Forum Discussion

Shuli's avatar
Shuli
New Contributor

Next step in resolving issues in router log

From Cox IPs I am getting the following MANY messages on my router log:

  • [TCP- or UDP-based Port Scan ] 
  • [TCP- or UDP-based Port Scan AddPortMapping]

From other IPs I am getting 

  • [LAN access from remote ]
  • [Ping Of Death ]
  • Teardrop of derivative
  • Illegal fragments
Yesterday I chatted with online help who opened a ticket for me, but when i called today to follow up, that ticket was on the wrong account so I waited while another ticket was opened. Then I spoke with tier 2 support who told me that they couldn't do anything and that if the source was Cox IP, then abuse@cox.net could help. I sent a log to abuse@cox.net and heard nothing.
Remote Management and Upnp are disabled. It seems like my ISP, Cox, should protect me from Denial of Service attacks, no? Perhaps I have too high an expectation, but it seems like if customers can't use their internet service, they will cancel. I certainly will.
How do I get these issues resolved? The suddenly started appearing on Saturday 2/25/2017.
Thanks to anyone who can provide an educated suggestion.

Denial of Service
Ping of Death

3 Replies

Sort By
Most LikedOldestNewest
Replies have been turned off for this discussion
  • ChrisL's avatar
    ChrisL
    Former Moderator
    @Shuli

    In situations were a true denial of service attack is occurring the procedure for stopping it would be to disconnect the victim's service until evidence of an attack stops. What I think you're seeing however is normal daily firewall log noise. Typically on my router/firewall I'll see about 300,000 entries like these per day without any adverse impact on service.

  • Shuli's avatar
    Shuli
    New Contributor

    Thanks Chris. Not sure why, but these suddenly started appearing last weekend after having internet service for years and years. This particular gateway has been in use for at least two years.

    These don't sound harmless to me

    • [TCP- or UDP-based Port Scan AddPortMapping]
    • [LAN access from remote ] -- remote access is turned off
    • [TCP- or UDP-based Port Scan DeletePortMapping]
    Might there be a security issue with the gateway? It is a Netgear N450. I see conversations about it and this sounds like a possibility.
    At the time I purchased it, it was recommended by Cox.

  • ChrisL's avatar
    ChrisL
    Former Moderator
    @Shuli

    I was actually going to ask if it was a Netgear. While I may see similar events in my home made firewall it seems only Netgear devices report such events in this way. I suspect their most likely false alarms.