Question Odd Issue

Drew125

Distinguished
Nov 3, 2014
202
10
18,695
3
I need some assistance. I am working with someone on their home network. The internet will just quit completely. The router wont respond, no dhcp, ping, whole 9 yards. The router is brand new bought Saturday. The cable modem had to be replaced, which started this whole mess. Before changing the modem the modem/router combo would just stop 100%. When the system crashes it takes 30 minutes to get it back online. All seems connected and well it just wont respond. Ive reset it and reconfigured it. When it works it works well. It like some outside force is crashing the router and/or the modem. Ive fixed many network issues, this one has me stumped. Any ideas?
 
It like some outside force is crashing the router and/or the modem. Ive fixed many network issues, this one has me stumped. Any ideas?
It could well be something in the environment as opposed to any equipment and doubly so if you are trying to use WiFi to connect. I had one client who had recently moved and was having trouble with their home network. It turned out that it was erratic but they noticed it was more prevalent during Thanksgiving/Christmas holidays. We finally figured out tha traffic into a nearby airport was being rerouted and the airline radios were interferring with their WiFi because they were coming in faitly low over their house. They ended up just having to live with it until they moved. Luckily it wasn't all of the time. They did run a couple of hard wired network cables to help them out.

So it could be something in the environment around your location - but not necessarily airplane traffic. Think of anything that could interfere with the WiFi radios. More info: here
 

Drew125

Distinguished
Nov 3, 2014
202
10
18,695
3
It could well be something in the environment as opposed to any equipment and doubly so if you are trying to use WiFi to connect. I had one client who had recently moved and was having trouble with their home network. It turned out that it was erratic but they noticed it was more prevalent during Thanksgiving/Christmas holidays. We finally figured out tha traffic into a nearby airport was being rerouted and the airline radios were interferring with their WiFi because they were coming in faitly low over their house. They ended up just having to live with it until they moved. Luckily it wasn't all of the time. They did run a couple of hard wired network cables to help them out.

So it could be something in the environment around your location - but not necessarily airplane traffic. Think of anything that could interfere with the WiFi radios. More info: here
I am with you on this one. Can someone else's WIFI cause issue similar to this? Or too many signals bouncing around?
 
Does it only do this on wifi or does it also not respond when you connect ethernet to it.

Best to start troubleshooting with ethernet because wifi can cause you all kinds of strange issues and you can't tell if it is the wifi or something else.

I would also test with just 1 device connected and in the best case test with the wifi radios disabled and a single device connected via ethernet. This is to see if there is some issue between the devices.
 

Drew125

Distinguished
Nov 3, 2014
202
10
18,695
3
Does it only do this on wifi or does it also not respond when you connect ethernet to it.

Best to start troubleshooting with ethernet because wifi can cause you all kinds of strange issues and you can't tell if it is the wifi or something else.

I would also test with just 1 device connected and in the best case test with the wifi radios disabled and a single device connected via ethernet. This is to see if there is some issue between the devices.
When the router crashes even the ethernet wired network is dead. Its like the entire router quits. I was able to reach the router one time using a static ip. The router had a public ip from the ISP. When i released it it would not get it back. No client dhcp at all, and the router took forever to respond when it did not time out. And the kicker is the next reboot it was completely fine. It is still working. No lag nothing.
 
So you already replace the router and this one has the same issue as the old one ?

This is acting like a defective router. It is somewhat confusing from your post if your router has a modem in it. If it does you are kinda limited the ISP does the firmware. If it is a separate router I would do the standard check the firmware to see if there is newer. I would also factory reset it and set as little as possible, like passwords and not much else.
 

kanewolf

Titan
Moderator
When the router crashes even the ethernet wired network is dead. Its like the entire router quits. I was able to reach the router one time using a static ip. The router had a public ip from the ISP. When i released it it would not get it back. No client dhcp at all, and the router took forever to respond when it did not time out. And the kicker is the next reboot it was completely fine. It is still working. No lag nothing.
What do the LEDs on the router show when it dies? It could be a power problem. Outlet could be bad.
 

Ralston18

Titan
Moderator
And I will ask about the router's logs - if logs are available and enabled.

Make and model router?

The router's logs may be capturing some error or problem. Or provide some additional and relevant insight to the problem.
 

Drew125

Distinguished
Nov 3, 2014
202
10
18,695
3
The network goes as follows
ISP Modem only --> Router (192.168.1.1) (Dhcp x.100 - 200)
The modem is a cable modem.

The router is a Netgear R6260. When i reboot the router the logs are lost, only the current boot logs are available. All Led lights are on as they should be. Looking at the lights the system appears to be functioning but its not. The issue is so random im not sure what could be the cause. Unless a network client is causing some type of broadcast storm basically doing an internal ddos. Ive seen the issue first hand. The network works fine all traffic flows then suddenly it just stops. 192.168.1.1 does not ping. All websites wont load as the default gateway is not responding. the website for the router wont load. And a reboot fixes the whole issue this time it might work for a whole day or more.
 
Last edited:

Drew125

Distinguished
Nov 3, 2014
202
10
18,695
3
Somehow I don't know how the issue has gone away as mysterious as it started. No Idea what the problem was. The only information i have is the ISP said they found records where the modem was having issues when we called. Since then its been stable, the ISP came out and checked their equipment and said everything is ok just a long record of their equipment dropping. They are monitoring it. The speed test prior to calling them was 600 Mbs on cable. After calling its 400 Mbs. I think the modem was getting too strong of a signal causing the power to overload the system. Nothing else makes any sense.
 
Last edited:
Dec 1, 2021
10
0
20
1
Take a look at this:
https://community.netgear.com/t5/General-WiFi-Routers-Non/AC1600-R6260-loses-internet-connection/m-p/1933011#M141373

Someone there fixed a similar problem to what you are having by putting the router into WAP mode. It seems like there is an issue with that router handling DHCP. If possible, try to put the router into WAP mode and let your modem handle DHCP and see if the issue stops.

I'm not sure that your issue is the same as theirs, but that might be a good thing to try.
 

Drew125

Distinguished
Nov 3, 2014
202
10
18,695
3
I found the issue. Someone is DDOS ing the network See logs

[DoS attack: TCP Port Scan] from source: 89.248.165.39:50835 Saturday, December 11,2021 14:27:13
[DoS attack: ACK Scan] from source: 170.33.96.57:443 Saturday, December 11,2021 14:21:31
[DoS attack: ACK Scan] from source: 168.119.232.76:443 Saturday, December 11,2021 14:06:13
[DoS attack: ACK Scan] from source: 35.169.10.137:443 Saturday, December 11,2021 13:46:56
[DoS attack: ACK Scan] from source: 170.33.96.57:15808 Saturday, December 11,2021 13:33:29
[DoS attack: ACK Scan] from source: 31.13.88.1:443 Saturday, December 11,2021 13:16:58
[DoS attack: ACK Scan] from source: 170.33.96.57:15808 Saturday, December 11,2021 13:09:33
[DoS attack: ACK Scan] from source: 35.224.222.39:80 Saturday, December 11,2021 12:44:29

[DoS attack: ACK Scan] from source: 23.22.76.98:443 Saturday, December 11,2021 20:34:02
[admin login] from source 192.168.1.100 Saturday, December 11,2021 20:34:01
[admin login failure] from source 192.168.1.100 Saturday, December 11,2021 20:33:55
[DoS attack: ACK Scan] from source: 34.226.253.187:443 Saturday, December 11,2021 20:33:41
[DoS attack: ACK Scan] from source: 52.119.197.116:443 Saturday, December 11,2021 20:33:07
[DoS attack: ACK Scan] from source: 142.250.105.94:443 Saturday, December 11,2021 20:32:47
[DHCP IP: (192.168.1.112)] to MAC address 68:14:01:99:B6:91 Saturday, December 11,2021 20:32:27
[DoS attack: ACK Scan] from source: 108.177.122.94:443 Saturday, December 11,2021 20:32:27
[DoS attack: ACK Scan] from source: 18.64.237.199:443 Saturday, December 11,2021 20:32:06
[DoS attack: ACK Scan] from source: 34.206.58.165:443 Saturday, December 11,2021 20:31:41
[DoS attack: ACK Scan] from source: 54.68.229.105:8886 Saturday, December 11,2021 20:31:15
[DoS attack: ACK Scan] from source: 54.68.229.105:8886 Saturday, December 11,2021 20:30:53
[Time synchronized with NTP server time-a.netgear.com] Saturday, December 11,2021 20:30:38
[DoS attack: ACK Scan] from source: 54.68.229.105:8886 Saturday, December 11,2021 20:30:32
[DoS attack: ACK Scan] from source: 3.209.114.108:443 Saturday, December 11,2021 20:30:32
[DoS attack: ACK Scan] from source: 3.94.237.204:443 Saturday, December 11,2021 20:30:30
[Internet connected] IP address: 67.197.3.61 Saturday, December 11,2021 20:30:20
[Internet disconnected] Saturday, December 11,2021 20:30:18
[Internet connected] IP address: 192.168.100.11 Saturday, December 11,2021 20:29:34
[DHCP IP: (192.168.1.100)] to MAC address F4:8E:38:98:FD:E6 Saturday, December 11,2021 20:29:22
[Internet disconnected] Saturday, December 11,2021 20:28:44
[Time synchronized with NTP server time-a.netgear.com] Saturday, December 11,2021 20:28:15
[DoS attack: ACK Scan] from source: 13.73.252.131:443 Saturday, December 11,2021 20:28:10
[DoS attack: ACK Scan] from source: 13.73.252.131:443 Saturday, December 11,2021 20:28:05
[Internet connected] IP address: 67.197.3.61 Saturday, December 11,2021 20:27:57
[Internet disconnected] Saturday, December 11,2021 20:27:55
[Internet connected] IP address: 192.168.100.11 Saturday, December 11,2021 20:27:12
[Internet disconnected] Saturday, December 11,2021 20:26:38
[Internet connected] IP address: 67.197.3.61 Saturday, December 11,2021 20:26:21
[Internet disconnected] Saturday, December 11,2021 20:25:21
[DHCP IP: (192.168.1.104)] to MAC address 5A:4B:D6:D6:0C:5F Saturday, December 11,2021 20:23:35
[DoS attack: ACK Scan] from source: 168.119.232.76:443 Saturday, December 11,2021 20:18:34
[DoS attack: ACK Scan] from source: 95.217.31.46:443 Saturday, December 11,2021 19:47:39
[DoS attack: ACK Scan] from source: 52.94.242.249:443 Saturday, December 11,2021 19:04:36
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 19:01:14
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:58:52
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:57:08
[DHCP IP: (192.168.1.105)] to MAC address 9A:12:AF:A6:DC:1B Saturday, December 11,2021 18:54:22
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:53:03
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:51:00
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:48:38
[DHCP IP: (192.168.1.104)] to MAC address 5A:4B:D6:D6:0C:5F Saturday, December 11,2021 18:43:31
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:34:11
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:27:59
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:27:35
[DHCP IP: (192.168.1.104)] to MAC address 5A:4B:D6:D6:0C:5F Saturday, December 11,2021 18:26:04
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:25:56
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:25:32
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:23:54
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:23:29
[DoS attack: ACK Scan] from source: 54.239.27.11:443 Saturday, December 11,2021 18:20:36
[DoS attack: ACK Scan] from source: 3.94.40.55:80 Saturday, December 11,2021 18:20:00
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:19:23
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:17:12
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:14:35
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:14:08
[DHCP IP: (192.168.1.104)] to MAC address 5A:4B:D6:D6:0C:5F Saturday, December 11,2021 18:12:35
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:12:32
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:12:05
[DHCP IP: (192.168.1.108)] to MAC address 56:8D:90:69:79:B8 Saturday, December 11,2021 18:11:17
[DoS attack: ACK Scan] from source: 52.177.138.113:443 Saturday, December 11,2021 18:10:26
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 18:10:03
[DHCP IP: (192.168.1.105)] to MAC address 9A:12:AF:A6:DC:1B Saturday, December 11,2021 18:09:38
[DoS attack: ACK Scan] from source: 32.65.199.54:8080 Saturday, December 11,2021 18:09:16
[DoS attack: ACK Scan] from source: 40.70.161.7:443 Saturday, December 11,2021 18:06:35
[DHCP IP: (192.168.1.111)] to MAC address 00:22:75:5C:A7:97 Saturday, December 11,2021 18:06:23
[DHCP IP: (192.168.1.104)] to MAC address 5A:4B:D6:D6:0C:5F Saturday, December 11,2021 18:06:18
[DHCP IP: (192.168.1.106)] to MAC address 0A:63:50:04:17:3C Saturday, December 11,2021 18:03:51
[DHCP IP: (192.168.1.111)] to MAC address 00:22:75:5C:A7:97 Saturday, December 11,2021 17:59:01
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 17:58:42
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 17:56:40
[DoS attack: ACK Scan] from source: 18.210.58.193:80 Saturday, December 11,2021 17:55:56
[DHCP IP: (192.168.1.102)] to MAC address 9C:3D:CF:90:FC:4A Saturday, December 11,2021 17:55:12
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 17:54:37
[DHCP IP: (192.168.1.106)] to MAC address 0A:63:50:04:17:3C Saturday, December 11,2021 17:54:29
[DoS attack: ACK Scan] from source: 17.36.196.137:443 Saturday, December 11,2021 17:53:04
[DHCP IP: (192.168.1.104)] to MAC address 5A:4B:D6:D6:0C:5F Saturday, December 11,2021 17:52:36
[DoS attack: ACK Scan] from source: 17.253.6.85:443 Saturday, December 11,2021 17:52:05
[DoS attack: ACK Scan] from source: 17.253.119.201:443 Saturday, December 11,2021 17:51:43
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 17:51:19
[DHCP IP: (192.168.1.108)] to MAC address 56:8D:90:69:79:B8 Saturday, December 11,2021 17:50:59
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 17:50:31
[DoS attack: ACK Scan] from source: 151.101.206.73:443 Saturday, December 11,2021 17:49:43
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 17:49:17
[DHCP IP: (192.168.1.106)] to MAC address 0A:63:50:04:17:3C Saturday, December 11,2021 17:48:50
[DoS attack: ACK Scan] from source: 151.101.130.219:443 Saturday, December 11,2021 17:48:17
[DoS attack: ACK Scan] from source: 17.253.6.85:443 Saturday, December 11,2021 17:47:49
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 17:47:28
[DoS attack: ACK Scan] from source: 31.13.88.1:80 Saturday, December 11,2021 17:44:37
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 17:44:16
[DHCP IP: (192.168.1.104)] to MAC address 5A:4B:D6:D6:0C:5F Saturday, December 11,2021 17:43:51
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 17:42:13
[DHCP IP: (192.168.1.104)] to MAC address 5A:4B:D6:D6:0C:5F Saturday, December 11,2021 17:40:24
[DoS attack: ACK Scan] from source: 67.202.105.21:443 Saturday, December 11,2021 17:40:02
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 17:36:31
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 17:36:04
[DHCP IP: (192.168.1.107)] to MAC address 00:25:4B🇧🇩C2:C4 Saturday, December 11,2021 17:35:33
[DoS attack: ACK Scan] from source: 54.159.144.239:443 Saturday, December 11,2021 17:35:18
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 17:34:28
[DHCP IP: (192.168.1.100)] to MAC address F4:8E:38:98:FD:E6 Saturday, December 11,2021 17:34:03
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 17:33:28
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 17:32:25
[DHCP IP: (192.168.1.107)] to MAC address 00:25:4B🇧🇩C2:C4 Saturday, December 11,2021 17:31:39
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 17:31:27
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 17:29:24
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 17:28:15
[DHCP IP: (192.168.1.104)] to MAC address 5A:4B:D6:D6:0C:5F Saturday, December 11,2021 17:28:10
[DHCP IP: (192.168.1.108)] to MAC address 56:8D:90:69:79:B8 Saturday, December 11,2021 17:27:53
[DHCP IP: (192.168.1.104)] to MAC address 5A:4B:D6:D6:0C:5F Saturday, December 11,2021 17:27:04
[DoS attack: ACK Scan] from source: 38.83.169.4:8080 Saturday, December 11,2021 17:26:57
[DHCP IP: (192.168.1.106)] to MAC address 0A:63:50:04:17:3C Saturday, December 11,2021 17:26:41
[DoS attack: ACK Scan] from source: 38.83.169.4:8080 Saturday, December 11,2021 17:25:18
[DoS attack: ACK Scan] from source: 209.213.20.42:8080 Saturday, December 11,2021 17:24:46
[DoS attack: ACK Scan] from source: 206.74.60.54:8080 Saturday, December 11,2021 17:24:03
[DoS attack: ACK Scan] from source: 38.83.169.4:8080 Saturday, December 11,2021 17:23:42
[DoS attack: ACK Scan] from source: 31.13.65.52:443 Saturday, December 11,2021 17:23:22
[DHCP IP: (192.168.1.110)] to MAC address 00:25:00:42:F2:26 Saturday, December 11,2021 17:20:34
[admin login failure] from source 192.168.1.110 Saturday, December 11,2021 17:19:41
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 17:18:12
[DHCP IP: (192.168.1.110)] to MAC address 00:25:00:42:F2:26 Saturday, December 11,2021 17:17:53
[DoS attack: ACK Scan] from source: 40.70.161.7:443 Saturday, December 11,2021 17:15:25
[DoS attack: ACK Scan] from source: 17.36.196.145:443 Saturday, December 11,2021 17:14:56
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 17:14:02
[DoS attack: ACK Scan] from source: 17.253.15.208:80 Saturday, December 11,2021 17:13:10
[DoS attack: ACK Scan] from source: 151.101.206.73:443 Saturday, December 11,2021 17:12:21
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 17:12:00
[DHCP IP: (192.168.1.105)] to MAC address 9A:12:AF:A6:DC:1B Saturday, December 11,2021 17:11:59
[DHCP IP: (192.168.1.106)] to MAC address 0A:63:50:04:17:3C Saturday, December 11,2021 17:11:37
[DHCP IP: (192.168.1.105)] to MAC address 9A:12:AF:A6:DC:1B Saturday, December 11,2021 17:11:01
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 17:10:57
[DHCP IP: (192.168.1.106)] to MAC address 0A:63:50:04:17:3C Saturday, December 11,2021 17:10:35
[DHCP IP: (192.168.1.104)] to MAC address 5A:4B:D6:D6:0C:5F Saturday, December 11,2021 17:09:53
[DoS attack: ACK Scan] from source: 40.133.83.82:8080 Saturday, December 11,2021 17:09:28
[DoS attack: ACK Scan] from source: 108.177.122.132:443 Saturday, December 11,2021 17:09:08
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 17:06:52
[DoS attack: ACK Scan] from source: 151.101.66.219:443 Saturday, December 11,2021 17:06:29
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 17:05:14
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 17:04:49
[DoS attack: ACK Scan] from source: 151.101.2.133:443 Saturday, December 11,2021 17:03:32
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 17:03:11
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 17:02:46
[DHCP IP: (192.168.1.106)] to MAC address 0A:63:50:04:17:3C Saturday, December 11,2021 17:01:11
[DoS attack: ACK Scan] from source: 52.94.243.11:443 Saturday, December 11,2021 17:00:16
[DoS attack: ACK Scan] from source: 151.101.2.219:443 Saturday, December 11,2021 16:57:15
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 16:56:54
[DoS attack: ACK Scan] from source: 17.253.7.204:443 Saturday, December 11,2021 16:56:30
[DoS attack: ACK Scan] from source: 208.104.203.26:8080 Saturday, December 11,2021 16:55:33
[DHCP IP: (192.168.1.106)] to MAC address 0A:63:50:04:17:3C Saturday, December 11,2021 16:55:26
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 16:55:00
[DoS attack: ACK Scan] from source: 208.104.203.26:8080 Saturday, December 11,2021 16:54:36
[DHCP IP: (192.168.1.108)] to MAC address 56:8D:90:69:79:B8 Saturday, December 11,2021 16:54:33
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 16:53:50
[DHCP IP: (192.168.1.106)] to MAC address 0A:63:50:04:17:3C Saturday, December 11,2021 16:53:31
[DHCP IP: (192.168.1.109)] to MAC address 56:50:05:91:E7:76 Saturday, December 11,2021 16:53:01
[DHCP IP: (192.168.1.109)] to MAC address 56:50:05:91:E7:76 Saturday, December 11,2021 16:52:37
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 16:51:56
[DoS attack: ACK Scan] from source: 151.101.2.219:443 Saturday, December 11,2021 16:51:27
[DHCP IP: (192.168.1.104)] to MAC address 5A:4B:D6:D6:0C:5F Saturday, December 11,2021 16:50:45
[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 16:50:24
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 16:49:53
[DHCP IP: (192.168.1.109)] to MAC address 56:50:05:91:E7:76 Saturday, December 11,2021 16:49:45
[DHCP IP: (192.168.1.102)] to MAC address 9C:3D:CF:90:FC:4A Saturday, December 11,2021 16:49:12
[DHCP IP: (192.168.1.103)] to MAC address 1A:56:D1:DB:9B:AC Saturday, December 11,2021 16:49:02
[DHCP IP: (192.168.1.103)] to MAC address 1A:56:D1:DB:9B:AC Saturday, December 11,2021 16:48:15
[DoS attack: ACK Scan] from source: 208.104.203.26:8080 Saturday, December 11,2021 16:45:04
[DHCP IP: (192.168.1.104)] to MAC address 5A:4B:D6:D6:0C:5F Saturday, December 11,2021 16:44:54
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 16:44:44
[DHCP IP: (192.168.1.108)] to MAC address 56:8D:90:69:79:B8 Saturday, December 11,2021 16:44:43
[DHCP IP: (192.168.1.106)] to MAC address 0A:63:50:04:17:3C Saturday, December 11,2021 16:44:40
[DoS attack: ACK Scan] from source: 208.104.86.209:443 Saturday, December 11,2021 16:44:06
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 16:43:44
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 16:42:41
[DHCP IP: (192.168.1.106)] to MAC address 0A:63:50:04:17:3C Saturday, December 11,2021 16:42:17
[DHCP IP: (192.168.1.105)] to MAC address 9A:12:AF:A6:DC:1B Saturday, December 11,2021 16:41:39
[DHCP IP: (192.168.1.103)] to MAC address 1A:56:D1:DB:9B:AC Saturday, December 11,2021 16:41:08
[DoS attack: ACK Scan] from source: 40.70.161.102:443 Saturday, December 11,2021 16:40:35
[DHCP IP: (192.168.1.104)] to MAC address 5A:4B:D6:D6:0C:5F Saturday, December 11,2021 16:39:16
[DHCP IP: (192.168.1.108)] to MAC address 56:8D:90:69:79:B8 Saturday, December 11,2021 16:38:55
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 16:38:27
[DHCP IP: (192.168.1.105)] to MAC address 9A:12:AF:A6:DC:1B Saturday, December 11,2021 16:38:16
[DoS attack: ACK Scan] from source: 52.3.188.69:443 Saturday, December 11,2021 16:38:02
[DoS attack: ACK Scan] from source: 68.67.178.10:443 Saturday, December 11,2021 16:37:36
[DoS attack: ACK Scan] from source: 208.104.203.26:8080 Saturday, December 11,2021 16:37:15
[DoS attack: ACK Scan] from source: 34.233.79.31:443 Saturday, December 11,2021 16:36:49
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday, December 11,2021 16:36:24
[Time synchronized with NTP server time-a.netgear.com] Saturday, December 11,2021 16:35:36
[DHCP IP: (192.168.1.100)] to MAC address F4:8E:38:98:FD:E6 Saturday, December 11,2021 16:35:20
[Internet connected] IP address: 67.197.3.61 Saturday, December 11,2021 16:35:17
[Internet disconnected] Saturday, December 11,2021 16:35:15
[Internet connected] IP address: 192.168.100.11 Saturday, December 11,2021 16:34:32
[DHCP IP: (192.168.1.107)] to MAC address 00:25:4B🇧🇩C2:C4 Saturday, December 11,2021 16:34:25
[Internet disconnected] Saturday, December 11,2021 16:19:46
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:37
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:37
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:37
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:36
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:36
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:36
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:36
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:36
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:36
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:36
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:35
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:35
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:35
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:35
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:34
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:34
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:34
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:34
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:34
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:34
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:33
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:32
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:32
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:32
[DoS attack: IP Spoofing Attack] from source: 192.168.1.100 Saturday, December 11,2021 16:19:31
[DoS attack: ACK Scan] from source: 23.192.93.50:443 Saturday, December 11,2021 16:19:26
[DoS attack: ACK Scan] from source: 74.125.21.188:5228 Saturday, December 11,2021 16:18:44
[DoS attack: ACK Scan] from source: 54.172.100.242:443 Saturday, December 11,2021 16:18:23
[DoS attack: ACK Scan] from source: 34.102.149.62:443 Saturday, December 11,2021 16:17:41
[DoS attack: ACK Scan] from source: 151.101.66.219:443 Saturday, December 11,2021 16:17:21
[DoS attack: ACK Scan] from source: 151.101.206.248:443 Saturday, December 11,2021 16:16:57
[DoS attack: ACK Scan] from source: 52.41.252.32:443 Saturday, December 11,2021 16:16:36
[DoS attack: ACK Scan] from source: 54.204.178.109:443 Saturday, December 11,2021 16:16:13
[DoS attack: ACK Scan] from source: 151.101.2.219:443 Saturday, December 11,2021 16:15:50
[DoS attack: ACK Scan] from source: 151.101.66.219:443 Saturday, December 11,2021 16:15:29
[DoS attack: ACK Scan] from source: 209.213.20.42:8080 Saturday, December 11,2021 16:15:09
[DoS attack: ACK Scan] from source: 151.101.2.133:443 Saturday, December 11,2021 16:14:48
[DoS attack: ACK Scan] from source: 74.125.138.156:443 Saturday, December 11,2021 16:14:27
[DoS attack: ACK Scan] from source: 54.204.178.109:443 Saturday, December 11,2021 16:14:06
[DoS attack: ACK Scan] from source: 72.21.91.29:80 Saturday, December 11,2021 16:13:45
[DoS attack: ACK Scan] from source: 108.177.122.94:443 Saturday, December 11,2021 16:13:25
[Time synchronized with NTP server time-a.netgear.com] Saturday, December 11,2021 16:13:10
[DoS attack: ACK Scan] from source: 69.173.151.100:443 Saturday, December 11,2021 16:13:04
[admin login] from source 192.168.1.100 Saturday, December 11,2021 16:13:03
[Internet connected] IP address: 67.197.3.61 Saturday, December 11,2021 16:12:52
[Internet disconnected] Saturday, December 11,2021 16:12:45
[DoS attack: ACK Scan] from source: 208.104.203.26:8080 Saturday, December 11,2021 16:11:50
[DHCP IP: (192.168.1.106)] to MAC address 0A:63:50:04:17:3C Saturday, December 11,2021 16:10:03
[DoS attack: ACK Scan] from source: 17.253.21.201:443 Saturday, December 11,2021 16:07:47
[DHCP IP: (192.168.1.106)] to MAC address 0A:63:50:04:17:3C Saturday, December 11,2021 16:07:21
[DoS attack: ACK Scan] from source: 40.70.161.7:443 Saturday, December 11,2021 16:07:02
[DoS attack: ACK Scan] from source: 96.16.60.22:443 Saturday, December 11,2021 16:05:29
[DHCP IP: (192.168.1.105)] to MAC address 9A:12:AF:A6:DC:1B Saturday, December 11,2021 16:04:46
[DHCP IP: (192.168.1.104)] to MAC address 5A:4B:D6:D6:0C:5F Saturday, December 11,2021 16:03:54
[DoS attack: ACK Scan] from source: 31.13.88.1:80 Saturday, December 11,2021 15:01:06
[DHCP IP: (192.168.1.100)] to MAC address F4:8E:38:98:FD:E6 Saturday, December 11,2021 14:52:16
[DoS attack: TCP Port Scan] from source: 89.248.165.39:50835 Saturday, December 11,2021 14:27:13
[DoS attack: ACK Scan] from source: 170.33.96.57:443 Saturday, December 11,2021 14:21:31
[DoS attack: ACK Scan] from source: 168.119.232.76:443 Saturday, December 11,2021 14:06:13
[DoS attack: ACK Scan] from source: 35.169.10.137:443 Saturday, December 11,2021 13:46:56
[DoS attack: ACK Scan] from source: 170.33.96.57:15808 Saturday, December 11,2021 13:33:29
[DoS attack: ACK Scan] from source: 31.13.88.1:443 Saturday, December 11,2021 13:16:58
[DoS attack: ACK Scan] from source: 170.33.96.57:15808 Saturday, December 11,2021 13:09:33
[DoS attack: ACK Scan] from source: 35.224.222.39:80 Saturday, December 11,2021 12:44:29


[DoS attack: ACK Scan] from source: 31.13.88.40:5222 Saturday, December 11,2021 20:43:27
[DoS attack: ACK Scan] from source: 31.13.65.34:443 Saturday,
 
In some ways it would be better if routers did not log this. Takes too much knowledge to know what really is a DDOS attack and what is just hackers scanning to try to find machines to exploit.

There is not enough traffic for this to be a DDOS attack. They are many seconds apart. A actually attack will attempt to overload your connection for long periods of time.

This is pretty much the standard scanning you see on many routers. There is nothing you can do about it anyway. All routers will drop this kind of traffic because of how NAT works, your just logs that it see this. You can not prevent the traffic from being sent to you.

The other strange one is the one from 192.168.1.100 That is more what a denial of service attack looks like but that is a internal IP on your lan I suspect. It could be some IP conflict between your devices. You can see the mac address the router thinks should own the IP in the log for DHCP.

If the device you have issues with is 192.168.1.100 then this could be your issue if another device is conflicting. It would only affect those 2 device not the router or other devices.
 

Drew125

Distinguished
Nov 3, 2014
202
10
18,695
3
In some ways it would be better if routers did not log this. Takes too much knowledge to know what really is a DDOS attack and what is just hackers scanning to try to find machines to exploit.

There is not enough traffic for this to be a DDOS attack. They are many seconds apart. A actually attack will attempt to overload your connection for long periods of time.

This is pretty much the standard scanning you see on many routers. There is nothing you can do about it anyway. All routers will drop this kind of traffic because of how NAT works, your just logs that it see this. You can not prevent the traffic from being sent to you.

The other strange one is the one from 192.168.1.100 That is more what a denial of service attack looks like but that is a internal IP on your lan I suspect. It could be some IP conflict between your devices. You can see the mac address the router thinks should own the IP in the log for DHCP.

If the device you have issues with is 192.168.1.100 then this could be your issue if another device is conflicting. It would only affect those 2 device not the router or other devices.
Thats the issue. The connection dropped, shortly after it dropped i found those logs. 1 or 2 would be a scan not that many. Its the entire network not just 1 or 2.
 
A most it send a ack pack for 65k worth of ports. Most these scan target less that 100 ports. It is a tiny amount of traffic and not even come close to using any significant bandwidth unless you had some tiny DSL connection.

It all doesn't matter there is nothing you can do to stop this. Even your ISP can not really stop this. This is why actual DDOS attacks can even take down large companies with enough traffic. The only way they fix this is to move to backup servers and hope the attackers do not then attack that server.

The condition you see is malware infected machines that are pretty much scanning every IP address on the internet. Many times if they find a machine with a hole they will load the malware to that machine and it also starts scanning for other machines.

If this traffic would actually crash your router, and you have already replaced the router all I can say is to try a different brand. Maybe try to turn off the firewall feature in the router. The router will then just discard the packets without logging them. Maybe it is the overhead of logging them that is causing the issues.
 

Drew125

Distinguished
Nov 3, 2014
202
10
18,695
3
That's my exact thought. If its just scans and it seems to be turn off DOS protection. The protection is eating the resources worse than an actual attack. I know why this network is being hit so hard. When the modem was replaced they plugged their pc directly into the modem for about 6 hours. The computer got the public ip address, no firewall, no NAT nothing. I bet that one scan picked up a few holes due to this and now they are hounding it. My hopes are that turning off Dos protection will make it stop crashing. The ISP made it clear they will not give us another dynamic ip. The only choice they gave was unplug the modem for 24 hours.
 
I have not read the manual for that router but I have seen options on other ones to turn off the router firewall. I never really understood what a firewall does on a consumer router. All the traffic is blocked by default and most router do not have any ability to attempt to open a session with the router itself from the wan side. You would have to turn option on that allow for example remote web access to the router configuration.
 

Drew125

Distinguished
Nov 3, 2014
202
10
18,695
3
I have not read the manual for that router but I have seen options on other ones to turn off the router firewall. I never really understood what a firewall does on a consumer router. All the traffic is blocked by default and most router do not have any ability to attempt to open a session with the router itself from the wan side. You would have to turn option on that allow for example remote web access to the router configuration.
Basically the consumer router firewall allows very basic port forwarding/triggering and prevents outside connections from just barging in. that's it. This router has a option to disable port scan and dos protection and keep the basic firewall up. So far fingers crossed logs look clear, no Dos entry's and no issues reported to me thus far.
 

ASK THE COMMUNITY

TRENDING THREADS