i looking at the netgear genie and in advanced and then admin and then logs and i see these
i unchecked all the boxes but for these below. should i just uncheck these? or should i check more? or do these mean nothing?
i do not have any event logs anymore since i got the modem to work better? i changed 1 terminal on the end of the cable enterning the modem and that must have fixed that issue. now to get an answer to this? thanks
|Include in Log|
|Attempted access to blocked sites and services|
|Connections to the Web-based interface of this Gateway|
|Gateway operation (startup, get time etc.)|
|Known DoS attacks and Port Scans|
|Port Forwarding / Port Triggering|
|Turn off wireless signal by schedule|
|[DoS attack: TCP- or UDP-based Port Scan] from 220.127.116.11, port 32100||1||Mon Feb 03 07:31:02 2020||18.104.22.168:3498||22.214.171.124:32100|
|[DoS attack: TCP- or UDP-based Port Scan] from 126.96.36.199, port 123||1||Mon Feb 03 07:15:49 2020||188.8.131.52:56325||184.108.40.206:123|
|[DoS attack: TCP- or UDP-based Port Scan] from 220.127.116.11, port 53||1||Mon Feb 03 07:02:54 2020||18.104.22.168:53616||22.214.171.124:53|
|[DoS attack: TCP- or UDP-based Port Scan] from 126.96.36.199, port 32100||1||Mon Feb 03 06:26:38 2020||188.8.131.52:3371||184.108.40.206:32100|
|[DoS attack: TCP- or UDP-based Port Scan] from 220.127.116.11, port 123||1||Mon Feb 03 06:17:56 2020||18.104.22.168:49467||22.214.171.124:123|
|[DoS attack: TCP- or UDP-based Port Scan] from 126.96.36.199, port 53||1||Mon Feb 03 06:12:58 2020||188.8.131.52:9220||184.108.40.206:53|
|[DoS attack: TCP- or UDP-based Port Scan] from 220.127.116.11, port 32099||1||Mon Feb 03 05:31:05 2020||18.104.22.168:3267||22.214.171.124:32099|
|[DoS attack: TCP- or UDP-based Port Scan] from 126.96.36.199, port 123||1||Mon Feb 03 05:28:48 2020||188.8.131.52:41667||184.108.40.206:123|
|[DoS attack: TCP- or UDP-based Port Scan] from 220.127.116.11, port 53||1||Mon Feb 03 05:19:54 2020||18.104.22.168:43728||22.214.171.124:53|
|[DoS attack: TCP- or UDP-based Port Scan] from 126.96.36.199, port 123||1||Mon Feb 03 04:54:55 2020||188.8.131.52:32795||184.108.40.206:123|
Solved! Go to Solution.
Lol.... I think what it *supposed* to mean is that the device has detected/blocked DoS or Denial of Service attacks against your device. A DoS is a means to make your device stop/slow normal work by keeping it busy doing wasteful work. However, I see 220.127.116.11 using port 53 (18.104.22.168, port 53). The machine 22.214.171.124 is one of the comcast name servers and port 53 is the DNS port. This should *not* be an attempted DoS and it is normal activity.
Based on the rest of the report I believe your router IP is 126.96.36.199. Connections to 188.8.131.52:53 is *normal*. Port 123 is NTP or Network Time Protocol, it's how systems keep accurate time and again, it's *normal* to periodically consult NTP servers to maintain time.
Ports 32099 and 32100 are unassigned ports. Generally unassigned ports are used once a connection has been established on a well known port and the connection is moved to a random unassigned ports until the connection is closed.
There is a tool called nslookup. You give nslookup the IP address and it will tell you the name associated with the IP address. The content in bold is the answer you seek. Your connection went to a cloud device managed in Amazon cloud. Do you have a smart device in your home? If so, that was likely the source of that connection.
element: 06:47:27 > nslookup
184.108.40.206.in-addr.arpa name = ec2-54-214-22-83.us-west-2.compute.amazonaws.com.
Authoritative answers can be found from:
. nameserver = k.root-servers.net.
. nameserver = h.root-servers.net.
. nameserver = e.root-servers.net.
. nameserver = a.root-servers.net.
. nameserver = i.root-servers.net.
. nameserver = l.root-servers.net.
. nameserver = c.root-servers.net.
. nameserver = b.root-servers.net.
. nameserver = m.root-servers.net.
. nameserver = f.root-servers.net.
. nameserver = g.root-servers.net.
. nameserver = d.root-servers.net.
. nameserver = j.root-servers.net.
All in all, nothing to worry about. DoS attacks require 100s to 1000s to 10,000s of connections per second to be effective. You are no where near that threshold and the connections listed are desirable connections.
ok thanks i have a 5 ip cameras but they are ported way out in never never land no where near the 80 888 8080 90 etc. they were set to from the factory.
last week i had to do a factory reset because my new modem that was actually a used one would let me see my email on yahoo and youtube but nothing else got thru. so i did a netgear genie program reset, that did not work so i went and pushed the button and it worked for a bit then i found i had the deny dos and port scans checked, this one checks by default. then i had ip address set on static, i did that for the cameras so i do not have to reset the ip address in them every few weeks, so i turned thet to dynamic. then i unchecked that disable the dos and port scans and then i changed one more item that now i forget. but since then the event logs have been empty which is good and i have not had any online issues, and only these log entries form what i posted.
my old modem did not matter if i left the ip address at static, but then i mayhave have an ip address someone else was also using, and that messed with me and maybe them. who know!
so maybe one of my cameras are asking for amazon or a tablet. i have a verizon tablet i use to see my cameras up in the ketchen where i have this pc and do my online stuff. all i have left after i retired. or maybe the nvr i ue to connect the ip cameras to. that may be that amazon device even though i got it from china they may use amazon for there cloud service.
so i will just let thsoe run and forget them. i may even just uncheck the boxes and thay will not get logged and forget them.