Zaroo

Yeah. I am still getting disconnected. Hey, this is very interesting sequence of events just occurred. I don't if theirs some relationship with whatever is going on and that unnamed device that keeps repopulating that has the same or similar mac address as my router... Well, I am just going to send you the log. Yesterday, I was and someone was home and the device they were using was connected to ISP router modem. During this whole time, I just have my xr500 connected to the ISP router modem. So, I was thought I would see if I could see anything in the logs and connected to the xr500 via labtop.. was looking at the logs and it kept mentioning something about marking the unknown device... then subsequently new DHCP lease changes, and a series of ddos rst scans with the router's IP.. then I was knocked offline and the xr500 was flashing orange etc .. gonna send you the logs

On yeah, I've reboot their modem numerous times, hard resets.. etc

Let me digest that.. Hey, Fraser.. let me send this to you. So, I my router hasn't been connected for several weeks now. I tried communicating with ISP. Don't feel like a whole lot was accomplish, but I'll get to that at a later point. They basically adjusted some firewall levels, something I could have done myself... like you know how you can choose minimum, moderate or whatever .. I think they put it on moderate or whatever... and set my DHCP to renew I guess more periodically. They said it was not enabled. I thought it was .. I don't know what to say or how to communicate with them. They basically said try that.. and if you get disconnects run a trace route and speed test for science. No clue.. Anyway I just hooked up my router. Only thing connected, is my labtop wireless.. and I just wanted to send you this little portion of the logs that popped up. Sorta confusing.

Yeah. I guess. I could do that. It's hard to tell with Destiny because their servers are not that great. What are the DOCSIS logs? The only thing I have really been seeing is toNo Ranging Response received - T3 time-out; SYNC Timing Synchronization failure - Loss of Sync etc .. I don't know. I'll call them and see what can they can dig up, but I have no faith in them in their ability to do anything. Supposed they don't find anything or maybe they do, I am under the assumption that what ever was going on is still going on behind the scenes. I just can't view it on logs on my router, I have disconnected. I'm not sure if it's feasible to assume whomever or whatever was causing the attacks was only limited to the information just related to the router.

As of today, I can say it's been sorta hard to tell. I have my game on and I am not really play it. Just have it on and the game loaded up. It disconnect twice. These were a little unusual because it said Lan Cable disconnected. I don't recall that happening before. After the first disconnect, I switched lan cable and port on back of modem. After the second, I switched to a 3rd lan cable and a different port on the modem. Web browsing was not loading and I restarted my labtop. Not sure if those DOCSIS logs are provide any info worth looking at?

As of right now, I am trying to figure out how to check the logs on the Hitron interface. There was something called DOCSIS event logs, but it didn't seem to show network related activity in comparison to DumaOS.

Okay. Hopefully, it has logs. My only minor concern is that when these ping floods/ddos attacks are coming through, the impact is hard to gauge. Like. Yes, I have been experiencing disconnects, contacting servers etc, and sometimes everything just seems unreasonably laggy. Whereas, sometimes the "attacks" come through, I don't notice because I guess playing or working with what can be perceived as the "norm"..lmfao. I'll do my best and see what happens and go from there. Thanks again

Most definitely. I'll get that setup as soon as I can. I'm not very familiar with my ISP router interface. I imagine there will be a similar feature to look at the logs. Once I switch over, is there anything you want me to do or change as far as any of the settings or features etc? Thanks again. Appreciate the support.

Been sorta of busy. I like to begin figuring out what to ultimately do to resolve this issue. I dunno I find everything odd at this point and this is prolly normal, but in the log it says del_nat rule and add_nat rule in 1 second intervals. I believe last week, I removed all of the static IP address to my devices because of lag etc and I noticed the abundance of addresses populated for each device as before.. At any rate, what will I need to do or have to do to resolve this?

To be fair, I was more less curious at the time of checking. It's hard for me to gauge any services and performance issues. If I had to be a little be more critical, I would say yes. There was times where I felt like I was experiencing minor hiccups to some degree. Typically, when I do work like this.. I am periodically performing tasks to boost my pc/internet performance in attempt to alleviate any service/performance issues I feel like I am experiencing like system cleaner, registry cleaner etc. At any rate, I didn't turn on my PS5 at all and my pc was basically online all night. I am going to send the logs to Fraser.

I love it. It's getting very interesting here. Hopefully, I will get the time to become more of an expert on what I am seeing take place behind the scenes on wireshark. It's hard to describe it with a degree of clarity because I am not familiar with all the verbiage A grand majority of these attacks seen in this list are taken place behind the scenes. It's like watching a TV show. At any rate, a part of the reason why I sent you last log was because Monday I didn't really game. Basically on Monday, I turned on my PS5, logged into Destiny 2, and didn't play. Did fly to the tower once. With that being said, I have been home for around 3 hours working on my labtop. Just pulled up a the log just to see if anything peculiar populated. I looked up the IP of the most recent entry and this is what this is what I have found in the second image and third image. I'll send an updated log.

Okay. I won't turn on my PS5 today and will send you an additional log this afternoon. Apparently my time zone are settings are in DumaOS are not accurate in comparison to the times in the log. I am going to send you a log of today in the mean time. I got to go to work. Thanks for the feedback.

It's odd. I looked up 3 of the IP addresses in the log. One was located in Oregon under the Organization of Amazon. The other was located in Texas under the Organization of Nuclear Fallout enterprises INC. The 3rd was located in Germany. lol How did you determine it was seems to be related to game servers, jw? Really interesting. I might have to also become familar with identifying was I have been witnessing on Wireshark because it looks extremally suspect.

Holy smokes. That's wild. I don't see too many settings on this page. Hope this is what you were asking for.... Thanks

Okay. I understand that. It just made think if I was get knocked off line maybe something was resetting in the router. No biggie. So, I am trying to figure out what to do here. I called my ISP. They said since my xr500 is bridged then I am using that firewall and suggested doing a factory reset and contact Netgear and get some setting tweeked on my firewall. I take what he said with a grain of salt. Nonetheless, I need to come up with a solution. I am lost on this matter. I am not an expert on using wireshark either, but seems to be some suspicious activity going on through that. Reguardless, lets say my network is comprimised to some unknown degree and you were in my shoes, what would you do going forward, please help.

I am playing Destiny 2. One thing, I notice frequently is whenever I load up the DumaOs Dashboard to check it out, it is displaying all of the Tour dialogs. It doesn't do this all the time. Could the DDOS attacks be non game related, such as someone remotely connecting to my network from the internet?

Okay, I am going to send it to you via message. Actually, look at the 2nd one I am about to send you. If you don't mind please, sir. About 10 minutes later, I got disconnected from the game entirely and the dumaos interface said I was no longer connected to my router. I made some qos changes as I was contacting servers to try to mitigate the anticipated disconnection. Little behold, that second unknown device appeared as well.

Okay. My NAT type as been fine. I don't understand why I all of a sudden experiencing issues with it. I'll send it when it occurs again. Thanks

I have not idea what is gong on. I don't know how my network is working perfectly fine and to totally screwed up. So, my internet is working, but I've been getting disconnected while playing and I go to test the network and its connected to the internet but NAT type keeps failing and I can't play. And honestly, I don't believe none of those settings work in dumaos. I've had the router since it was released and I am just not seeing it.

Yeah. I've tried blocking it. I just don't want it to infer with my connection and have it weighted in on the qos settings .. eventhough it's offline

Yeah. It just happened again too. I deleted the device.. played a match.. started to contact destiny servers and the device reappeared

I didn't do the above steps mentioned above yet. I just noticed one thing though and it sorta bummer. The unnamed device was appearing for a while like all week. I haven't played much destiny either, but I got on today. I was playing and was starting to contact servers for a bit. I thought I was going to get disconnected. As soon as the match ended. I was looking through my qos settings to see if I could change something up that might would help and the unnamed device reappeared. I believe it must have appeared during the match causing the contacting servers in game bc it was not there before the match

I dont have an iphone. I just did what you said Fraser and I literally watched my labtop populate like 12 ip addresses... As we discussed earlier, I assigned it an ip and performed the changes earlier in the conversation and went down to 3... My PS5 is also starting to populate more. At any rate, I clicked use default, pressed apply, and the modem rebooted. I didn't change any of the values or anything. Should I put my ISP cable modem router in bridge mode?

Yes. It is a simple setup. I have a cable modem/router from ISP. I have my XR500 connected to it... then 1 PS5 wired to XR500 and 2 devices connected to XR500 wifi.. I only noticed this unnamed device popping up like the last 6 or so months. It's consistent and back again. It's confusing. It says its wired and has the same mac address as what it says on back of the XR500 and is always offline. Under the internet setup page in the Dumaos dashboard, the mac address is similar but the it says 18 instead of 17?

It doesn't show an IP address. It is the same as the mac address on the back of the router, but this is what it shows under the internet setup tab... Weird thing is .. the "unnamed device" was not listed under the device manager, and I hit the test button on this internet setup page and it rebooted my router and when it came back online the "unnamed device" showed back up.