DOS attack and IP address given by router outside scope

[Shadefly]

My wireless Router (Netgear WNDR3700v3) has the light constantly flashing for both the internet, wired and wireless connections. Internet access gets very sporadic so I started investigating. I found this is in the router logs:
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [23.66.231.65], Sunday, Mar 22,2015 15:25:51
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [184.51.126.26], Sunday, Mar 22,2015 15:25:48
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [23.66.231.65], Sunday, Mar 22,2015 15:25:47
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [64.233.176.83], Sunday, Mar 22,2015 15:22:18
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [173.194.219.102], Sunday, Mar 22,2015 15:14:03
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [74.125.196.139], Sunday, Mar 22,2015 15:13:48


Another curious entry is below. it is curious because my DHCP scope is set to 192.168.1..2 to 192.168.1.99. how is the router assigning an IP to 192.168.100.1 and 192.168.100.10?


[Internet disconnected] Sunday, Mar 22,2015 17:36:24
[Service blocked: ICMP_echo_req] from source 192.168.100.1, Sunday, Mar 22,2015 17:36:14
[Internet connected] IP address: 192.168.100.10, Sunday, Mar 22,2015 17:36:05
[Internet disconnected] Sunday, Mar 22,2015 17:36:02

[Internet disconnected] Sunday, Mar 22,2015 15:11:24
[Service blocked: ICMP_echo_req] from source 192.168.100.1, Sunday, Mar 22,2015 15:11:14
[Internet connected] IP address: 192.168.100.10, Sunday, Mar 22,2015 15:11:05
[Internet disconnected] Sunday, Mar 22,2015 15:11:03


It seems to happen around the time synchronization to the NTP server.


Any suggestions on what I need to do to prevent this? I think the router is weeing a DOS attack and disconnecting from the internet. then reconnecting and checking time?

 

[lunarlander]

I think you may be connecting to the Guest Network, your router has that feature. Maybe the Guest Network uses a different IP address range.

An ACK scan and FIN scan are both scans: http://en.wikipedia.org/wiki/Port_scanner#ACK_scanning . Technically they are not DOS attacks, although they will affect your network use if the hacker is not trying hide his attempts to connect by scanning slowly.

 

[TerryNet]

192.168.100.1 is surely your modem, and 192.168.100.10 is almost definitely the address the modem is assigning to the router's WAN when internet access has been lost.