Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus)Dos attack from 198.18.10.205 with 2Degrees
yeaaaaaahh

15 posts

Geek


#302517 28-Nov-2022 20:19
Send private message

Hey team,

 

 

 

I've been receiving constant "Dos attack" warnings on my Netgear R8500 from the same IP address.
The same thing happened 6 months ago with the same address - eventually went away

 

2Degrees told me it's my router that is the problem (because it's not their standard POS).

 

[DoS attack: STORM] (386) attack packets in last 20 sec from ip [198.18.10.205], Monday, Nov 28,2022 20:10:49
[DoS attack: STORM] (589) attack packets in last 20 sec from ip [198.18.10.205], Monday, Nov 28,2022 20:10:04
[DoS attack: STORM] (290) attack packets in last 20 sec from ip [198.18.10.205], Monday, Nov 28,2022 20:09:44
[DoS attack: STORM] (649) attack packets in last 20 sec from ip [198.18.10.205], Monday, Nov 28,2022 20:09:03
[DoS attack: STORM] (1192) attack packets in last 20 sec from ip [198.18.10.205], Monday, Nov 28,2022 20:07:58
[DoS attack: STORM] (706) attack packets in last 20 sec from ip [198.18.10.205], Monday, Nov 28,2022 20:07:37
[DoS attack: STORM] (1238) attack packets in last 20 sec from ip [198.18.10.205], Monday, Nov 28,2022 20:07:04
[DoS attack: STORM] (809) attack packets in last 20 sec from ip [198.18.10.205], Monday, Nov 28,2022 20:06:44
[DoS attack: STORM] (838) attack packets in last 20 sec from ip [198.18.10.205], Monday, Nov 28,2022 20:06:00
[DoS attack: STORM] (40) attack packets in last 20 sec from ip [198.18.10.205], Monday, Nov 28,2022 20:05:40

 

One thing I did find is that 198.18.0.0 is a IPv4 Bogon range for Network interconnect device benchmark testing.

Create new topic
Linux
10287 posts

Uber Geek

Trusted
Lifetime subscriber

  #3002803 28-Nov-2022 20:39
Send private message

Are you sure this is DDOS attack?

 
 
 
 

GoodSync. Easily back up and sync your files with GoodSync. Simple and secure file backup and synchronisation software will ensure that your files are never lost (affiliate link).
yeaaaaaahh

15 posts

Geek


  #3002806 28-Nov-2022 20:45
Send private message

Not at all, I suspect it is something 2degrees is doing on their end.

allan
1892 posts

Uber Geek

ID Verified
Lifetime subscriber

  #3002824 28-Nov-2022 22:07
Send private message

who.is reports the following for that IP address range:

 

NetRange:       198.18.0.0 - 198.19.255.255
CIDR:           198.18.0.0/15
NetName:        SPECIAL-IPV4-BENCHMARK-TESTING-IANA-RESERVED
NetHandle:      NET-198-18-0-0-1
Parent:         NET198 (NET-198-0-0-0-0)
NetType:        IANA Special Use
OriginAS:
Organization:   Internet Assigned Numbers Authority (IANA)
RegDate:        1992-11-23
Updated:        2013-08-30
Comment:        Addresses starting with "198.18." or "198.19." are set aside for use in isolated laboratory networks used for benchmarking and performance testing.  They should never appear on the Internet and if you see Internet traffic using these addresses, they are being used without permission.
Comment:
Comment:        This assignment was made by the IETF, the organization that develops Internet protocols, in RFC 2544, which can be found at:
Comment:        http://datatracker.ietf.org/doc/rfc2544
Ref:            https://rdap.arin.net/registry/ip/198.18.0.0



yitz
1873 posts

Uber Geek


  #3002826 28-Nov-2022 22:14
Send private message

It's the range they use for their CG-NAT boxes if you do a traceroute. So something not quite transparent going on? Reminds me of the transparent web caching proxy days when you get random packets from the cache farm IPs.

 

If your Netgear is running strict/symmetric NAT on the IPv4 WAN interface then a change to 3-tuple full cone NAT then those entries might disappear.

xpd

xpd
aka Fast Raccoon !
12997 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #3002943 29-Nov-2022 08:42
Send private message

Is it causing network/connectivity problems for you ? If not, dont worry about it.... be like the good old Zonealarm days on dialup.... people blocking their ISP DNS servers because they were being "attacked" by it, then ringing the helpdesk to say their connection had been "hacked"... 

 

Dont read too much into it.

 

 




       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

       xpd.co.nz - Retro gaming, geek stuff and more    kiwiblast.co.nz - Lego and more

 

       Support Kiwi music!   The People   Black Smoke Trigger   Like A Storm   Devilskin

yeaaaaaahh

15 posts

Geek


  #3002944 29-Nov-2022 08:47
Send private message

xpd:

 

Is it causing network/connectivity problems for you ? If not, dont worry about it.... be like the good old Zonealarm days on dialup.... people blocking their ISP DNS servers because they were being "attacked" by it, then ringing the helpdesk to say their connection had been "hacked"... 

 

Dont read too much into it.

 

 

 

 

Yes causing complete outage :(

yeaaaaaahh

15 posts

Geek


  #3002946 29-Nov-2022 08:50
Send private message

yitz:

 

It's the range they use for their CG-NAT boxes if you do a traceroute. So something not quite transparent going on? Reminds me of the transparent web caching proxy days when you get random packets from the cache farm IPs.

 

If your Netgear is running strict/symmetric NAT on the IPv4 WAN interface then a change to 3-tuple full cone NAT then those entries might disappear.

 

 

 

 

Router doesn't provide much/any config like this.

 

 

 

 

I did also try Disabling port scan and DoS Protection, which didn't resolve the outages



michaelmurfy
cat
12218 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #3002955 29-Nov-2022 09:13
Send private message

Why not just use the Fritz!Box that 2degrees provide? It works and very well at that and is also better than your current router.




Michael Murphy | https://murfy.nz
Referral Links: Tessie | Tesla | Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

robjg63
3833 posts

Uber Geek

Subscriber

  #3002972 29-Nov-2022 09:50
Send private message

Is your router running the latest firmware? Looks like maybe there was an update in May this year?

 

https://kb.netgear.com/000065097/R8500-Firmware-Version-1-0-2-160

 

 

 

I see a few posts online complaining that the Netgear routers are a bit trigger happy with perceived DDOS attacks....




Nothing is impossible for the man who doesn't have to do it himself - A. H. Weiler

xpd

xpd
aka Fast Raccoon !
12997 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #3002975 29-Nov-2022 10:04
Send private message

Plug in the Fritzbox, if problems go away, then confirmed its the other router. 

 

Up to you then if you want to persist with fixing your own router yourself, but 2D wont be able to assist as the connection itself is working as it should.

 

 

 

What do you consider "POS" about the Fritz ? I've found it to be one of the most reliable units I've ever had an ISP supply me with, including the Zyxel's that Voyager used to supply. Its accepted every change I've given it for NAT without hassle, run my VoIP etc etc. Things uptime outdoes my home server uptime :D

 

 




       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

       xpd.co.nz - Retro gaming, geek stuff and more    kiwiblast.co.nz - Lego and more

 

       Support Kiwi music!   The People   Black Smoke Trigger   Like A Storm   Devilskin

Lias
5223 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #3002997 29-Nov-2022 11:10
Send private message

yeaaaaaahh:

 

... Netgear ...

 

 

I found the problem.




I'm a geek, a gamer, a dad and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it.

yeaaaaaahh

15 posts

Geek


  #3003213 29-Nov-2022 17:31
Send private message

2Degrees originally gave me one of those Huawei hunks of junk (i returned it), which I replaced with the R8500 - which while being Netgear, is a beast.

 

It's running the latest firmware also.

 

 

 

The "attacks" have stopped since last night, if they flare up again I'll see if 2Degrees can send me a fritz!box so I can work out if it is my current router or not.

 

 

 

Thanks for the input all!

 

 

michaelmurfy
cat
12218 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #3003295 29-Nov-2022 19:03
Send private message

2degrees never used Huawei. They’ve always used Fritz!Box on xDSL and Fibre. But even the Huawei is actually not a “hunk of junk” and is still a capable router.

It’s been years now since providers have actually given people ewaste.




Michael Murphy | https://murfy.nz
Referral Links: Tessie | Tesla | Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

Create new topic





News and reviews »

Samsung Announces Galaxy AI
Posted 28-Nov-2023 14:48

Epson Launches EH-LS650 Ultra Short Throw Smart Streaming Laser Projector
Posted 28-Nov-2023 14:38

Fitbit Charge 6 Review 
Posted 27-Nov-2023 16:21

Cisco Launches New Research Highlighting Gap in Preparedness for AI
Posted 23-Nov-2023 15:50

Seagate Takes Block Storage System to New Heights Reaching 2.5 PB
Posted 23-Nov-2023 15:45

Seagate Nytro 4350 NVMe SSD Delivers Consistent Application Performance and High QoS to Data Centers
Posted 23-Nov-2023 15:38

Amazon Fire TV Stick 4k Max (2nd Generation) Review
Posted 14-Nov-2023 16:17

Over half of New Zealand adults surveyed concerned about AI shopping scams
Posted 3-Nov-2023 10:42

Super Mario Bros. Wonder Launches on Nintendo Switch
Posted 24-Oct-2023 10:56

Google Releases Nest WiFi Pro in New Zealand
Posted 24-Oct-2023 10:18

Amazon Introduces All-New Echo Pop in New Zealand
Posted 23-Oct-2023 19:49

HyperX Unveils Their First Webcam and Audio Mixer Plus
Posted 20-Oct-2023 11:47

Seagate Introduces Exos 24TB Hard Drives for Hyperscalers and Enterprise Data Centres
Posted 20-Oct-2023 11:43

Dyson Zone Noise-Cancelling Headphones Comes to New Zealand
Posted 20-Oct-2023 11:33

The OPPO Find N3 Launches Globally Available in New Zealand Mid-November
Posted 20-Oct-2023 11:06








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac






RSS feeds
Main feed
Forums feed
Copyright
©2002-2023 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Affiliate links
Mighty Ape
Sharesies
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.