Hackers and digital thieves attack individual users as much as they attack larger organizations these days, leaving many concerned home network users wondering how to stop DDoS attacks on Netgear router.
To be honest, the chances of an expert-level hacker attacking your home network with a DDoS attack is slim to none, because they typically target larger networks for business and financial reasons.
However, small-time trouble makers, such as competitive gamers, have been known to attack small home networks with DDoS attacks.
How You Can Block DDoS Attack on Netgear Router
You can mitigate DDoS attacks with NAT (Network Address Translation) to hide your public IP address.
The vast majority of SOHO (Small Office Home Office) wireless routers already have NAT as a basic feature.
That way, attackers cannot see the IP address assigned by your ISP. Optionally, you can also use a VPN tunnel to mask your public IP address.
How to Stop DDoS Attacks on Netgear Router – Complete Steps
A DDoS attack (Distributed Denial of Service) is an attempt by a hacker to use multiple computers to send fake and worthless data to your devices.
In so doing, the attacker hopes to overwhelm network and computing resources to cause a service outage.
A successful DDoS attack creates an unusable network with slow speeds so crippling the network becomes unusable and broken.
The following details the individual steps to secure your home network against DDoS attacks:
Step #1: Update the Router’s Firmware to the Latest Version
If it has been said once, it has been said a thousand times: always keep your hardware patched with the latest and greatest software and firmware updates.
I don’t mean to sound like a broken record, but there simply isn’t any such thing as infallible software or code.
Human beings make mistakes (especially when coding), and digital attackers can exploit those mistakes.
One of the main reasons that companies like Netgear are continuously rolling out new firmware patches and updates is because they are constantly finding new security holes and attack vectors, some of which are DDoS-based.
If you haven’t installed the latest updates, you’re just begging for trouble.
- Login to your router and visit the Netgear Support site.
- Type in the model number of your router.
- Download the newest firmware version for your router.
- In the router, choose Advanced, Administration, Firmware Update.
- Click choose file, then click the upload button.
Note: To log in to your router, you will need the administrator password you have personally configured. If you have lost your password, you may need to completely reset the router.
Step #2: Increase Bandwidth
You may also find it necessary to increase network bandwidth. Know that there are several different types of DDoS attacks.
Some DDoS attacks are designed to overwhelm an individual server or endpoint (such as a single videogame console or individual computer).
Other DDoS attacks against home users are designed to completely overwhelm network bandwidth or the connection to the ISP (i.e. a Netgear router), thereby shutting down the Internet for the entire home network.
However, some DDoS attacks are weaker than others and don’t have enough strength to cause enough congestion.
Increasing WAN and LAN Bandwidth
Increasing bandwidth makes DDoS attacks work that much harder to consume network bandwidth and could mitigate the efficacy of an attack.
The following outlines the basic steps to increase WAN bandwidth in your home:
- Research available ISPs in your area.
- Find a plan with a higher data rate.
- Cancel your old plan.
- Subscribe to a faster ISP.
The following outlines the basic steps to increase LAN bandwidth:
- Record your wireless router’s top speed.
- Record your wireless router’s wired speeds.
- Invest in a wireless router with greater throughput.
- Modern wireless routers use Gigabit Ethernet.
- Modern wireless routers use 802.11AC wireless.
Note: If your local area network sits behind a firewall (as it should) you have configured to secure your local network, WAN bandwidth is more important to upgrade because it is easier to target.
Step #3: Use Netgear Armor
One reason why I admire Netgear is that it seems to go above and beyond the bare minimum security features when compared to its competitors.
Any wireless router, no matter how cheap or expensive it is, will have inherent security features like a firewall.
And while it’s true that features like a firewall are a necessity and that they do increase security, inexpensive routers typically set a really low bar when it comes to defending against attacks.
Netgear, on the other hand, offers a comprehensive security service which, of course, guards against DDoS attacks, called Netgear Armor.
Netgear Armor Features and Benefits
You should know that Netgear Armor is a paid subscription service.
However, if you wanted to test the waters and try it before you buy it, Netgear generously offers a free trial service for 30-days.
Netgear Armor has many benefits, though the following are some of its main features:
- Advanced system scanning
- Network vulnerability assessment
- Admin rights protection
- Personalized protection score and recommendations
- Network vulnerability scanning
- Threat analysis and real-time notifications
- Endpoint, computer, and mobile device protection
- Bitdefender protection and VPN
- Automatic vulnerability checks
- DDoS protection
The following outlines the simple steps to activate the trial version of Netgear Armor
- Connect your smartphone to your Wi-Fi.
- Download and tap the Nighthawk or Orbi app.
- Press the security option and sign in.
- Press the activate button.
- Tap the security button to configure Netgear Armor.
Step #4: Ensure Port Scanning and DoS Protection Are Enabled
Netgear routers also have a configuration labeled, “Disable port scan and DoS protection.” If this feature is disabled, I would advise you to enable it.
Though the focus of this guide is DDoS protection (and not simple DoS) protection, the port scanning feature still applies to both.
A port scan is an attempt by an attacker to bombard a host with network traffic on numerous ports (a type of ‘shotgun’ style approach) to see what ports are open and available for a DDoS attack.
Ensure this feature is not disabled to better protect your network using the following steps:
- Login to your router.
- Click the Advanced tab.
- Click the Setup menu option.
- Click on WAN setup.
- Uncheck the “Disable port scan” option.
- Click Apply to save changes.
Step #5: Disable Ping Responses to External Sources
Most people have heard the term ‘ping’ before. For those who don’t know, a ping consists of two main ICMP (Internet Control Message Protocol) messages: an ICMP echo request and an ICMP echo reply.
Pings are frequently used to see if a host or device is active and if there is a fully functioning round-trip connection between two hosts.
Though pings aren’t dangerous by themselves, it is a best practice to disable them on your router’s external WAN (Wide Area Network) interface.
Allowing your router to respond to incoming pings, anyone on the Internet can ping your external WAN port, which makes it simple to identify your public IP address and, potentially, attack your network.
Use the following steps to disable ping echo replies on your Netgear router:
- Login to your router.
- Click the Advanced tab.
- Click the Setup menu option.
- Click on WAN setup.
- Uncheck the “respond to ping” option.
- Click Apply to save changes.
Read Next: What Is The Difference Between AP Mode And Bridge Mode?
Bottom Line
You should now have a good understanding of how to stop DDoS attacks on Netgear router.
Though it is unlikely you’ll be targeted by a world-class hacker (they usually have bigger fish to fry), it is still a possibility that someone will illegally launch an attack against you.
But using the aforementioned steps will decrease the likely attack, so you can connect to your network, game online, and browse the Internet with peace of mind.
Finn Wheatley holds a Master’s Degree in Computer Science from UCL, London. He helped small data science consultancy firms, helping large corporations to grow their data capabilities, deploy advanced machine learning-based analytics and troubleshoot tech-related issues. Check out more about him here.