Comcast XFINITY → [Connectivity] Possible DOS Attack ?

I have a 2 week old Netgear R-7000 and seen this in the log today.

[DoS attack: FIN Scan] attack packets in last 20 sec from ip [173.241.244.221]

Is this anything to be concerned about i have never seen this kind of log in any router i have owned. The log dont make it clear if this was just a attempt or they were successful. Any one have this happen and can give me advice whats actually going on here. I see the IP is from Cal.

By default the router has port scan and DoS protection turned on (firewalled).

You would have to disable it so if you did not disable the protection there is nothing to worry about as the log is just information of an attempt that was blocked.

Option is at ADVANCED > Setup > WAN Setup

Thanks for the fast reply. I did verify that Dos protection is enabled so i guess the attempt was blocked. I am use to Asus routers so i am still on a learning curve with this Netgear. Still strange because i have never seen this type of activity before with Asus routers although i have heard of others that have had the issue. Thanks Again !!

Perhaps that is because the ASUS router did not log Internet background noise (or at least didn't label it as an "attack"). Some router vendors seem to log almost every unsolicited inbound packet from the Internet as an "attack" just to impress the customer that their firewall was "protecting" them. Plus with some routers, you can customize the level of information that is put into the log file, so perhaps your Asus router was configured to not be quite as verbose as your current Netgear router.

My current D-Link routers do log normal internet background noise, but they simply label it [DROPPED-PACKET] rather than sensationalize it and call it an "attack".

And FYI, the "attack" IP address [173.241.244.221] belongs to an ad service called OpenX, so it was probably triggered by an iframe ad on some web site you visited.

Thanks NetFixer that does sound possible.

By default Asus routers do not have DoS protection enabled as, according to Asus, it would increase the routers workload.

Increase routers work load. Thats fine with me as long as it works.

May be assigned to a California-based company, but appears to be a server in the vicinity of Chicago:

Tracing route to ox-173-241-244-221.lc.dc.openx.org [173.241.244.221]
over a maximum of 30 hops:
 
  1    <1 ms    <1 ms    <1 ms  koyomi.aosake.net [192.168.102.1]
  2    20 ms    20 ms    21 ms  173-228-7-1.dsl.static.fusionbroadband.com [173.228.7.1]
  3    21 ms    20 ms    21 ms  gig1-4.cr1.lsatca11.sonic.net [70.36.243.13]
  4    32 ms    31 ms    32 ms  ae2.cr2.lsatca11.sonic.net [50.0.79.178]
  5    21 ms    20 ms    20 ms  50.ae4.gw.pao1.sonic.net [142.254.58.158]
  6    21 ms    21 ms    21 ms  te0-0-0-15.ccr21.sjc04.atlas.cogentco.com [38.104.141.81]
  7    22 ms    22 ms    22 ms  be2013.ccr21.sjc03.atlas.cogentco.com [154.54.5.105]
  8    22 ms    22 ms    25 ms  zayo.sjc03.atlas.cogentco.com [154.54.10.194]
  9    24 ms    22 ms    23 ms  ae10.cr2.sjc2.us.zip.zayo.com [64.125.31.73]
 10    74 ms    76 ms    74 ms  ae12.cr2.ord2.us.zip.zayo.com [64.125.24.233]
 11    75 ms    74 ms    74 ms  ae0.mpr2.ord6.us.zip.zayo.com [64.125.22.129]
 12    75 ms    74 ms    75 ms  xe-1-1-0.mpr1.ord3.us.zip.zayo.com [64.125.24.245]
 13    75 ms    74 ms    76 ms  208.185.23.218.t01380-03.above.net [208.185.23.218]
 14    80 ms    76 ms    75 ms  ox-69-6-88-1.openx.org [69.6.88.1]
 15    75 ms    75 ms    74 ms  ox-173-241-244-221.lc.dc.openx.org [173.241.244.221]
 
Trace complete.