Is this how a DOS-attack looks like in log?

[Poul Bak]

Yesterday I happened to log into my router and saw a huge CPU usage (about 90% on one core). I then looked in the log and found this. Is that a DOS-attack going on here?

Jul 8 22:04:14 kernel: net_ratelimit: 475 callbacks suppressed
Jul 8 22:04:19 kernel: net_ratelimit: 492 callbacks suppressed
Jul 8 22:04:24 kernel: net_ratelimit: 302 callbacks suppressed
Jul 8 22:04:29 kernel: net_ratelimit: 479 callbacks suppressed
Jul 8 22:04:34 kernel: net_ratelimit: 472 callbacks suppressed
Jul 8 22:04:43 kernel: net_ratelimit: 152 callbacks suppressed
Jul 8 22:04:48 kernel: net_ratelimit: 482 callbacks suppressed
Jul 8 22:04:58 kernel: net_ratelimit: 325 callbacks suppressed
Jul 8 22:05:03 kernel: net_ratelimit: 478 callbacks suppressed
Jul 8 22:05:13 kernel: net_ratelimit: 253 callbacks suppressed
Jul 8 22:05:18 kernel: net_ratelimit: 484 callbacks suppressed
Jul 8 22:05:28 kernel: net_ratelimit: 278 callbacks suppressed
Jul 8 22:05:33 kernel: net_ratelimit: 472 callbacks suppressed
Jul 8 22:05:44 kernel: net_ratelimit: 299 callbacks suppressed
Jul 8 22:05:49 kernel: net_ratelimit: 480 callbacks suppressed
Jul 8 22:05:54 kernel: net_ratelimit: 222 callbacks suppressed
Jul 8 22:05:59 kernel: net_ratelimit: 466 callbacks suppressed
Jul 8 22:06:04 kernel: net_ratelimit: 462 callbacks suppressed
Jul 8 22:06:09 kernel: net_ratelimit: 287 callbacks suppressed
Jul 8 22:06:14 kernel: net_ratelimit: 476 callbacks suppressed
Jul 8 22:06:20 kernel: net_ratelimit: 433 callbacks suppressed
Jul 8 22:06:28 kernel: net_ratelimit: 61 callbacks suppressed
Jul 8 22:06:33 kernel: net_ratelimit: 468 callbacks suppressed
Jul 8 22:06:43 kernel: net_ratelimit: 291 callbacks suppressed
Jul 8 22:06:48 kernel: net_ratelimit: 465 callbacks suppressed
Jul 8 22:06:58 kernel: net_ratelimit: 233 callbacks suppressed
Jul 8 22:07:03 kernel: net_ratelimit: 469 callbacks suppressed
Jul 8 22:07:13 kernel: net_ratelimit: 258 callbacks suppressed
Jul 8 22:07:18 kernel: net_ratelimit: 464 callbacks suppressed
Jul 8 22:07:29 kernel: net_ratelimit: 276 callbacks suppressed
Jul 8 22:07:34 kernel: net_ratelimit: 429 callbacks suppressed
Jul 8 22:07:39 kernel: net_ratelimit: 219 callbacks suppressed
Jul 8 22:07:44 kernel: net_ratelimit: 471 callbacks suppressed
Jul 8 22:07:49 kernel: net_ratelimit: 456 callbacks suppressed
Jul 8 22:07:54 kernel: net_ratelimit: 93 callbacks suppressed
Jul 8 22:07:59 kernel: net_ratelimit: 353 callbacks suppressed
Jul 8 22:08:04 kernel: net_ratelimit: 438 callbacks suppressed
Jul 8 22:08:13 kernel: net_ratelimit: 122 callbacks suppressed
Jul 8 22:08:18 kernel: net_ratelimit: 465 callbacks suppressed
Jul 8 22:08:28 kernel: net_ratelimit: 294 callbacks suppressed
Jul 8 22:08:33 kernel: net_ratelimit: 460 callbacks suppressed
Jul 8 22:08:43 kernel: net_ratelimit: 240 callbacks suppressed
Jul 8 22:08:48 kernel: net_ratelimit: 457 callbacks suppressed
Jul 8 22:08:58 kernel: net_ratelimit: 250 callbacks suppressed
Jul 8 22:09:04 kernel: net_ratelimit: 470 callbacks suppressed
Jul 8 22:09:16 kernel: net_ratelimit: 223 callbacks suppressed
Jul 8 22:09:24 kernel: net_ratelimit: 454 callbacks suppressed
Jul 8 22:09:29 kernel: net_ratelimit: 472 callbacks suppressed
Jul 8 22:09:34 kernel: net_ratelimit: 471 callbacks suppressed
Jul 8 22:09:39 kernel: net_ratelimit: 289 callbacks suppressed
Jul 8 22:09:44 kernel: net_ratelimit: 479 callbacks suppressed
Jul 8 22:09:49 kernel: net_ratelimit: 471 callbacks suppressed
Jul 8 22:09:58 kernel: net_ratelimit: 145 callbacks suppressed
Jul 8 22:10:03 kernel: net_ratelimit: 464 callbacks suppressed
Jul 8 22:10:13 kernel: net_ratelimit: 269 callbacks suppressed
Jul 8 22:10:19 kernel: net_ratelimit: 475 callbacks suppressed
Jul 8 22:10:28 kernel: net_ratelimit: 229 callbacks suppressed
Jul 8 22:10:33 kernel: net_ratelimit: 460 callbacks suppressed
Jul 8 22:10:43 kernel: net_ratelimit: 246 callbacks suppressed
Jul 8 22:10:48 kernel: net_ratelimit: 473 callbacks suppressed
Jul 8 22:10:56 kernel: net_ratelimit: 212 callbacks suppressed
Jul 8 22:11:01 kernel: net_ratelimit: 467 callbacks suppressed
Jul 8 22:11:06 kernel: net_ratelimit: 465 callbacks suppressed
Jul 8 22:11:17 kernel: net_ratelimit: 482 callbacks suppressed
Jul 8 22:11:23 kernel: net_ratelimit: 370 callbacks suppressed
Jul 8 22:11:28 kernel: net_ratelimit: 470 callbacks suppressed
Jul 8 22:11:33 kernel: net_ratelimit: 461 callbacks suppressed
Jul 8 22:11:43 kernel: net_ratelimit: 274 callbacks suppressed
Jul 8 22:11:48 kernel: net_ratelimit: 465 callbacks suppressed
Jul 8 22:11:58 kernel: net_ratelimit: 316 callbacks suppressed
Jul 8 22:12:03 kernel: net_ratelimit: 480 callbacks suppressed
Jul 8 22:12:13 kernel: net_ratelimit: 239 callbacks suppressed
Jul 8 22:12:18 kernel: net_ratelimit: 484 callbacks suppressed

 

[ColinTaylor]

Yesterday I happened to log into my router and saw a huge CPU usage (about 90% on one core). I then looked in the log and found this. Is that a DOS-attack going on here?

Probably not. Could be anything causing it really. For example,

https://www.snbforums.com/threads/net_ratelimit-issue-on-ac87-and-384-9.55222/#post-468108

 

[Davidncali001]

Yesterday I happened to log into my router and saw a huge CPU usage (about 90% on one core). I then looked in the log and found this. Is that a DOS-attack going on here?

Jul 8 22:04:14 kernel: net_ratelimit: 475 callbacks suppressed
Jul 8 22:04:19 kernel: net_ratelimit: 492 callbacks suppressed
Jul 8 22:04:24 kernel: net_ratelimit: 302 callbacks suppressed

I got some of those messages a few times when I was torrenting files. The way I got around it and made it so those messages stopped was to set the torrent client to REQUIRE ENCRYPTION, Instead of the default on all torrent clients which is ENCRYPTION PREFERRED.

 

[Poul Bak]

Probably not. Could be anything causing it really. For example,

https://www.snbforums.com/threads/net_ratelimit-issue-on-ac87-and-384-9.55222/#post-468108

In that thread, you suggest to turn 'DOS protection' OFF. Obviously I won't see any 'DOS attack' messages then.
Well, if it isn't a DOS attack, it's definitely a bug. We're talking about many thousands of calls (500 per second), no code should do that.
Now, I'm not really worried, after all the attacks are caught, I'm just curious.

@Davidncali001 : I wasn't doing anything at all, when I saw it, The only activity on the router was my login.

 

[ColinTaylor]

The net_ratelimit messages could be caused by a rogue device on your LAN rather than something on the WAN. If the messages are continuous it would be fairly easy to turn off each of your network clients until you find the troublesome device.

 

[eastavin]

I use one of the Legal torrents , yts tracker, and still have no messages.

Hi. Just wondering what makes yts a "legal torrent"? Many thanks if you can elaborate!