DOS attack and IP address given by router outside scope

My wireless Router (Netgear WNDR3700v3) has the light constantly flashing for both the internet, wired and wireless connections. Internet access gets very sporadic so I started investigating. I found this is in the router logs:
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [23.66.231.65], Sunday, Mar 22,2015 15:25:51
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [184.51.126.26], Sunday, Mar 22,2015 15:25:48
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [23.66.231.65], Sunday, Mar 22,2015 15:25:47
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [64.233.176.83], Sunday, Mar 22,2015 15:22:18
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [173.194.219.102], Sunday, Mar 22,2015 15:14:03
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [74.125.196.139], Sunday, Mar 22,2015 15:13:48


Another curious entry is below. it is curious because my DHCP scope is set to 192.168.1..2 to 192.168.1.99. how is the router assigning an IP to 192.168.100.1 and 192.168.100.10?


[Internet disconnected] Sunday, Mar 22,2015 17:36:24
[Service blocked: ICMP_echo_req] from source 192.168.100.1, Sunday, Mar 22,2015 17:36:14
[Internet connected] IP address: 192.168.100.10, Sunday, Mar 22,2015 17:36:05
[Internet disconnected] Sunday, Mar 22,2015 17:36:02

[Internet disconnected] Sunday, Mar 22,2015 15:11:24
[Service blocked: ICMP_echo_req] from source 192.168.100.1, Sunday, Mar 22,2015 15:11:14
[Internet connected] IP address: 192.168.100.10, Sunday, Mar 22,2015 15:11:05
[Internet disconnected] Sunday, Mar 22,2015 15:11:03


It seems to happen around the time synchronization to the NTP server.


Any suggestions on what I need to do to prevent this? I think the router is weeing a DOS attack and disconnecting from the internet. then reconnecting and checking time?

 

I think you may be connecting to the Guest Network, your router has that feature. Maybe the Guest Network uses a different IP address range.

An ACK scan and FIN scan are both scans: http://en.wikipedia.org/wiki/Port_scanner#ACK_scanning . Technically they are not DOS attacks, although they will affect your network use if the hacker is not trying hide his attempts to connect by scanning slowly.