ifconfig -a. If you are being flooded contact your isp and give them somethingAwry.log - the staff at the isps of any flooding ips will react quickly to any mails from your isp about abuse. Edit: the log entries are to some extent caused by port scanning, which is done by both bots and humans looking for specific services to attack. they scan everything. the 'syn' flood is usually just a few syn-packets for a half-open scan. google 'strobe' and 'nmap'.
How to prevent Dos Attack on router?
- Consider the following steps to prevent DoS attack on a router before it starts:
- Use a strong firewall to prevent the detection of your router’s genuine IP address.
- Use up-to-date antivirus software on all devices you have that connect to the internet to prevent them from being part of a DDoS.
- Keep your operating systems (iOS, Mac, Windows, Linux, Android) updated.
- Ensure that your hardware (routers, modem) and software are updated to the latest security standards. This includes flashing your firmware to ensure it’s the most recent version.
- Don’t use third-party servers, only official ones (Playstation Network, Xbox Live, Steam, etc.) to prevent your IP address from being displayed to the public or the server admin.
- Keep all your voice chat programs updated. Don’t accept any voice chat requests from individuals you do not know.