XR700 DDoS? Or no...

[hewfoe]

Hello,

So I originally got the XR700 because I was a victim (self diagnosed) of a DDoS. I am. Mixer content creator so it is a good chance.

 

I had my IP changed, got a VPN and bought the XR700. The only thing I did not change was my modem.

 

Before I got the XR700, I lost connectivity to my entire house (wired and wireless, I was using the eero mesh system) two nights in a row around 11pm eastern.  I then got this router and it happened to me again, at the same time. Is there some other step I shod have taken? Should I get a new modem? Could the XR700 be trying to renew lease?

 

Also, what is interesting, is when I got DDoSed my entire XR700 was unable to be accessed by me. I had to factory reset it to be able to get into it. 

 

I have Xfinity WiFi with the gigabit xfi gateway in bridge mode.

 

Attached is also an image of what I think is a DDoS.

[Netduma Fraser]

The fact that this happened at the same time each day and with the XR700 in place as well would indicate to me that your gateway/ISP was renewing its' lease. How long did it take for the connection to return prior to the XR700? If you give change the XR700 to use static settings in Internet Setup instead of dynamic if the connection drops again can you then still access the interface? It's worth checking the gateway again if the connection drops while using the XR700. That's not necessarily a DDoS, the router shows those entries all the time and they usually represent connections you've come in contact with e.g. Facebook.

[hewfoe]

It takes roughly an hour which I figured was too long.

 

This never happened before until about a week ago

[e38BimmerFN]

What is the Mfr and model if the ISP modem? 

[hewfoe]

2 minutes ago, e38BimmerFN said:

What is the Mfr and model if the ISP modem? 

Technicolor CGM4140COM

[e38BimmerFN]

This would be a double NAT condition which isn't recommended. https://kb.netgear.com/30186/What-is-Double-NAT
https://kb.netgear.com/30187/How-to-fix-issues-with-Double-NAT
Couple of options,
1. Configure the modem for transparent bridge or modem only mode. Then use the NG router in router mode. You'll need to contact the ISP for help and information in regards to the modem being bridged correctly.
2. If you can't bridge the modem, disable ALL wifi radios on the modem, configure the modems DMZ/ExposedHost or IP Pass-Through for the IP address the NG router gets from the modem. 

[hewfoe]

It's already in bridge mode. 

 

This was never an issue until recently. It only happens at a certain time

5 minutes ago, e38BimmerFN said:

This would be a double NAT condition which isn't recommended. https://kb.netgear.com/30186/What-is-Double-NAT
https://kb.netgear.com/30187/How-to-fix-issues-with-Double-NAT
Couple of options,
1. Configure the modem for transparent bridge or modem only mode. Then use the NG router in router mode. You'll need to contact the ISP for help and information in regards to the modem being bridged correctly.
2. If you can't bridge the modem, disable ALL wifi radios on the modem, configure the modems DMZ/ExposedHost or IP Pass-Through for the IP address the NG router gets from the modem. 

 

[e38BimmerFN]

Look up whois for those IP addresses to see where they are coming from. Anything can happen when it comes from the WAN side. If this just started happening, then something is new from the WAN side. The XR is just reporting it and doing what it's supposed to do. 

[Netduma Fraser]

If the issue originated before the XR700 then it may be the ISP is undergoing maintenance or the gateway is becoming faulty. I would recommend you contact the ISP (don't tell them about the XR700 as they will blame it even though it happened before that) and see if they can do some tests/investigating on their side. They should be able to tell that the connection is dropping and why.

[hewfoe]

11 minutes ago, Netduma Fraser said:

If the issue originated before the XR700 then it may be the ISP is undergoing maintenance or the gateway is becoming faulty. I would recommend you contact the ISP (don't tell them about the XR700 as they will blame it even though it happened before that) and see if they can do some tests/investigating on their side. They should be able to tell that the connection is dropping and why.

Okay thank you, I'm actually going to buy a new modem tonight and try that. It's just weird that it only happens at that time? (That I can tell anyway). They've researched it and Xfinity just keeps saying I have internet now so they don't know what the issue is.

 

Also, any idea why my router just completely bricked (I couldn't access it at all) until I did a factory reset? 

[Netduma Fraser]

To me it sounds like a DHCP renewal but it shouldn't disconnect the connection really or for that long, give it a go and let us know if it works. 

That is a weird one, it's unclear at the moment what it could have been, potentially it got flooded with packets but unsure if it's a DDoS at this point. Definitely keep an eye on it and let us know if it happens again please.

[hewfoe]

4 minutes ago, Netduma Fraser said:

To me it sounds like a DHCP renewal but it shouldn't disconnect the connection really or for that long, give it a go and let us know if it works. 

That is a weird one, it's unclear at the moment what it could have been, potentially it got flooded with packets but unsure if it's a DDoS at this point. Definitely keep an eye on it and let us know if it happens again please.

Will do thanks for all the help.

Also is there a way to check when renewal happens? When I do ipconfig /all does that show renewal from isp or what is done locally? 

[Netduma Fraser]

No that won't be available there, it will be something that will be visible on the gateway interface or if not then you'll have to ask the ISP.