Is anyone else running into DOS Attacks from Microsoft?

TheWhiteHouse1 · Nov 10, 2021

Occasionally when turning on my Xbox Series X, there will be a DOS attack. It's annoying as it causes connectivity across my whole network to go down. All of the attacks are seemingly coming from Microsoft servers (see some logs below):

[DoS attack: ACK Scan] (1) attack packets in last 20 sec from ip [52.96.46.66], Tuesday, Oct 26,2021 20:34:21

[DoS attack: ACK Scan] (1) attack packets in last 20 sec from ip [52.96.46.66], Tuesday, Oct 26,2021 13:17:00
[DoS attack: ACK Scan] (2) attack packets in last 20 sec from ip [52.96.166.146], Tuesday, Oct 26,2021 13:07:04
[DoS attack: ACK Scan] (1) attack packets in last 20 sec from ip [52.96.166.146], Tuesday, Oct 26,2021 12:44:58
[DoS attack: ACK Scan] (1) attack packets in last 20 sec from ip [52.96.188.146], Tuesday, Oct 26,2021 12:34:58
[DoS attack: ACK Scan] (1) attack packets in last 20 sec from ip [52.96.188.162], Tuesday, Oct 26,2021 12:31:16
[DoS attack: ACK Scan] (1) attack packets in last 20 sec from ip [52.96.18.2], Tuesday, Oct 26,2021 11:44:15
[DoS attack: ACK Scan] (2) attack packets in last 20 sec from ip [52.96.187.226], Tuesday, Oct 26,2021 11:26:41
[DoS attack: ACK Scan] (2) attack packets in last 20 sec from ip [52.96.187.226], Tuesday, Oct 26,2021 08:56:41
[DoS attack: ACK Scan] (2) attack packets in last 20 sec from ip [52.96.187.226], Tuesday, Oct 26,2021 08:53:52

[DoS attack: ACK Scan] (1) attack packets in last 20 sec from ip [40.91.112.76], Monday, Oct 25,2021 17:43:43

[DoS attack: ACK Scan] (1) attack packets in last 20 sec from ip [52.96.59.162], Monday, Oct 25,2021 16:53:41

Most of those logs are from this weekend but I've had it happen at least 5 times over the last 3ish months. This only occurs when turning on my Xbox Series X while connected to my wireless network. It also doesn't seem to happen when on Ethernet. I don't have another network that I can test against however, I have my Xbox One that does not have any issues when connected to the exact same network. I also do not have any issues when streaming any games (on my Xbox One, PC, or Mobile Device).

I chatted with a community member the other day and they made a few suggestions. They stated to clear a few of the networking options and try to manually set the DNS Servers. I did those things and only ran into more issues (like not being able to set up my wireless network again). They also suggested to reset the console (which I did) and that also didn't help (although I was able to connect to the network in the setup phase). I cannot always have my console wired in as it is not feasible logistics-wise for my home. I've been looking all over the internet for this and I can't seem to find anyone who is having the same issue. It seems like a recommendation is to contact my ISP (which I have also done) and they stated there is nothing wrong with my connection. Is there something wrong with the NIC in my Xbox? Do I need to send in my Xbox for repair?

Edit: Also, some background. I do have MAC filtering set up on my router. However, I don't have anything else advanced setup on my router.

:)

Nursemorph

Copy either ip into you address bar with a safe browserthat tells you all you need to know

It's only. 2 ips because it's a NUKE

Not a ddos

But how does a Nuke know when a console is connected via Wi-Fi? Surely if this was anything untoward it would happen on Ethernet as well? And the OP says it doesn't. Or are attacks so specific now that they will only target a device if it connects a certain way?

Clearly my network knowledge is zero as, going by everything I have read, this all reads like a series of false positives...after all, if someone were doing something untoward, why would it only happen once then not again for 10 minutes then happen again? I mean it's not like the OP is turning their console off and then turning it back on 10 minutes later (I presume)

If the OP is using a Netgear router, I'd definitely think it's false positives given those routers are renowned for it

SammyVS

Got it. After the recommendations that I and our other colleagues gave, does the problem persist?

ngocphi

Ita a targeted atrack

MS firewalls would block DOS or ddos coming in and out that's how and it's a liability

They dont use consumer grade firewalls

Any kinda attack like that would light up their firewalls and it wouldn't last very long

And you are only getting 2 convenient ips

Now if your firewalls or anti virus was doing announcement of attacks then no that would be a false positive

That's when you get out of date firewalls or free ones that don't understand gaming

And yes that's why you don't have antivirus on or worse a two way firewall

Spoofing an ip address with an trusted domain is common

You would be in a bad spot if they spoofed google

And if you try and blind connect it reports back as a attack vector not as a ms domain and yes I have blind connected it one of those ips

It a spoofed attack vector

Not a domain ip address

It's spoofed to make it look like it

Like I said the firewalls they use would detect and block incoming and outgoing

Don't even try it

If you connected it would light your firewall up like the fourth of july

And you wouldn't be able to connect to any ms site including this one that's how you would know

Farscape247

depends on the isp lease time setting, best to ring the isp and report, they can reset the ip to a new one and also log the attack for investigation (the correct route for this issue).

I would defo NOT put the xbox under DMZ, about time they remove that option for the average user.

SammyVS

Thanks. I believe he should not have a network with a fixed IP, I think resetting his modem/router will assign a new IP to his console.

Is anyone else running into DOS Attacks from Microsoft?