Community Forum

what are these ip address?

Frequent Visitor

what are these ip address?

i looking at the netgear genie and in advanced and then admin and then logs and i see these 

i unchecked all the boxes but for these below.  should i just uncheck these? or should i check more? or do these mean nothing?

 

i do not have any event logs anymore since i got the modem to work better? i changed 1 terminal on the end of the cable enterning the modem and that must have fixed that issue. now to get an answer to this? thanks

Include in Log
 Attempted access to blocked sites and services
 Connections to the Web-based interface of this Gateway
 Gateway operation (startup, get time etc.)
 Known DoS attacks and Port Scans
 Port Forwarding / Port Triggering
Turn off wireless signal by schedule

 

[DoS attack: TCP- or UDP-based Port Scan] from 54.214.22.83, port 32100 1 Mon Feb 03 07:31:02 2020 73.145.223.125:3498 54.214.22.83:32100
[DoS attack: TCP- or UDP-based Port Scan] from 51.137.137.111, port 123 1 Mon Feb 03 07:15:49 2020 73.145.223.125:56325 51.137.137.111:123
[DoS attack: TCP- or UDP-based Port Scan] from 75.75.75.75, port 53 1 Mon Feb 03 07:02:54 2020 73.145.223.125:53616 75.75.75.75:53
[DoS attack: TCP- or UDP-based Port Scan] from 54.214.22.83, port 32100 1 Mon Feb 03 06:26:38 2020 73.145.223.125:3371 54.214.22.83:32100
[DoS attack: TCP- or UDP-based Port Scan] from 132.163.96.1, port 123 1 Mon Feb 03 06:17:56 2020 73.145.223.125:49467 132.163.96.1:123
[DoS attack: TCP- or UDP-based Port Scan] from 75.75.75.75, port 53 1 Mon Feb 03 06:12:58 2020 73.145.223.125:9220 75.75.75.75:53
[DoS attack: TCP- or UDP-based Port Scan] from 54.214.22.83, port 32099 1 Mon Feb 03 05:31:05 2020 73.145.223.125:3267 54.214.22.83:32099
[DoS attack: TCP- or UDP-based Port Scan] from 132.163.96.1, port 123 1 Mon Feb 03 05:28:48 2020 73.145.223.125:41667 132.163.96.1:123
[DoS attack: TCP- or UDP-based Port Scan] from 75.75.75.75, port 53 1 Mon Feb 03 05:19:54 2020 73.145.223.125:43728 75.75.75.75:53
[DoS attack: TCP- or UDP-based Port Scan] from 51.137.137.111, port 123 1 Mon Feb 03 04:54:55 2020 73.145.223.125:32795 51.137.137.111:123
Highlighted
Regular Contributor

Re: what are these ip address?

Lol.... I think what it *supposed* to mean is that the device has detected/blocked DoS or Denial of Service attacks against your device.    A DoS is a means to make your device stop/slow normal work by keeping it busy doing wasteful work.  However, I see 75.75.75.75 using port 53 (75.75.75.75, port 53).   The machine 75.75.75.75 is one of the comcast name servers and port 53 is the DNS port.    This should *not* be an attempted DoS and it is normal activity. 

 

Based on the rest of the report I believe your router IP is 73.145.223.125.     Connections to 75.75.75.75:53 is *normal*.     Port 123 is NTP or Network Time Protocol, it's how systems keep accurate time and again, it's *normal* to periodically consult NTP servers to maintain time.

 

Ports 32099 and 32100 are unassigned ports.   Generally unassigned ports are used once a connection has been established on a well known port and the connection is moved to a random unassigned ports until the connection is closed.

 

There is a tool called nslookup.   You give nslookup the IP address and it will tell you the name associated with the IP address.   The content in bold is the answer you seek.   Your connection went to a cloud device managed in Amazon cloud.    Do you have a smart device in your home?   If so, that was likely the source of that connection.

 

element: 06:47:27 > nslookup
> 54.214.22.83
Server: 192.168.64.14
Address: 192.168.64.14#53

Non-authoritative answer:
83.22.214.54.in-addr.arpa name = ec2-54-214-22-83.us-west-2.compute.amazonaws.com.

Authoritative answers can be found from:
. nameserver = k.root-servers.net.
. nameserver = h.root-servers.net.
. nameserver = e.root-servers.net.
. nameserver = a.root-servers.net.
. nameserver = i.root-servers.net.
. nameserver = l.root-servers.net.
. nameserver = c.root-servers.net.
. nameserver = b.root-servers.net.
. nameserver = m.root-servers.net.
. nameserver = f.root-servers.net.
. nameserver = g.root-servers.net.
. nameserver = d.root-servers.net.
. nameserver = j.root-servers.net.
>

 

 

 

All in all, nothing to worry about.   DoS attacks require 100s to 1000s to 10,000s of connections per second to be effective.    You are no where near that threshold and the connections listed are desirable connections. 

Highlighted
Frequent Visitor

Re: what are these ip address?

ok thanks i have a 5 ip cameras but they are ported way out in never never land no where near the 80 888 8080 90 etc. they were set to from the factory. 

 

last week i had to do a factory reset because my new modem that was actually a used one would let me see my email on yahoo and youtube but nothing else got thru. so i did a netgear genie program reset, that did not work so i went and pushed the button and it worked for a bit then i found i had the deny dos and port scans checked, this one checks by default. then i had ip address set on static, i did that for the cameras so i do not have to reset the ip address in them every few weeks, so i turned thet to dynamic. then i unchecked that disable the dos and port scans and then i changed one more item that now i forget. but since then the event logs have been empty which is good and i have not had any online issues, and only these log entries form what i posted. 

 

my old modem did not matter if i left the ip address at static, but then i mayhave have an ip address someone else was also using, and that messed with me and maybe them.  who know!

 

so maybe one of my cameras are asking for amazon or a tablet. i have a verizon tablet i use to see my cameras up in the ketchen where i have this pc and do my online stuff. all i have left after i retired.  or maybe the nvr i ue to connect the ip cameras to.  that may be that amazon device even though i got it from china they may use amazon for there cloud service. 

 

so i will just let thsoe run and forget them. i may even just uncheck the boxes and thay will not get logged and forget them.

thanks