Zaroo

Yeah. I am still getting disconnected. Hey, this is very interesting sequence of events just occurred. I don't if theirs some relationship with whatever is going on and that unnamed device that keeps repopulating that has the same or similar mac address as my router... Well, I am just going to send you the log. Yesterday, I was and someone was home and the device they were using was connected to ISP router modem. During this whole time, I just have my xr500 connected to the ISP router modem. So, I was thought I would see if I could see anything in the logs and connected to the xr500 via labtop.. was looking at the logs and it kept mentioning something about marking the unknown device... then subsequently new DHCP lease changes, and a series of ddos rst scans with the router's IP.. then I was knocked offline and the xr500 was flashing orange etc .. gonna send you the logs

On yeah, I've reboot their modem numerous times, hard resets.. etc

Let me digest that.. Hey, Fraser.. let me send this to you. So, I my router hasn't been connected for several weeks now. I tried communicating with ISP. Don't feel like a whole lot was accomplish, but I'll get to that at a later point. They basically adjusted some firewall levels, something I could have done myself... like you know how you can choose minimum, moderate or whatever .. I think they put it on moderate or whatever... and set my DHCP to renew I guess more periodically. They said it was not enabled. I thought it was .. I don't know what to say or how to communicate with them. They basically said try that.. and if you get disconnects run a trace route and speed test for science. No clue.. Anyway I just hooked up my router. Only thing connected, is my labtop wireless.. and I just wanted to send you this little portion of the logs that popped up. Sorta confusing.

Yeah. I guess. I could do that. It's hard to tell with Destiny because their servers are not that great. What are the DOCSIS logs? The only thing I have really been seeing is toNo Ranging Response received - T3 time-out; SYNC Timing Synchronization failure - Loss of Sync etc .. I don't know. I'll call them and see what can they can dig up, but I have no faith in them in their ability to do anything. Supposed they don't find anything or maybe they do, I am under the assumption that what ever was going on is still going on behind the scenes. I just can't view it on logs on my router, I have disconnected. I'm not sure if it's feasible to assume whomever or whatever was causing the attacks was only limited to the information just related to the router.

As of today, I can say it's been sorta hard to tell. I have my game on and I am not really play it. Just have it on and the game loaded up. It disconnect twice. These were a little unusual because it said Lan Cable disconnected. I don't recall that happening before. After the first disconnect, I switched lan cable and port on back of modem. After the second, I switched to a 3rd lan cable and a different port on the modem. Web browsing was not loading and I restarted my labtop. Not sure if those DOCSIS logs are provide any info worth looking at?

As of right now, I am trying to figure out how to check the logs on the Hitron interface. There was something called DOCSIS event logs, but it didn't seem to show network related activity in comparison to DumaOS.

Okay. Hopefully, it has logs. My only minor concern is that when these ping floods/ddos attacks are coming through, the impact is hard to gauge. Like. Yes, I have been experiencing disconnects, contacting servers etc, and sometimes everything just seems unreasonably laggy. Whereas, sometimes the "attacks" come through, I don't notice because I guess playing or working with what can be perceived as the "norm"..lmfao. I'll do my best and see what happens and go from there. Thanks again

Most definitely. I'll get that setup as soon as I can. I'm not very familiar with my ISP router interface. I imagine there will be a similar feature to look at the logs. Once I switch over, is there anything you want me to do or change as far as any of the settings or features etc? Thanks again. Appreciate the support.

Been sorta of busy. I like to begin figuring out what to ultimately do to resolve this issue. I dunno I find everything odd at this point and this is prolly normal, but in the log it says del_nat rule and add_nat rule in 1 second intervals. I believe last week, I removed all of the static IP address to my devices because of lag etc and I noticed the abundance of addresses populated for each device as before.. At any rate, what will I need to do or have to do to resolve this?

To be fair, I was more less curious at the time of checking. It's hard for me to gauge any services and performance issues. If I had to be a little be more critical, I would say yes. There was times where I felt like I was experiencing minor hiccups to some degree. Typically, when I do work like this.. I am periodically performing tasks to boost my pc/internet performance in attempt to alleviate any service/performance issues I feel like I am experiencing like system cleaner, registry cleaner etc. At any rate, I didn't turn on my PS5 at all and my pc was basically online all night. I am going to send the logs to Fraser.

I love it. It's getting very interesting here. Hopefully, I will get the time to become more of an expert on what I am seeing take place behind the scenes on wireshark. It's hard to describe it with a degree of clarity because I am not familiar with all the verbiage A grand majority of these attacks seen in this list are taken place behind the scenes. It's like watching a TV show. At any rate, a part of the reason why I sent you last log was because Monday I didn't really game. Basically on Monday, I turned on my PS5, logged into Destiny 2, and didn't play. Did fly to the tower once. With that being said, I have been home for around 3 hours working on my labtop. Just pulled up a the log just to see if anything peculiar populated. I looked up the IP of the most recent entry and this is what this is what I have found in the second image and third image. I'll send an updated log.

Okay. I won't turn on my PS5 today and will send you an additional log this afternoon. Apparently my time zone are settings are in DumaOS are not accurate in comparison to the times in the log. I am going to send you a log of today in the mean time. I got to go to work. Thanks for the feedback.

It's odd. I looked up 3 of the IP addresses in the log. One was located in Oregon under the Organization of Amazon. The other was located in Texas under the Organization of Nuclear Fallout enterprises INC. The 3rd was located in Germany. lol How did you determine it was seems to be related to game servers, jw? Really interesting. I might have to also become familar with identifying was I have been witnessing on Wireshark because it looks extremally suspect.

Holy smokes. That's wild. I don't see too many settings on this page. Hope this is what you were asking for.... Thanks

Okay. I understand that. It just made think if I was get knocked off line maybe something was resetting in the router. No biggie. So, I am trying to figure out what to do here. I called my ISP. They said since my xr500 is bridged then I am using that firewall and suggested doing a factory reset and contact Netgear and get some setting tweeked on my firewall. I take what he said with a grain of salt. Nonetheless, I need to come up with a solution. I am lost on this matter. I am not an expert on using wireshark either, but seems to be some suspicious activity going on through that. Reguardless, lets say my network is comprimised to some unknown degree and you were in my shoes, what would you do going forward, please help.