DoS Attacks in router logs, intermittent service drops

Question

Hello everyone, I've seen a few posts similar to this. I'm not sure if anybody has come to a solution or even a logical explanation to this. My router is a Netgear Nighthawk C7000 AC1900. I'm getting tons of DoS attacks of different types in the router logs. I've tried rebooting and factory resetting router, changing SSID and passwords, renewing IP (that didn't work, I don't know why I always get the same IP even after resetting router or unplugging the coax cable).
Some of the attacks (Port Scan) are coming from one of cox DNS servers (68.105.28.11)!!! The rest are from different IPs. I've narrowed down the problem disconnecting everything from the WIFI and leaving only my PC and the attacks were reduced to only a few of the Port Scan I mentioned before, but as soon as I connect the first iPhone the attack flooding begins.
Below a summary of the different attacks from the router logs. Pls can someone explain what's going on and how to stop this.
Thanks

Description
Count
Last Occurrence
Target
Source

[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0
1
Tue Jan 23 20:20:33 2018
97.145.11.206:0
14.3.101.0:0

[DoS attack: Ping Of Death] from 14.3.101.0, port 0
2
Tue Jan 23 20:15:21 2018
125.88.193.241:0
14.3.101.0:0

[DoS attack: TCP- or UDP-based Port Scan] from 68.105.28.11, port 53
1
Tue Jan 23 20:12:34 2018
68.224.109.22:41345
68.105.28.11:53

[DoS attack: Ping Of Death] from 14.3.101.0, port 0
2
Tue Jan 23 20:06:45 2018
125.182.63.147:0
14.3.101.0:0

[DoS attack: TCP- or UDP-based Port Scan] from 68.105.28.11, port 53
1
Tue Jan 23 20:06:03 2018
68.224.109.22:52024
68.105.28.11:53

[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0
4
Tue Jan 23 20:04:08 2018
124.240.8.132:0
14.3.101.0:0

[DoS attack: Ping Of Death] from 14.3.101.0, port 0
2
Tue Jan 23 19:57:15 2018
125.88.193.241:0
14.3.101.0:0

[DoS attack: SYN Flood] from 23.58.156.99, port 80
1
Tue Jan 23 19:54:46 2018
192.168.0.13:54380
23.58.156.99:80

[DoS attack: Ping Of Death] from 14.3.101.0, port 0
1
Tue Jan 23 19:52:57 2018
124.240.8.132:0
14.3.101.0:0

[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0
4
Tue Jan 23 19:39:00 2018
125.182.63.147:0
14.3.101.0:0

[DoS attack: SYN Flood] from 23.58.156.99, port 80
1
Tue Jan 23 19:35:58 2018
192.168.0.13:59786
23.58.156.99:80

[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0
1
Tue Jan 23 19:32:45 2018
125.182.63.147:0
14.3.101.0:0

[DoS attack: Ping Of Death] from 14.3.101.0, port 0
14
Tue Jan 23 19:32:12 2018
125.182.63.147:0
14.3.101.0:0

[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0
3
Tue Jan 23 19:31:39 2018
125.182.63.147:0
14.3.101.0:0

[DoS attack: Ping Of Death] from 14.3.101.0, port 0
3
Tue Jan 23 19:31:38 2018
125.182.63.147:0
14.3.101.0:0

[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0
1
Tue Jan 23 19:29:40 2018
124.240.8.132:0
14.3.101.0:0

[DoS attack: Ping Of Death] from 14.3.101.0, port 0
3
Tue Jan 23 19:28:34 2018
124.240.8.132:0
14.3.101.0:0

[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0
167
Tue Jan 23 19:27:51 2018
124.240.8.132:0
14.3.101.0:0

[DoS attack: Illegal Fragments] from 14.3.101.0, port 0
1
Tue Jan 23 19:26:34 2018
125.182.63.147:0
14.3.101.0:0

[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0
3
Tue Jan 23 19:26:34 2018
125.182.63.147:0
14.3.101.0:0

[DoS attack: Ping Of Death] from 14.3.101.0, port 0
2
Tue Jan 23 19:25:31 2018
124.240.8.132:0
14.3.101.0:0

[DoS attack: Illegal Fragments] from 14.3.101.0, port 0
1
Tue Jan 23 19:24:32 2018
125.182.63.147:0
14.3.101.0:0

[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0
2
Tue Jan 23 19:24:16 2018
125.182.63.147:0
14.3.101.0:0

[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0
1
Tue Jan 23 19:23:40 2018
124.240.8.132:0
14.3.101.0:0

ahh · Answer

I forgot to add that this IP address (14.3.101.0) appears in the list of connected devices under different device names (my iphone, my wife's iphone and so on..., it switches names randomly. I keeps coming back after I reset router and connect the first iphone to my WIFI.
Any idea how can this happens?

chrisl · Answer

@AHH

DDoS events are common in Netgear router logs.  This is typically how many error events are categorized.  The port scans from 68.105.28.11 are actually replies to DNS queries initiated by internal devices on the home network and can be safely disregarded.

ahh · Answer

Hi Chris, thanks for replying. I understand the Port scans for the DNS queries, but how can be explained that an external IP is showing up in my connected devices under one of our iphone's names and with the same MAC address, and from time to time it switches to another iphone name. Is this a glitch in Netgear routers?&nbsp;

chrisl · Answer

@AHH

That one is harder to explain however if all of this starts when connecting your iPhone I suspect the problem likely lies there.

ahh · Answer

Yeah I though so, I was on a web chat with technical support from Apple yesterday and they said it's my ISP problem not the iPhone. The COX technician was here yesterday and did a hard reset on the router, changed external IP address but it all started again, meantime, I can't watch an entire movie in Netflix without service interruptions and I'm paying for 50Mbps internet speed!!
Any suggestions on how to proceed next?

Forum Discussion

DoS Attacks in router logs, intermittent service drops

8 Replies

Related Content

New to Cox Internet, having Intermittent issues

Internet quality intermittently bad causing drops of service over the past few weeks

Internet failing intermittently

Intermittent internet quality and upstream issues

Intermittent disconnects and packet loss

Recent Discussions

Cox service is making me lose my hair!!!

Cox Email Transition Link

Cox.net to Yahoo

Successful COX to Yahoo email transition with Thunderbird

Cox email transition - has anyone completed the transition to Yahoo

Description	Count	Last Occurrence	Target	Source
[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0	1	Tue Jan 23 20:20:33 2018	97.145.11.206:0	14.3.101.0:0
[DoS attack: Ping Of Death] from 14.3.101.0, port 0	2	Tue Jan 23 20:15:21 2018	125.88.193.241:0	14.3.101.0:0
[DoS attack: TCP- or UDP-based Port Scan] from 68.105.28.11, port 53	1	Tue Jan 23 20:12:34 2018	68.224.109.22:41345	68.105.28.11:53
[DoS attack: Ping Of Death] from 14.3.101.0, port 0	2	Tue Jan 23 20:06:45 2018	125.182.63.147:0	14.3.101.0:0
[DoS attack: TCP- or UDP-based Port Scan] from 68.105.28.11, port 53	1	Tue Jan 23 20:06:03 2018	68.224.109.22:52024	68.105.28.11:53
[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0	4	Tue Jan 23 20:04:08 2018	124.240.8.132:0	14.3.101.0:0
[DoS attack: Ping Of Death] from 14.3.101.0, port 0	2	Tue Jan 23 19:57:15 2018	125.88.193.241:0	14.3.101.0:0
[DoS attack: SYN Flood] from 23.58.156.99, port 80	1	Tue Jan 23 19:54:46 2018	192.168.0.13:54380	23.58.156.99:80
[DoS attack: Ping Of Death] from 14.3.101.0, port 0	1	Tue Jan 23 19:52:57 2018	124.240.8.132:0	14.3.101.0:0
[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0	4	Tue Jan 23 19:39:00 2018	125.182.63.147:0	14.3.101.0:0
[DoS attack: SYN Flood] from 23.58.156.99, port 80	1	Tue Jan 23 19:35:58 2018	192.168.0.13:59786	23.58.156.99:80
[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0	1	Tue Jan 23 19:32:45 2018	125.182.63.147:0	14.3.101.0:0
[DoS attack: Ping Of Death] from 14.3.101.0, port 0	14	Tue Jan 23 19:32:12 2018	125.182.63.147:0	14.3.101.0:0
[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0	3	Tue Jan 23 19:31:39 2018	125.182.63.147:0	14.3.101.0:0
[DoS attack: Ping Of Death] from 14.3.101.0, port 0	3	Tue Jan 23 19:31:38 2018	125.182.63.147:0	14.3.101.0:0
[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0	1	Tue Jan 23 19:29:40 2018	124.240.8.132:0	14.3.101.0:0
[DoS attack: Ping Of Death] from 14.3.101.0, port 0	3	Tue Jan 23 19:28:34 2018	124.240.8.132:0	14.3.101.0:0
[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0	167	Tue Jan 23 19:27:51 2018	124.240.8.132:0	14.3.101.0:0
[DoS attack: Illegal Fragments] from 14.3.101.0, port 0	1	Tue Jan 23 19:26:34 2018	125.182.63.147:0	14.3.101.0:0
[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0	3	Tue Jan 23 19:26:34 2018	125.182.63.147:0	14.3.101.0:0
[DoS attack: Ping Of Death] from 14.3.101.0, port 0	2	Tue Jan 23 19:25:31 2018	124.240.8.132:0	14.3.101.0:0
[DoS attack: Illegal Fragments] from 14.3.101.0, port 0	1	Tue Jan 23 19:24:32 2018	125.182.63.147:0	14.3.101.0:0
[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0	2	Tue Jan 23 19:24:16 2018	125.182.63.147:0	14.3.101.0:0
[DoS attack: Teardrop or derivative] from 14.3.101.0, port 0	1	Tue Jan 23 19:23:40 2018	124.240.8.132:0	14.3.101.0:0