Matty XB1 Posted May 31, 2018 Share Posted May 31, 2018 Hi All, For the last two days I've been getting DDOS'd offline on my Xbox One X. (I play Call of Duty WW2 and my ranking encourages dislike from other players.) The first time it happened was at halftime during a game of domination. Since then, my console has been randomly losing internet connection. Below are logs from my XR500- does anyone have experience with this? Do I need to do a factory reset on my Xbox console? I've turned UPNP off for the time being, but I'm not sure if there are other settings I need to enable/disable on the XR500. [DoS Attack: SYN/ACK Scan] from source: 54.36.24.186, port 9987, Wednesday, May 30, 2018 13:30:49 [DoS Attack: SYN/ACK Scan] from source: 54.36.24.186, port 9987, Wednesday, May 30, 2018 13:43:09 [DHCP IP: 192.168.1.8] to MAC address 98:e0:d9:a2:ee:95, Wednesday, May 30, 2018 13:51:32 [DumaOS] DHCP new event., Wednesday, May 30, 2018 13:51:32 [DumaOS] DHCP new lease allocated., Wednesday, May 30, 2018 13:51:32 [internet connected] IP address: , Wednesday, May 30, 2018 14:36:13 [DHCP IP: 192.168.1.8] to MAC address 98:e0:d9:a2:ee:95, Wednesday, May 30, 2018 14:37:40 [DumaOS] DHCP new event., Wednesday, May 30, 2018 14:37:40 [DumaOS] DHCP lease change., Wednesday, May 30, 2018 14:37:40 [DoS Attack: SYN/ACK Scan] from source: 54.39.41.224, port 4444, Wednesday, May 30, 2018 15:20:31 [uPnP set event: del_nat_rule] from source 192.168.1.3, Wednesday, May 30, 2018 15:30:19 [uPnP set event: add_nat_rule] from source 192.168.1.3, Wednesday, May 30, 2018 15:34:56 [uPnP set event: del_nat_rule] from source 192.168.1.3, Wednesday, May 30, 2018 15:36:23 [uPnP set event: add_nat_rule] from source 192.168.1.3, Wednesday, May 30, 2018 15:36:26 [DoS Attack: SYN/ACK Scan] from source: 185.53.160.216, port 80, Wednesday, May 30, 2018 15:50:40 [DoS Attack: SYN/ACK Scan] from source: 54.39.41.224, port 4444, Wednesday, May 30, 2018 15:55:14 [DumaOS] Resync R-App store cloud, Wednesday, May 30, 2018 16:08:25 [DumaOS] HTTP download failed with code '404', Wednesday, May 30, 2018 16:08:25 [DumaOS] R-App store cloud sync failed, Wednesday, May 30, 2018 16:08:25 [DumaOS] Cloudsync DPI result 'false','All mirrors are down', Wednesday, May 30, 2018 16:09:09 [admin login] from source 192.168.1.2, Wednesday, May 30, 2018 16:25:43 [DHCP IP: 192.168.1.2] to MAC address cc:40:d0:43:0c:4d, Wednesday, May 30, 2018 16:43:39 [DumaOS] DHCP new event., Wednesday, May 30, 2018 16:43:39 [DumaOS] DHCP lease change., Wednesday, May 30, 2018 16:43:39 [WLAN access rejected: incorrect security] from MAC address 70:14:a6:46:d7:16, Wednesday, May 30, 2018 16:43:46 [DHCP IP: 192.168.1.6] to MAC address 1c:5c:f2:e1:28:89, Wednesday, May 30, 2018 16:43:46 [DumaOS] DHCP new event., Wednesday, May 30, 2018 16:43:46 [DumaOS] DHCP lease change., Wednesday, May 30, 2018 16:43:46 [WLAN access rejected: incorrect security] from MAC address 70:14:a6:46:d7:16, Wednesday, May 30, 2018 16:43:49 [WLAN access rejected: incorrect security] from MAC address 70:14:a6:46:d7:16, Wednesday, May 30, 2018 16:44:26 [WLAN access rejected: incorrect security] from MAC address 70:14:a6:46:d7:16, Wednesday, May 30, 2018 16:44:29 [WLAN access rejected: incorrect security] from MAC address 70:14:a6:46:d7:16, Wednesday, May 30, 2018 16:44:38 [WLAN access rejected: incorrect security] from MAC address 70:14:a6:46:d7:16, Wednesday, May 30, 2018 16:44:41 [DHCP IP: 192.168.1.3] to MAC address 2c:54:91:50:fb:d1, Wednesday, May 30, 2018 16:44:48 [DumaOS] DHCP new event., Wednesday, May 30, 2018 16:44:48 [DumaOS] DHCP lease change., Wednesday, May 30, 2018 16:44:48 [DHCP IP: 192.168.1.51] to MAC address 70:14:a6:46:d7:16, Wednesday, May 30, 2018 16:44:56 [DumaOS] DHCP new event., Wednesday, May 30, 2018 16:44:56 [DumaOS] DHCP lease change., Wednesday, May 30, 2018 16:44:56 [DHCP IP: 192.168.1.51] to MAC address 70:14:a6:46:d7:16, Wednesday, May 30, 2018 16:44:57 [DumaOS] DHCP new event., Wednesday, May 30, 2018 16:44:57 [DumaOS] DHCP lease change., Wednesday, May 30, 2018 16:44:57 [DHCP IP: 192.168.1.34] to MAC address cc:40:d0:43:0c:4d, Wednesday, May 30, 2018 16:51:06 [DumaOS] DHCP new event., Wednesday, May 30, 2018 16:51:06 [DumaOS] DHCP new lease allocated., Wednesday, May 30, 2018 16:51:06 [admin login] from source 192.168.1.34, Wednesday, May 30, 2018 16:51:09 [WLAN access rejected: incorrect security] from MAC address 70:14:a6:46:d7:16, Wednesday, May 30, 2018 16:51:12 [DHCP IP: 192.168.1.4] to MAC address 94:9a:a9:c3:2a:44, Wednesday, May 30, 2018 16:51:13 [DumaOS] DHCP new event., Wednesday, May 30, 2018 16:51:13 [DumaOS] DHCP lease change., Wednesday, May 30, 2018 16:51:13 [WLAN access rejected: incorrect security] from MAC address 70:14:a6:46:d7:16, Wednesday, May 30, 2018 16:51:15 [DHCP IP: 192.168.1.6] to MAC address 1c:5c:f2:e1:28:89, Wednesday, May 30, 2018 16:51:17 [DumaOS] DHCP new event., Wednesday, May 30, 2018 16:51:17 [DumaOS] DHCP lease change., Wednesday, May 30, 2018 16:51:17 [WLAN access rejected: incorrect security] from MAC address 70:14:a6:46:d7:16, Wednesday, May 30, 2018 16:51:35 [WLAN access rejected: incorrect security] from MAC address 70:14:a6:46:d7:16, Wednesday, May 30, 2018 16:51:38 [DHCP IP: 192.168.1.2] to MAC address 70:14:a6:46:d7:16, Wednesday, May 30, 2018 16:51:54 [DumaOS] DHCP new event., Wednesday, May 30, 2018 16:51:54 [DumaOS] DHCP new lease allocated., Wednesday, May 30, 2018 16:51:54 [DumaOS] Marking device that is marked 192.168.1.2 7 1., Wednesday, May 30, 2018 16:51:54 [DHCP IP: 192.168.1.254] to MAC address 2c:54:91:50:fb:d1, Wednesday, May 30, 2018 16:52:17 [DumaOS] DHCP new event., Wednesday, May 30, 2018 16:52:17 [DumaOS] DHCP new lease allocated., Wednesday, May 30, 2018 16:52:17 [DoS Attack: ARP Attack] from source: 192.168.1.3, Wednesday, May 30, 2018 17:03:27 Any help is greatly appreciated. Thank you! Link to comment Share on other sites More sharing options...
e38BimmerFN Posted May 31, 2018 Share Posted May 31, 2018 The router is reporting a attack coming in from the reported IP address from the WAN side. Doesn't mean it's pointed at your xbox. You maybe seeing some attack against the router. I would contact your ISP and ask them to help you get a new public IP address and also block any of those IP address as well seen listed for attacks. The router is probably blocking it and doing just that, reporting what it's seeing. Go to domaintools.com and look up whois for that IP address as well. I would reboot your ISP modem and router. After rebooting the modem, you should get a new IP address from your ISP. Set up a reserved IP address for the xbox. Give a new IP address and reserve it ON the router. What is the Mfr and model# if your ISP modem? Link to comment Share on other sites More sharing options...
Matty XB1 Posted May 31, 2018 Author Share Posted May 31, 2018 The router is reporting a attack coming in from the reported IP address from the WAN side. Doesn't mean it's pointed at your xbox. You maybe seeing some attack against the router. I would contact your ISP and ask them to help you get a new public IP address and also block any of those IP address as well seen listed for attacks. The router is probably blocking it and doing just that, reporting what it's seeing. Go to domaintools.com and look up whois for that IP address as well. I would reboot your ISP modem and router. After rebooting the modem, you should get a new IP address from your ISP. Set up a reserved IP address for the xbox. Give a new IP address and reserve it ON the router. What is the Mfr and model# if your ISP modem? Thank you e38BimmerFN for your quick response. The cable modem I use is the ASUS CM-16 DOCSIS 3.0 CableLabs-certified 16x4 Link to comment Share on other sites More sharing options...
e38BimmerFN Posted May 31, 2018 Share Posted May 31, 2018 Let us know how it goes with the ISP. Hopefully they can help you on this... Link to comment Share on other sites More sharing options...
Netduma Staff Netduma Jack Posted May 31, 2018 Netduma Staff Share Posted May 31, 2018 Hi, welcome to the forum! Those logs are for developers to look over in specific situations. Every XR500 router will display these types of logs (which look like DoS attacks). In reality, this is your router doing its job - it has a built in firewall and is displaying the prevention of such attacks. Every router in the world would show these kinds of events if they too had log files like the XR500. Most routers don't show you this information for this reason - it can be misinterpreted. It's more likely that your consoles are losing connection for other reasons. The way to stop DDoS attacks entirely is through a VPN though this is an extreme step. For now, try to narrow down the issue. Do you lose connection on any other devices? Have you tried switching the Ethernet cables between the XR500 and your consoles? Does this happen over WiFi, Wired or both? N3CR0 and BlindMeatShield 2 Link to comment Share on other sites More sharing options...
Matty XB1 Posted May 31, 2018 Author Share Posted May 31, 2018 Hi, welcome to the forum! Those logs are for developers to look over in specific situations. Every XR500 router will display these types of logs (which look like DoS attacks). In reality, this is your router doing its job - it has a built in firewall and is displaying the prevention of such attacks. Every router in the world would show these kinds of events if they too had log files like the XR500. Most routers don't show you this information for this reason - it can be misinterpreted. It's more likely that your consoles are losing connection for other reasons. The way to stop DDoS attacks entirely is through a VPN though this is an extreme step. For now, try to narrow down the issue. Do you lose connection on any other devices? Have you tried switching the Ethernet cables between the XR500 and your consoles? Does this happen over WiFi, Wired or both? Hi Jack! Thank you for your response. My girlfriend loses connection on her PS4 (also playing CoD WW2) at the same time but, those are the only devices to lose connection that I know of. After it happens, my profile will repeatedly attempt to sign in to Xbox Live without me doing anything. On the home screen, it will sign in and show that it's connected to the internet but then sign out a few moments later. This will continue until I reset the console which has been the only solution I've found for getting back online. I have not tried swapping Ethernet cables nor tried WiFi yet, but I'll test both tonight! Does any of what I described above sound familiar? Thanks again, Matt Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted May 31, 2018 Administrators Share Posted May 31, 2018 Okay well good news is you're not being DDoSed otherwise every device would go offline. It could be related to a bug we are tracking at the moment but doesn't have all the symptoms, could just be a PSN issue. I was signed out of PSN earlier as well. Let us know how you get on with the tests done tonight and we can go from there! Link to comment Share on other sites More sharing options...
e38BimmerFN Posted May 31, 2018 Share Posted May 31, 2018 I have two xbox consoles connected to my router. Here what I do, 1. Connect both of them and power them ON. 2. Go into the router and set up IP address reservations for both consoles. I use 192.168.#.198 and .199. My routers default IP address pool is 192.168.#.100 to .200. This leaves me room on each side of the pool for statics if needed. 3. Power OFF the consoles. I like to hold the power button on the xbox ones until they shut off. This does a warm reset on the console. 4. Enable uPnp. No Port Forwarding configurations are needed. I don't use them. 5. Set Nat Filter from Secure to Open. This is recommended for two or more game consoles online at the same time. Helps in getting OPEN NAT on the console and in game. Especially play same game across two consoles. 6. Make sure all settings on router are applied then do a full reboot of the router. 7. Power on 1st game console. Should have reserved IP address and check NAT status on the system dashboard. Then check nat status in game. Should be OPEN for both consoles. Link to comment Share on other sites More sharing options...
AsNCo Posted June 1, 2018 Share Posted June 1, 2018 Mind if I use this thread too?My log is the opposite of the TS's (thread starter) post. The log is too vague for me to know if it is an inside attack or an external one.The attack seems to be happening every 20 minutes. Below is just a slice of how it happens every 20 minutes in the log. [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:03:04 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:03:04 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:03:04 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:03:04 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:03:04 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:03:04 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:03:04 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:03:04 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:03:04 [DHCP IP: 192.168.1.102] to MAC address *************, Friday, June 01, 2018 13:15:06 [DumaOS] DHCP new event., Friday, June 01, 2018 13:15:06 [DumaOS] DHCP lease change., Friday, June 01, 2018 13:15:06 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:23:04 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:23:04 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:23:04 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:23:04 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:23:04 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:23:04 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:23:04 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:23:04 [DoS Attack: IP Spoofing] from source: 192.168.1.1, port 1900, Friday, June 01, 2018 13:23:04 So is this an internal or external attack?Also, if I were to place my PC in DMZ mode, I will at times get a notifications from my extremely reliable Eset Smart Security Anti-Virus of ARP Cache Poisoning Attacks (from IP addresses belonging to other users on my ISP network) and Port Scan attacks from China and France but mostly China. Time 5/1/2018 2:55:18 PM Event Detected ARP cache poisoning attack Source 000.00.000.000 Target 000.00.000.000 Protocol ARP Time 5/1/2018 3:04:28 PM Event Detected ARP cache poisoning attack Source 000.00.000.00 Target 000.00.000.000 Protocol ARP Time 5/1/2018 9:03:59 PM Event Detected Port Scanning attack Source 113.96.223.207:59838 Target 192.168.1.2:20010 Protocol TCP Time 5/3/2018 11:48:46 AM Event Detected Port Scanning attack Source 203.90.178.35:6000 Target 192.168.1.2:22433 Protocol TCP Time 5/3/2018 1:11:54 PM Event Detected Port Scanning attack Source 124.42.124.131:7944 Target 192.168.1.2:91 Protocol TCP(I replaced my local ISP WAN addresses with 0 zeroes for privacy reasons.) All these attacks are no longer popping up when I disable DMZ for my PC which means the router is doing its job. However, those logs above do not show any of these attacks as well as specific details of the attack and which specific local network it is attacking. This is after all for the safety of the Home Automation devices I have at home including one that has a camera and mic/speaker on the pet feeder.It would be very helpful in getting my ISP to deal with the issue especially the ARP Cache Poisoning from fellow ISP users who are either intentionally or unintentionally trying to get data off the internet stream. I want to do this while not exposing my PC to it again under DMZ mode since the router could tell it for me. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted June 1, 2018 Administrators Share Posted June 1, 2018 Just from looking online the responses are ranging from its nothing to worry about to you may have a virus/trojan/malware on one of your devices. So I'd do a scan on all devices just in case. Also in WAN Setup ensure both Disable Port Scan and DoS Protection & Respond to Ping on Internet Port are unticked. This particular entry is created by the Netgear part of the router so my knowledge on it is limited. Link to comment Share on other sites More sharing options...
AsNCo Posted June 1, 2018 Share Posted June 1, 2018 Just from looking online the responses are ranging from its nothing to worry about to you may have a virus/trojan/malware on one of your devices. So I'd do a scan on all devices just in case. Also in WAN Setup ensure both Disable Port Scan and DoS Protection & Respond to Ping on Internet Port are unticked. This particular entry is created by the Netgear part of the router so my knowledge on it is limited. Thanks for the useful tips. As I said before, the ARP Cache Poisoning is from a different WAN address but related to my ISP and definitely does not originate from one of my local IP addresses. Interestingly enough, when I connect my PC directly to the modem, my Anti-virus can map out a lot of WAN addresses on the network in my ISP's WAN pool. So far, I have yet gotten any attacks or snooping from my own local devices. So that's a good sign that the router has done a good job blocking the other devices in the network from being used by any attackers. Similarly I have not received any sort of network attacks ever since I turn off DMZ for my PC. Goes to show the router is doing well to block such things. Was just hoping I can use it to inform my ISP of irresponsible customers in the network trying to extract data from other users. But I do not want to risk my PC to the attacks directly like before even if my Anti-virus is reliable. Not to mention, the router can easily show even more details such as the attacks are for all devices in the network or to a specific device in the network so I can pin-point and isolate that device from being used for an intrusion. Nevertheless, thanks for answering. Too bad Netgear is not as open as Asus router's logs. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted June 1, 2018 Administrators Share Posted June 1, 2018 For the most part networks do get scanned a lot so it could just be that and nothing sinister at all. I don't really have anything else to advise, the router is definitely protecting you. I've got an idea for you, I'll PM. Link to comment Share on other sites More sharing options...
Matty XB1 Posted June 2, 2018 Author Share Posted June 2, 2018 Hi Fraser- I changed my IP address and this put a stop to all of the disconnects. However, it has begun happening again as of about 6 minutes ago. My Xbox was disconnected from Xbox Live, it connected once again, and I got booted two minutes later. I imagine this will continue happening if I don't shut off my Xbox...below are the logs showing DOS attacks at the exact times I'm kicked offline- [DoS Attack: ACK Scan] from source: 31.13.69.195, port 443, Friday, June 01, 2018 20:40:11 [uPnP set event: del_nat_rule] from source 192.168.1.59, Friday, June 01, 2018 20:40:14 [DumaOS] applying qos for zone wan, Friday, June 01, 2018 20:40:51 [DumaOS] applying qos for zone lan, Friday, June 01, 2018 20:40:52 [uPnP set event: add_nat_rule] from source 192.168.1.59, Friday, June 01, 2018 20:41:00 [DumaOS] applying qos for zone wan, Friday, June 01, 2018 20:41:42 [DumaOS] applying qos for zone lan, Friday, June 01, 2018 20:41:43 [DumaOS] applying qos for zone wan, Friday, June 01, 2018 20:41:53 [DumaOS] applying qos for zone lan, Friday, June 01, 2018 20:41:54 [DoS Attack: ACK Scan] from source: 31.13.69.195, port 443, Friday, June 01, 2018 20:42:11 [DumaOS] applying qos for zone wan, Friday, June 01, 2018 20:42:45 [DumaOS] applying qos for zone lan, Friday, June 01, 2018 20:42:45 Link to comment Share on other sites More sharing options...
Guest Killhippie Posted June 2, 2018 Share Posted June 2, 2018 Hi Fraser- I changed my IP address and this put a stop to all of the disconnects. However, it has begun happening again as of about 6 minutes ago. My Xbox was disconnected from Xbox Live, it connected once again, and I got booted two minutes later. I imagine this will continue happening if I don't shut off my Xbox...below are the logs showing DOS attacks at the exact times I'm kicked offline- [DoS Attack: ACK Scan] from source: 31.13.69.195, port 443, Friday, June 01, 2018 20:40:11 [uPnP set event: del_nat_rule] from source 192.168.1.59, Friday, June 01, 2018 20:40:14 [DumaOS] applying qos for zone wan, Friday, June 01, 2018 20:40:51 [DumaOS] applying qos for zone lan, Friday, June 01, 2018 20:40:52 [uPnP set event: add_nat_rule] from source 192.168.1.59, Friday, June 01, 2018 20:41:00 [DumaOS] applying qos for zone wan, Friday, June 01, 2018 20:41:42 [DumaOS] applying qos for zone lan, Friday, June 01, 2018 20:41:43 [DumaOS] applying qos for zone wan, Friday, June 01, 2018 20:41:53 [DumaOS] applying qos for zone lan, Friday, June 01, 2018 20:41:54 [DoS Attack: ACK Scan] from source: 31.13.69.195, port 443, Friday, June 01, 2018 20:42:11 [DumaOS] applying qos for zone wan, Friday, June 01, 2018 20:42:45 [DumaOS] applying qos for zone lan, Friday, June 01, 2018 20:42:45 The Dos attacks are constant but its just background noise mainly, there ars many services and constant port scans happening all the time. If you see them in your logs it means the firewall is doing its job. I would not worry, Netgear routers tend to sometimes show false flag attacks, but I get many over the day and have always on all routers I have had. You cant stop them and bots port scan all the time. They can come in batches or just the odd one here and there. Its really nothing to worry about. The only thing I saw in your logs was a device on WAN trying to connect 'WLAN access rejected: incorrect security] from MAC address 70:14:a6:46:d7:16, Wednesday, May 30, 2018 16:43:49' I had that when a friend across the road had a old blu-ray player of mine and had not wiped the thing properly (I forgot to) so it kept trying to connect to my network. I just changed my SSID's and I use a 63 character ASCII password for wifi (over the top but better safe than sorry) then those attempts to connect stopped, if you know the IP of that device then maybe its just got the wrong password to your wifi network. If not maybe some cheeky git is trying to get onto your network. Make sure you change the original SSID and password of you router for your networks, use a password of about 12-16 characters. Use something random and make sure you keep a copy safely, same with the SSID make it unique so somebody wont try to connect to it by accident. Never leave it as Netgear** that's asking for trouble. As to the attacks don't worry, they will happen every day for as long as you are online, its the internet at work and your firewall is doing its job just fine. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted June 2, 2018 Administrators Share Posted June 2, 2018 Would reiterate the above. Also that IP address is from Facebook using HTTPS, so nothing malicious going on causing you to be disconnected in the slightest, no one is DDoSing you. I'd replace your ethernet cable to see if that resolves it. If using WiFi could be interference and would highly suggest switching to wired. Link to comment Share on other sites More sharing options...
Matty XB1 Posted June 5, 2018 Author Share Posted June 5, 2018 Hi Guys, I enabled DMZ to my Xbox One as UPNP is not currently working with the new software update. Five minutes after enabling, the log read something like, [Remote Lan Access] IP Address X to 192.168.1.254(my local Xbox IP). Then, there were about 9 lines all saying this. I instantly changed my IP address and rebooted. Does this mean I can't forward any ports to my Xbox, or is this something I don't have to worry about? Best, Matt Link to comment Share on other sites More sharing options...
Administrators Netduma Admin Posted June 5, 2018 Administrators Share Posted June 5, 2018 Hi Matty - Netgear have pulled the latest version until they solve the UPNP issue, so for now could you downgrade back to the previous version and enable UPNP again. https://kb.netgear.com/000055519/XR500-Firmware-Version-2-2-1-10 Link to comment Share on other sites More sharing options...
Matty XB1 Posted June 6, 2018 Author Share Posted June 6, 2018 After reverting back to the previous firmware, the first line in the logs reads, [OpenVPN] VPN Client disconnected. This is strange since I've never signed into VPN. Any thoughts? Link to comment Share on other sites More sharing options...
Matty XB1 Posted June 6, 2018 Author Share Posted June 6, 2018 Also, I just got disconnected again after another [DoS Attack: SYN/ACK Scan]. Can someone please take a look at my logs, and let me know if there's something I can be doing to prevent these disconnects? [DoS Attack: SYN/ACK Scan] from source: 61.147.67.163, port 80, Wednesday, June 06, 2018 07:44:18 [DumaOS] kill 2 sent to 'com.netdumasoftware.networkmonitor', Wednesday, June 06, 2018 07:44:28 [DumaOS] kill 2 sent to 'com.netdumasoftware.nghal', Wednesday, June 06, 2018 07:44:28 [DumaOS] kill 2 sent to 'com.netdumasoftware.neighwatch', Wednesday, June 06, 2018 07:44:28 [DumaOS] kill 2 sent to 'com.netdumasoftware.systeminfo', Wednesday, June 06, 2018 07:44:28 [DumaOS] skipping 'com.netdumasoftware.autoadmin', Wednesday, June 06, 2018 07:44:28 [DumaOS] kill 2 sent to 'com.netdumasoftware.qos', Wednesday, June 06, 2018 07:44:28 [DumaOS] kill 2 sent to 'com.netdumasoftware.desktop', Wednesday, June 06, 2018 07:44:28 [DumaOS] kill 2 sent to 'com.netdumasoftware.rappstore', Wednesday, June 06, 2018 07:44:28 [DumaOS] kill 2 sent to 'com.netdumasoftware.geofilter', Wednesday, June 06, 2018 07:44:28 [DumaOS] skipping 'com.netdumasoftware.devicemanager', Wednesday, June 06, 2018 07:44:28 [DumaOS] App 'com.netdumasoftware.networkmonitor' cleanup finished, Wednesday, June 06, 2018 07:44:28 [DumaOS] App 'com.netdumasoftware.neighwatch' cleanup finished, Wednesday, June 06, 2018 07:44:28 [DumaOS] App 'com.netdumasoftware.systeminfo' cleanup finished, Wednesday, June 06, 2018 07:44:28 [DumaOS] App 'com.netdumasoftware.desktop' cleanup finished, Wednesday, June 06, 2018 07:44:28 [DumaOS] App 'com.netdumasoftware.rappstore' cleanup finished, Wednesday, June 06, 2018 07:44:28 [DumaOS] recovering state com.netdumasoftware.neighwatch, Wednesday, June 06, 2018 07:44:28 [DumaOS] App 'com.netdumasoftware.nghal' cleanup finished, Wednesday, June 06, 2018 07:44:28 [DumaOS] App 'com.netdumasoftware.qos' cleanup finished, Wednesday, June 06, 2018 07:44:28 [DumaOS] Unable to uninstall GeoFilter, Wednesday, June 06, 2018 07:44:31 [DumaOS] killing 5966, Wednesday, June 06, 2018 07:44:31 [DumaOS] App 'com.netdumasoftware.geofilter' cleanup finished, Wednesday, June 06, 2018 07:44:31 [DumaOS] skipping 'com.netdumasoftware.autoadmin', Wednesday, June 06, 2018 07:44:31 [DumaOS] kill 2 sent to 'com.netdumasoftware.devicemanager', Wednesday, June 06, 2018 07:44:31 [DumaOS] Exception caught in cleanup 'com.netdumasoftware.devicemanager': bad argument #3 to 'call' (table expected, got string, -> stack traceback: ^I?: in function <?:73> ^I[C]: in function 'call' ^I?: in function 'long_call' ^I?: in function '?' ^I?: in function 'cleanup' ^I?: in function '?' ^I?: in function <?:388> ^I[C]: in function 'xpcall' ^I?: in function 'try' ^I?: in function <?:385> ^I?: in function 'try' ^I?: in function <?:283> ^I(tail call): ? ^I/dumaos/api/cli.lua:48: in function </dumaos/api/cli.lua:30> ^I[C]: in function 'xpcall' ^I/dumaos/api/cli.lua:59: in main chunk ^I[C]: ? Wednesday, June 06, 2018 07:44:31 [DumaOS] kill 2 sent to 'com.netdumasoftware.autoadmin', Wednesday, June 06, 2018 07:44:31 [DumaOS] App 'com.netdumasoftware.autoadmin' cleanup finished, Wednesday, June 06, 2018 07:44:32 [DumaOS] App 'com.netdumasoftware.procmanager' cleanup finished, Wednesday, June 06, 2018 07:44:32 [DumaOS] Starting process manager, Wednesday, June 06, 2018 07:44:33 [internet disconnected] Wednesday, June 06, 2018 07:44:33 Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted June 6, 2018 Administrators Share Posted June 6, 2018 After reverting back to the previous firmware, the first line in the logs reads, [OpenVPN] VPN Client disconnected. This is strange since I've never signed into VPN. Any thoughts? The logs are verbose and primarily for Developers so I wouldn't worry about anything you see there. It's likely just that once it's regained internet it's checked to see if it needs to go through a VPN which is doesn't. It's just backend processes that are happening. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted June 6, 2018 Administrators Share Posted June 6, 2018 I've sent you a PM for drop issue. Link to comment Share on other sites More sharing options...
e38BimmerFN Posted June 6, 2018 Share Posted June 6, 2018 To help you isolate the xbox disconnect problem, hook up your xbox directly to the ISP modem. Need to be wired to the modem. Ya you'll have to disconnect the router and be with out house hold internet for a bit, however try this. See if your xbox is getting disconnects there. Also do you have your prior router? if so, try and hook it back up with the xbox and see if the disconnects are still happening. Let us know the results... Also, I just got disconnected again after another [DoS Attack: SYN/ACK Scan]. Can someone please take a look at my logs, and let me know if there's something I can be doing to prevent these disconnects? [DoS Attack: SYN/ACK Scan] from source: 61.147.67.163, port 80, Wednesday, June 06, 2018 07:44:18 [DumaOS] kill 2 sent to 'com.netdumasoftware.networkmonitor', Wednesday, June 06, 2018 07:44:28 [DumaOS] kill 2 sent to 'com.netdumasoftware.nghal', Wednesday, June 06, 2018 07:44:28 [DumaOS] kill 2 sent to 'com.netdumasoftware.neighwatch', Wednesday, June 06, 2018 07:44:28 [DumaOS] kill 2 sent to 'com.netdumasoftware.systeminfo', Wednesday, June 06, 2018 07:44:28 [DumaOS] skipping 'com.netdumasoftware.autoadmin', Wednesday, June 06, 2018 07:44:28 [DumaOS] kill 2 sent to 'com.netdumasoftware.qos', Wednesday, June 06, 2018 07:44:28 [DumaOS] kill 2 sent to 'com.netdumasoftware.desktop', Wednesday, June 06, 2018 07:44:28 [DumaOS] kill 2 sent to 'com.netdumasoftware.rappstore', Wednesday, June 06, 2018 07:44:28 [DumaOS] kill 2 sent to 'com.netdumasoftware.geofilter', Wednesday, June 06, 2018 07:44:28 [DumaOS] skipping 'com.netdumasoftware.devicemanager', Wednesday, June 06, 2018 07:44:28 [DumaOS] App 'com.netdumasoftware.networkmonitor' cleanup finished, Wednesday, June 06, 2018 07:44:28 [DumaOS] App 'com.netdumasoftware.neighwatch' cleanup finished, Wednesday, June 06, 2018 07:44:28 [DumaOS] App 'com.netdumasoftware.systeminfo' cleanup finished, Wednesday, June 06, 2018 07:44:28 [DumaOS] App 'com.netdumasoftware.desktop' cleanup finished, Wednesday, June 06, 2018 07:44:28 [DumaOS] App 'com.netdumasoftware.rappstore' cleanup finished, Wednesday, June 06, 2018 07:44:28 [DumaOS] recovering state com.netdumasoftware.neighwatch, Wednesday, June 06, 2018 07:44:28 [DumaOS] App 'com.netdumasoftware.nghal' cleanup finished, Wednesday, June 06, 2018 07:44:28 [DumaOS] App 'com.netdumasoftware.qos' cleanup finished, Wednesday, June 06, 2018 07:44:28 [DumaOS] Unable to uninstall GeoFilter, Wednesday, June 06, 2018 07:44:31 [DumaOS] killing 5966, Wednesday, June 06, 2018 07:44:31 [DumaOS] App 'com.netdumasoftware.geofilter' cleanup finished, Wednesday, June 06, 2018 07:44:31 [DumaOS] skipping 'com.netdumasoftware.autoadmin', Wednesday, June 06, 2018 07:44:31 [DumaOS] kill 2 sent to 'com.netdumasoftware.devicemanager', Wednesday, June 06, 2018 07:44:31 [DumaOS] Exception caught in cleanup 'com.netdumasoftware.devicemanager': bad argument #3 to 'call' (table expected, got string, -> stack traceback: ^I?: in function <?:73> ^I[C]: in function 'call' ^I?: in function 'long_call' ^I?: in function '?' ^I?: in function 'cleanup' ^I?: in function '?' ^I?: in function <?:388> ^I[C]: in function 'xpcall' ^I?: in function 'try' ^I?: in function <?:385> ^I?: in function 'try' ^I?: in function <?:283> ^I(tail call): ? ^I/dumaos/api/cli.lua:48: in function </dumaos/api/cli.lua:30> ^I[C]: in function 'xpcall' ^I/dumaos/api/cli.lua:59: in main chunk ^I[C]: ? Wednesday, June 06, 2018 07:44:31 [DumaOS] kill 2 sent to 'com.netdumasoftware.autoadmin', Wednesday, June 06, 2018 07:44:31 [DumaOS] App 'com.netdumasoftware.autoadmin' cleanup finished, Wednesday, June 06, 2018 07:44:32 [DumaOS] App 'com.netdumasoftware.procmanager' cleanup finished, Wednesday, June 06, 2018 07:44:32 [DumaOS] Starting process manager, Wednesday, June 06, 2018 07:44:33 [internet disconnected] Wednesday, June 06, 2018 07:44:33 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now