Jump to content
Leo

DOS Attacks from Valve Corporation Addresses

Recommended Posts

Hi there, 

I have been getting DOS Attacks from Valve Corporation Addresses (please see attached) and I am not sure why/how this is happening and what I can do to stop it. I have started a support ticket with Steam as well.

Thank you, 

log-1584443881691.txt

Share this post


Link to post
Share on other sites

As above, you're not getting attacked, you would definitely know if you were! It just means you're having regular network activity with Steam. You can safely ignore the entries.

Share this post


Link to post
Share on other sites

Ok that makes sense but the issue is that my internet drops out when these "attacks" occur. Only for about 20 seconds or so then it comes back online but it's annoying and shouldn't be happening nonetheless.

Share this post


Link to post
Share on other sites

Are all devices dropping out when this happens or is it just the device you're using at the time? Is it WiFi or ethernet devices? When it happens does the internet light on the router change colour?

Share this post


Link to post
Share on other sites

Yes, all devices are dropping out and the Internet LED on the Router turns Amber.

Share this post


Link to post
Share on other sites

It's almost certainly a coincendence that is happens when that occurs. How often is the connection dropping? One way to tell for certain would be to disable steam completely for a day and see if the drops still happen.

Share this post


Link to post
Share on other sites

I work full time so I'm unsure what it does during the day but it drops out just about every evening. I will keep an eye on the logs when it happens but I bet it will drop out at the same time as the "attacks".

Share this post


Link to post
Share on other sites
On 3/18/2020 at 12:13 AM, Leo said:

I work full time so I'm unsure what it does during the day but it drops out just about every evening. I will keep an eye on the logs when it happens but I bet it will drop out at the same time as the "attacks".

A full DoS attack would take you offline for a very long time, packets sent now and then isnt a DoS attack really, even though it looks like one. Check connections, and if need be reset the router to factory settings as a last resort, do not use a config file to restore as that may bring previous problems with it in low level code. Also try contacting your ISP. Also factor in Covoid- 19 and any pressure that may be putting on your ISP as more people work from home.

Share this post


Link to post
Share on other sites

I performed a factory reset and it seems to be behaving itself for the time being. I have to be honest though, I have never had to perform so many factory resets on a device before and I work in IT. I've got 6 days before I am unable to easily return the product back to Amazon. I really hope it pulls itself together soon because I am not real impressed with the Netduma OS at the moment. I have run into quite a few issues where the only real solution I find on this website is to perform a factory reset.

Share this post


Link to post
Share on other sites

Keep us posted, it is very unlikely to be Steam that is the cause though but would certainly be interesting to see if disabling it works should it arise again. Have you tested with the ISP router to double check? What are the other issues that you've been experiencing?

Share this post


Link to post
Share on other sites

The logs also showed some "attacks" from addresses related to Apple so I'm not sure what exactly is causing the dropouts and I'm not sure why the router views them as attacks. The factory reset has fixed it for the moment.

The list of issues I've experienced are as follows (from biggest issue to smallest)

  • The main issue I have been experiencing is the r-apps not loading. I changed the amount of tries to open from 3 to 5 but that made no difference. I have tried different browsers on different machines in private browsing so no add-ons can effect it. I sometimes have to do multiple factory resets before it loads properly.
  • The frequent drop outs. I have seen other people having this exact same issue as well. I am using a Netgear DM200 modem with my XR500 if that helps at all.
  • The Hybrid VPN feature does not work as it should with ExpressVPN. Websites can still detect my IP and I was unable to get some games to work even after settings every port related to the game to not go through the VPN. I had a thread open for this one which you were unable to help me with. The issue was specifically for UNO.
  • In QOS Rocket League is not a certified DumaOS game. It is however an Unreal Engine game but when I select my device and Unreal Engine it does not detect the game's traffic to be High Prioritization. The only way I could get it to be detected as such was to add it as a Games Console but the downside of doing that is that Battle.net downloads are detected as high priority, this obviously nukes the bandwidth. Steam downloads are not detected as such though.

These are the issues I can think of off the top of my head at this time. I'm seriously hoping that the major update to DumaOS fixes all of these issues.

Share this post


Link to post
Share on other sites
8 hours ago, Leo said:

I performed a factory reset and it seems to be behaving itself for the time being. I have to be honest though, I have never had to perform so many factory resets on a device before and I work in IT. I've got 6 days before I am unable to easily return the product back to Amazon. I really hope it pulls itself together soon because I am not real impressed with the Netduma OS at the moment. I have run into quite a few issues where the only real solution I find on this website is to perform a factory reset.

Most high end routers need factory resets, its very common, read this link below from RMerlin, he helps ASUS with patching and also runs his own fork of ASUS firmware, a very knowlagable and respected person in the router community. (I run a RAX120 and even I reset after every firmware update)

https://www.snbforums.com/threads/faq-nvram-and-factory-default-reset.22822/

Share this post


Link to post
Share on other sites

A factory reset after a firmware update makes sense. But when the router is shipped with the latest firmware and you have to perform a factory reset 1-2 times a week on average, that's getting ridiculous. I will give the link a read.

Share this post


Link to post
Share on other sites
3 hours ago, Leo said:

A factory reset after a firmware update makes sense. But when the router is shipped with the latest firmware and you have to perform a factory reset 1-2 times a week on average, that's getting ridiculous. I will give the link a read.

anything in the logs means its blocked, so you don't need to keep factory resetting. ISP dropping may be more to do with current high demand because of isolation from Covid-19 than anything else, make sure you have the router set to always on, and time 0 not dial up, as the router would then go will go dormant. I will point out your modem does not get good reviews sadly. Its known for dropping connections even way back to 2017. I would try a different modem to start with possibly.    :(

https://community.netgear.com/t5/DSL-Modems-Routers/DM200-modem-drops-internet-connection-daily/td-p/1428128

Share this post


Link to post
Share on other sites

Where are the "always on" and "time 0 not dial up" settings please? I've had the modem for just over 3 years and haven't had an issue with the internet dropping out until I got the XR500. Is there a modem that you recommend pairing with the XR500?

Share this post


Link to post
Share on other sites

Glad to hear it is still working. It is likely you're using a Mac/iPhone or visited an Apple website and so it reported this as an attack, they're not attacks just generic web activity. Weird that you're getting R-App not loading, it is definitely on the .56 firmware? For VPN we're aware there is a DNS leak, if you set your DNS to the provider DNS then it will work until DumaOS 3.0. If you use the specific ports for the game in Traffic Prioritization then it will resolve both those issues.

I think KH is assuming you're using a login (PPPoE) to access the internet, in which case in Internet Setup choose 'Always On' for connection mode.

Share this post


Link to post
Share on other sites

Yes it's definitely on .56 firmware. What I have noticed is after my most recent factory reset, on the DumaOS dashboard it lists every R-App as "Run R-App on startup". This was not always the case and I imagine that was the issue. I have done nothing different to cause them to all say "Run R-App on startup".

For my VPN it wasn't just DNS leaks, websites could detect my IP. I just went back to running the VPN locally on the machines.

Yeah it seems like I'm going to have to input specific ports in the Traffic Prioritization.

I will double check the "Always On" for connection mode but I know that I did not have to login to access the internet. I used to have to do this when I was on ADSL2+ but not since I've moved to VDSL.

Share this post


Link to post
Share on other sites

They should all be running on startup anyway, we haven't specifically tested that feature because it's not ready to be used so its possibly just reporting things incorrectly but has it been loading R-Apps properly since you've noticed this change?

The DNS leaks can cause that to happen and changing the DNS to the VPN providers does resolve that, we are aware of it so will be fixing it. It's not a login you do everytime, just that the router automatically logs in using credentials that you input. If you don't know what I'm referring to then it's likely you don't have it.

Share this post


Link to post
Share on other sites

Yeah they most definitely were not all running on startup but they are now and I'm having no issues at the moment.

I changed the DNS to the VPN provider's but it didn't make any difference for me. Websites could still detect my IP.

Yeah, I believe it's a login you do in the original setup of the router. I haven't had to do it since moving to a VDSL connection.

Share this post


Link to post
Share on other sites

Okay interesting, do you remember what it said before so I can let the team know?

Could you take a screenshot of how you've added your devices to the VPN please?

Share this post


Link to post
Share on other sites

I will take a look when I get home from work. I can't remember off the top of my head sorry but it may have had something to do with the R-App having a pause sign next to it instead of the play sign or vice versa.

I'm happy enough to use the VPN locally on the machines and then I'll try again once DumaOS 3.0 finally releases.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...