[SOLVED] WiFi dropping - seems related to suspicious external access

[Chuck Myers]

I have a few laptops involved here. Each seems to have different behavior which I think might help determine the problem.

• Windows 10 laptop with a wireless connection has been dropping unpredictably for several months. I have reviewed the Event Log, but found nothing useful that indicated a problem.
• Linux Mint 20 laptop (was running Windows 7, but recently decided to move to Linux rather than purchase a newer version of Windows). This one also has a wireless connection that drops unexpectedly. The interesting piece here is that the firewall reports connections coming from random IPs on ports like 53 (DNS) and 443 (HTTPS). It's also very suspicious that traffic is coming from 8.8.8.8 (Google's DNS server).
• Linux Mint 20 laptop with a hardwire connection. I see the suspicious traffic in the firewall logs on this machine also, but I haven't noticed any dropped connections.
• My work laptop (Windows 10 Enterprise) is hardwired and I normally don't notice any interruption when the Windows 10 wireless laptop has network issues. This might be because it is hardwired, or maybe it has firewall (or other) settings that are
• I have other wireless devices around the house that may be affected by this issue. My FireStick TV occasionally stops videos, and might be the same wireless drop.

The Linux Mint 20 wireless laptop is a recent change to my network (the issue has existed longer than this laptop has been around). When it started having similar issues to the Windows 10 wireless laptop, I started looking in the logs and saw some unexpected IPS (like 8.8.8.8) making requests on my machines.

 

[bill001g]

Unless you have a very strange setup it is not possible for machines on the internet like 8.8.8.8 to send unsolicited traffic to internal machines. This is purely because NAT is stupid and when it receives data and it does not what machine to send it to it just drops it. So unless you have dmz or port forwarding data can not get to your machine.

This means the data is either being spoofed or is a response of some kind to somethings you machine did.

Look at the mac address of the traffic. If it is being spoofed the mac address will give it away. If the mac is the router then you need to spend more time to find why your machine is requesting stuff.

Wireless drops are much more likely just simple interference and the session gets too many errors and resets.