Is my network getting inflitrated?

[superNESjoe]

Hey everyone, I'm pretty inexperienced when it comes to networking. I know all the basics but running into a problem like this I don't even know where to begin. Wall of text incoming, just want to be thorough.

About two weeks ago I started having this issue out of nowhere where my internet would drop for anywhere between 1-5 minutes at a time. This would happen once or so an hour, then several times an hour as the days went by. Sometimes it won't happen for half the day, then the remainder of the day it happens over 5 times an hour.

My ISP is Charter and we have a cable modem. They've been out here twice in the past week and replaced the modem. Neither times they could figure out the issue. When it goes out the modem itself loses connection. They looked through my network settings and found no issues there.

I'm using a Netgear WNDR3700v3. I have 2 PCs connected via Ethernet, 7 game consoles, two smartphones and an ipad have access to the WiFi. At peak hours we only have 4-5 devices actually using the internet however.

I've been looking at my router logs, and I'm seeing dozens of these messages back to back, within seconds of each other.
[LAN access from remote] from [IPADDRESS] to [IPADDRESS] Monday, Mar 23,2015 11:12:33

Then when it finally disconnects, it always looks like this.

[Internet connected] IP address: xxx, Monday, Mar 23,2015 11:37:45
[Internet connected] IP address: xxx, Monday, Mar 23,2015 11:37:35
[UPnP set event: Public_UPNP_C3] from source 192.168.1.9, Monday, Mar 23,2015 11:37:26
[Internet connected] IP address: xxx, Monday, Mar 23,2015 11:37:25
[Internet connected] IP address: xxx, Monday, Mar 23,2015 11:37:15
[DHCP IP: (xxx)] to MAC address 8C:CD:E8:E5:EF:37, Monday, Mar 23,2015 11:37:09
[WLAN access allowed] from MAC: 8C:CD:E8:E5:EF:37, Monday, Mar 23,2015 11:37:05
[Internet connected] IP address: xxx, Monday, Mar 23,2015 11:37:05
[Internet connected] IP address: xxx, Monday, Mar 23,2015 11:36:55
[UPnP set event: Public_UPNP_C3] from source 192.168.1.9, Monday, Mar 23,2015 11:36:54
[Internet disconnected] Monday, Mar 23,2015 11:36:52
[UPnP set event: Public_UPNP_C3] from source 192.168.1.9, Monday, Mar 23,2015 11:36:37
[WLAN access allowed] from MAC: 8C:CD:E8:E5:EF:37, Monday, Mar 23,2015 11:36:35
[UPnP set event: Public_UPNP_C3] from source 192.168.1.9, Monday, Mar 23,2015 11:36:22
[WLAN access allowed] from MAC: 8C:CD:E8:E5:EF:37, Monday, Mar 23,2015 11:36:05
[UPnP set event: Public_UPNP_C3] from source 192.168.1.9, Monday, Mar 23,2015 11:35:49
[WLAN access allowed] from MAC: 8C:CD:E8:E5:EF:37, Monday, Mar 23,2015 11:35:35
[UPnP set event: Public_UPNP_C3] from source 192.168.1.9, Monday, Mar 23,2015 11:35:05
[WLAN access allowed] from MAC: 8C:CD:E8:E5:EF:37, Monday, Mar 23,2015 11:35:05
[WLAN access allowed] from MAC: 8C:CD:E8:E5:EF:37, Monday, Mar 23,2015 11:34:35
[UPnP set event: Public_UPNP_C3] from source 192.168.1.9, Monday, Mar 23,2015 11:34:22
[WLAN access allowed] from MAC: 8C:CD:E8:E5:EF:37, Monday, Mar 23,2015 11:34:05
[UPnP set event: Public_UPNP_C3] from source 192.168.1.9, Monday, Mar 23,2015 11:33:50
[WLAN access allowed] from MAC: 8C:CD:E8:E5:EF:37, Monday, Mar 23,2015 11:33:35
[UPnP set event: Public_UPNP_C3] from source 192.168.1.9, Monday, Mar 23,2015 11:33:12
[WLAN access allowed] from MAC: 8C:CD:E8:E5:EF:37, Monday, Mar 23,2015 11:33:05
[WLAN access allowed] from MAC: 8C:CD:E8:E5:EF:37, Monday, Mar 23,2015 11:32:35
[UPnP set event: Public_UPNP_C3] from source 192.168.1.9, Monday, Mar 23,2015 11:32:27
[WLAN access allowed] from MAC: 8C:CD:E8:E5:EF:37, Monday, Mar 23,2015 11:32:05
[UPnP set event: Public_UPNP_C3] from source 192.168.1.9, Monday, Mar 23,2015 11:31:51
[WLAN access allowed] from MAC: 8C:CD:E8:E5:EF:37, Monday, Mar 23,2015 11:31:35
[UPnP set event: Public_UPNP_C3] from source 192.168.1.9, Monday, Mar 23,2015 11:31:12
[WLAN access allowed] from MAC: 8C:CD:E8:E5:EF:37, Monday, Mar 23,2015 11:31:05
[WLAN access allowed] from MAC: 8C:CD:E8:E5:EF:37, Monday, Mar 23,2015 11:30:35
[Admin login failure] from source xxx, Monday, Mar 23,2015 11:30:32


Apologies for the huge wall. Is something going on with my network? How can I determine if it's the ISP or my router, and am I being paranoid if I think I'm being infiltrated in some way? There are a lot of WLAN access allowed messages from a MAC address that isn't showing up on my list of attached devices.

 

[kanewolf]

The 8C:CD:E8 is a Nintendo connecting. My guess is the UPNP traffic is also from the Nintendo.

 

[AdviserKulikov]

I'd advise setting up MAC address filtering and a password on any private WiFi connection, regardless of what's going on in the logs. (I do realize that MAC filtering is a pain if you have many new devices entering the house, so it's alright if you don't do that. If you don't use MAC filtering, I suggest not broadcasting your network SSID)

 

[superNESjoe]

I'm gonna set up MAC address filtering now for sure. I just don't get why my internet is dropping so frequently when Charter adamantly says it's not on their end. I can't figure out what could be causing it on my end out of nowhere.

Also thanks for the Nintendo callout, nice to not worry about that anymore.

 

[g90814]

Make sure your security settings at the max possible.

WPA2 with AES is preferable,

Strong password.

Disable WPS unless you actually need to use it.

You should change your SSID names, and passwords.

Also be sure to disable management via wireless unless you have no way to connect via ethernet cable.

 

[kanewolf]

I'd advise setting up MAC address filtering and a password on any private WiFi connection, regardless of what's going on in the logs. (I do realize that MAC filtering is a pain if you have many new devices entering the house, so it's alright if you don't do that. If you don't use MAC filtering, I suggest not broadcasting your network SSID)

Not broadcasting the SSID creates problems more often than adding any security. MAC filtering can add a little security, but anybody that really wants to get onto your network can spoof a MAC address.

Use WPA2 and a strong password. Change passwords every 180 days.

 

[superNESjoe]

Remote Management isn't on. I use WPA2 and change my password and SSID frequently.

 

[igloo22]

You could also look to see if anyonelse is on you network by going to cmd and typing in netstat -aon and note any ips that are useing a port over 1023. By useing this comand you can moitor your network through your comand line.

 

[superNESjoe]

You could also look to see if anyonelse is on you network by going to cmd and typing in netstat -aon and note any ips that are useing a port over 1023. By useing this comand you can moitor your network through your comand line.

Would the port be the number on the far right? If so I'm seeing several 2068 and 4088 connections on TCP. It's coming from the IP address of my main computer.

 

[aylafan]

I had a similar problem, but not sure it's related to your situation. My internet connection would drop completely when I ran PS4 game updates, Netflix HD, and Hulu Plus at the same time. I am on 20/2mbps cable. When my download speeds reach 20mbps consistently for more than 10-15 minutes... my internet connection would drop completely and my cable modem would reboot. I solved this by buying a new router, flashing it with custom firmware, and limiting the max download speed to 85-90% with QoS. I never had the same problem again.

 

[superNESjoe]

I had a similar problem, but not sure it's related to your situation. My internet connection would drop completely when I ran PS4 game updates, Netflix HD, and Hulu Plus at the same time. I am on 20/2mbps cable. When my download speeds reach 20mbps consistently for more than 10-15 minutes... my internet connection would drop completely and my cable modem would reboot. I solved this by buying a new router, flashing it with custom firmware, and limiting the max download speed to 85-90% with QoS. I never had the same problem again.

Something to look into I suppose. The issue happens when I'm using Netflix or gaming, but it also seems to happen when I'm the only person in the house and I'm just browsing on the ipad.

 

[g90814]

Some suggestions:

1) try firmware update for router

2) flash DD-WRT firmware, it gives much more control, and tends to be more stable than stock firmware.

http://www.dd-wrt.com/wiki/index.php/Netgear_WNDR3700