My wireless Router (Netgear WNDR3700v3) has the light constantly flashing for both the internet, wired and wireless connections. Internet access gets very sporadic so I started investigating. I found this is in the router logs:
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [23.66.231.65], Sunday, Mar 22,2015 15:25:51
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [184.51.126.26], Sunday, Mar 22,2015 15:25:48
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [23.66.231.65], Sunday, Mar 22,2015 15:25:47
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [64.233.176.83], Sunday, Mar 22,2015 15:22:18
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [173.194.219.102], Sunday, Mar 22,2015 15:14:03
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [74.125.196.139], Sunday, Mar 22,2015 15:13:48
Another curious entry is below. it is curious because my DHCP scope is set to 192.168.1..2 to 192.168.1.99. how is the router assigning an IP to 192.168.100.1 and 192.168.100.10?
[Internet disconnected] Sunday, Mar 22,2015 17:36:24
[Service blocked: ICMP_echo_req] from source 192.168.100.1, Sunday, Mar 22,2015 17:36:14
[Internet connected] IP address: 192.168.100.10, Sunday, Mar 22,2015 17:36:05
[Internet disconnected] Sunday, Mar 22,2015 17:36:02
[Internet disconnected] Sunday, Mar 22,2015 15:11:24
[Service blocked: ICMP_echo_req] from source 192.168.100.1, Sunday, Mar 22,2015 15:11:14
[Internet connected] IP address: 192.168.100.10, Sunday, Mar 22,2015 15:11:05
[Internet disconnected] Sunday, Mar 22,2015 15:11:03
It seems to happen around the time synchronization to the NTP server.
Any suggestions on what I need to do to prevent this? I think the router is weeing a DOS attack and disconnecting from the internet. then reconnecting and checking time?
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [23.66.231.65], Sunday, Mar 22,2015 15:25:51
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [184.51.126.26], Sunday, Mar 22,2015 15:25:48
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [23.66.231.65], Sunday, Mar 22,2015 15:25:47
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [64.233.176.83], Sunday, Mar 22,2015 15:22:18
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [173.194.219.102], Sunday, Mar 22,2015 15:14:03
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [74.125.196.139], Sunday, Mar 22,2015 15:13:48
Another curious entry is below. it is curious because my DHCP scope is set to 192.168.1..2 to 192.168.1.99. how is the router assigning an IP to 192.168.100.1 and 192.168.100.10?
[Internet disconnected] Sunday, Mar 22,2015 17:36:24
[Service blocked: ICMP_echo_req] from source 192.168.100.1, Sunday, Mar 22,2015 17:36:14
[Internet connected] IP address: 192.168.100.10, Sunday, Mar 22,2015 17:36:05
[Internet disconnected] Sunday, Mar 22,2015 17:36:02
[Internet disconnected] Sunday, Mar 22,2015 15:11:24
[Service blocked: ICMP_echo_req] from source 192.168.100.1, Sunday, Mar 22,2015 15:11:14
[Internet connected] IP address: 192.168.100.10, Sunday, Mar 22,2015 15:11:05
[Internet disconnected] Sunday, Mar 22,2015 15:11:03
It seems to happen around the time synchronization to the NTP server.
Any suggestions on what I need to do to prevent this? I think the router is weeing a DOS attack and disconnecting from the internet. then reconnecting and checking time?