Now I am getting this in my logs. The 192.168.0.55 is the Hopper3.
Sent from my SM-G930P using the SatelliteGuys app!
Internal Teardrop DOS Attack from Joey
- Thread starter SBD
- Start date
- Latest activity Latest activity:
- Replies 30
- Views 5K
Now I am getting this in my logs. The 192.168.0.55 is the Hopper3.
Sent from my SM-G930P using the SatelliteGuys app!
There's nothing wrong here, other than the receiver being a little too chatty. The 10102 broadcasts are Play-Fi support.
Where are you seeing this? Nothing in technical specs for Play-Fi and IANA has 10102 registered to eZproxy, not Play-Fi. (not that they cannot share the same port, but wouldn't be good on the same networks).
Agree with JM42 and Scott -- nothing to worry about. The 'problem' here is poorly written firmware in the router causing a false alarm.
A couple of packets every few seconds is nowhere near enough for a denial of service attack.
Also, you should see a Wireshark capture of traffic of an average home network. You would probably see hundreds or thousands of packets of assorted types every minute. Most are small packets checking for device discovery, announcement of services available, acknowledgements, etc.
My Pace DVR (for Cable TV), TiVo, Slingbox and printer are the source for most of the traffic on my network. Whenever I want to diagnose a device I have to setup Wireshark to filter out all the rest of the traffic except for what I want, or it gets lost in the flood of other stuff.
A couple of packets every few seconds is nowhere near enough for a denial of service attack.
Also, you should see a Wireshark capture of traffic of an average home network. You would probably see hundreds or thousands of packets of assorted types every minute. Most are small packets checking for device discovery, announcement of services available, acknowledgements, etc.
My Pace DVR (for Cable TV), TiVo, Slingbox and printer are the source for most of the traffic on my network. Whenever I want to diagnose a device I have to setup Wireshark to filter out all the rest of the traffic except for what I want, or it gets lost in the flood of other stuff.
I've seen SEVERAL netgear routers, including the newest ones (and highest end consumer) showing DoS attack logs that are...less than viable. In the netgear support forums, you'll see many folks asking these questions because something in the netgear kernel detects a common scan as an attack for whatever reason.
It sucks when your ISP charges you for packets received, whether they are dropped by the router as garbage or passed though as legit traffic...
If you did get DDoS'd....you'd like incur overages as your ISP would see all that traffic as legit whether you requested the packets or not...they just know it was sent to you..
Even if the router doesn't acknowledge the packets as being legit and drops it, the ISP's normally don't care...and still count towards usage.
It sucks when your ISP charges you for packets received, whether they are dropped by the router as garbage or passed though as legit traffic...
If you did get DDoS'd....you'd like incur overages as your ISP would see all that traffic as legit whether you requested the packets or not...they just know it was sent to you..
Even if the router doesn't acknowledge the packets as being legit and drops it, the ISP's normally don't care...and still count towards usage.
This is a old tread but I installed xfinty internet to go with the mobile plan and I keep getting warnings that they are blocking attacks on my hoppers . The IP address or from Italy and US does anyone with xfinty get the warnings ?
It's likely the same as Netgear's false reporting. My PS5 in rest mode has constant traffic..and I still get the fake attack traffic as listed below:
That's just a few lines from my current router (A Netgear RAXE300). My Netgear RAXE500 / AXE11000 does the same thing. I switch between the two and they both do this. I have been ignoring it for years because it's not affecting my network in any adverse way.
Code:
[DoS attack:ACK_Scan] from source: 31.13.65.3,port 443, Thursday, March 17, 2022 06:21:30
[DoS attack:ACK_Scan] from source: 157.240.229.34,port 443, Thursday, March 17, 2022 06:21:09
[DoS attack:ACK_Scan] from source: 157.240.229.34,port 443, Thursday, March 17, 2022 06:19:35
[DoS attack:ACK_Scan] from source: 157.240.229.34,port 443, Thursday, March 17, 2022 06:18:48
[DoS attack:ACK_Scan] from source: 157.240.229.34,port 443, Thursday, March 17, 2022 06:18:13
[DoS attack:ACK_Scan] from source: 192.168.1.14,port 38772, Thursday, March 17, 2022 06:16:48That's just a few lines from my current router (A Netgear RAXE300). My Netgear RAXE500 / AXE11000 does the same thing. I switch between the two and they both do this. I have been ignoring it for years because it's not affecting my network in any adverse way.
