HELP!! DOS Attack Scans! I'm Worried!

That IP address belongs to Apple

You worry far too much.

Ask Apple why they do what they do, I am an Apple user, just like you except that I know how to look up an IP address.

Do you use Torrents?? Even game server on your computer could be joined by people from all over the world.

If so you can expect to see what appears to be DoS attacks when you shut it down.

Otherwise it is just part of living in a connected world. DoS attack cannot be fixed by you.. it is incoming attack against your public IP.

Power off your router for 15min and see if you get a different IP when it comes back up.. if not talk to your ISP about the problem. They can block it..

A real DoS attack will only really happen if you are getting rapid attempts to access your system.. and in the end the only purpose is to deny service.. Not actual hacking.

You are not really being DoS attacked.. this is just standard firewall stuff.

[DoS attack: ACK Scan] from source: 17.133.231.9:993 Friday, March 18,2016 12:15:44

[DoS attack: ACK Scan] from source: 17.133.231.9:993 Friday, March 18,2016 12:15:10

[DoS attack: ACK Scan] from source: 17.133.231.9:993 Friday, March 18,2016 12:14:36

[DoS attack: ACK Scan] from source: 17.133.231.9:993 Friday, March 18,2016 12:11:18

[DoS attack: ACK Scan] from source: 17.133.231.9:993 Friday, March 18,2016 12:10:41

[DoS attack: ACK Scan] from source: 17.133.231.9:993 Friday, March 18,2016 12:10:19

6 attempts over 5min.. is trivial. (Note it can be genuine from something you have turned off.. so much stuff is cloud connected now. The router firewall is noting it but wrongly assigning it to DoS attack).

This might be why Apple do not turn on the firewall log.. or even use a SPI firewall in their router. It just causes paranoia in users.

Every router connected to the internet will have this kind of report. Much worse generally in fact. I would expect up to 10 knocks on the door a minute.. (my cable supplier in those days was unconcerned about bots in their network).

You are really not under threat if you see the firewall in the Netgear giving you messages.. it is blocking any of those attempts.. the real threat is the ones that get through the firewall and those are not on the list.

Did you have a compromised computer or device on the network at any time? If you did there can be a lot of incoming connections to it.. and they can persist for a long time when the kiddie scripters know you exist.

Why is apple scanning my router doing dos attack scans to it?

None of the addresses are real.. they are spoofed by the people who mount these attacks.

Your router will stop the vast majority of break in attempts. Your computer firewall will stop some more but that is more important to block the dial home type of stuff already in there.

Welcome to the internet.

One ping every 20sec is not an attack.. it is standard internet people knocking on your door to find if anyone is home.

Netgear do have some models with poor firmware.. So I would check.. especially some of the voip models could be vunerable.

This is from another thread so I do not claim anything about it.. other than you should look up the reference yourself..

Hi everyone,

Just a quick heads up. I couldn't find this in the forums.

Back in February 2015, an exploit was published affecting many different Netgear router models whereby any local user could determine the router's management password and other information.

Even today Netgear has not released an updated firmware to fix this vulnerability for my router (WNDR3700v2).

Lists of routers verified as affected include:
NetGear WNDR3700v4 – V1.0.0.4SH
NetGear WNDR3700v4 – V1.0.1.52
NetGear WNR2200 – V1.0.1.88
NetGear WNR2500 – V1.0.0.24
NetGear WNDR3700v2 – V1.0.1.14 (Tested by Paula Thomas)
NetGear WNDR3700v1 – V1.0.16.98 (Tested by Michał Bartoszkiewicz)
NetGear WNDR3700v1 – V1.0.7.98 (Tested by Michał Bartoszkiewicz)
NetGear WNDR4300 – V1.0.1.60 (Tested by Ronny Lindner)
NetGear R6300v2 – V1.0.3.8 (Tested by Robert Müller)
NetGear WNDR3300 – V1.0.45 (Tested by Robert Müller)*
NetGear WNDR3800 – V1.0.0.48 (Tested by an Anonymous contributor)
NetGear WNR1000v2 – V1.0.1.1 (Tested by Jimi Sebree)
NetGear WNR1000v2 – V1.1.2.58 (Tested by Chris Boulton)
NetGear WNR2200 – V1.0.1.76 (Tested by Marcin Praczko)
NetGear WNR2000v3 – v1.1.2.6 (Tested by Shelby Spencer)
NetGear WNR2000v3 – V1.1.2.10 (Tested by Roland Schiebel)
NetGear R7500 – V1.0.0.82 (Tested by Team Event Tech)

More info is available at https://github.com/darkarnium/secpub/tree/master/NetGear/SOAPWNDR

If you're running a vulnerable firmware, and Netgear isn't updating your firmware, it seems like the only option to become secure is to revert to a third party firmware (eg, DD-WRT).

Obviously Netgear does not take security seriously.

when I look up the reference the vulnerability is only if you have wan management turned on. This is unlikely to be the case for you or most people.

Or you have people who are not trusted users in your local network.