Horenter Posted April 9, 2020 Share Posted April 9, 2020 Hello, I am pretty tech savy and typically can handle the majority my network issues but ever since I moved ISP's and into this new house I can't figuree out my problem. Router - XR500 Download/Upload - 1G/~300, I typically speed test 880 - 930/260 when I restart my router. When playing games we get kicked off and the internet drops, when speedtesting I am down to 94 up and down. I check logs and these attacks are coming in... tbh they are always coming in. Could you please provide some insight on what's occuring. Below are the kind of errors I am getting in my logs: [DoS Attack: SYN/ACK Scan] from source: 185.71.65.140, port 17506, Thursday, April 09, 2020 12:37:11 [DoS Attack: ACK Scan] from source: 17.248.185.76, port 443, Thursday, April 09, 2020 12:31:21 [DoS Attack: ACK Scan] from source: 104.244.42.194, port 443, Thursday, April 09, 2020 12:31:02 [DoS Attack: ACK Scan] from source: 104.244.42.67, port 443, Thursday, April 09, 2020 12:30:47 [DoS Attack: ACK Scan] from source: 104.244.42.66, port 443, Thursday, April 09, 2020 12:29:54 [DoS Attack: ACK Scan] from source: 104.244.42.194, port 443, Thursday, April 09, 2020 12:28:59 [DoS Attack: ACK Scan] from source: 104.244.42.67, port 443, Thursday, April 09, 2020 12:28:45 [DoS Attack: ACK Scan] from source: 104.244.42.66, port 443, Thursday, April 09, 2020 12:27:51 [DoS Attack: ACK Scan] from source: 162.254.192.101, port 27025, Thursday, April 09, 2020 12:22:25 [DoS Attack: ACK Scan] from source: 162.254.192.101, port 27025, Thursday, April 09, 2020 12:22:24 [DoS Attack: ACK Scan] from source: 162.254.192.101, port 27025, Thursday, April 09, 2020 12:22:23 [DoS Attack: ACK Scan] from source: 162.254.192.101, port 27025, Thursday, April 09, 2020 12:22:22 [DoS Attack: ACK Scan] from source: 162.254.192.101, port 27025, Thursday, April 09, 2020 12:22:21 [DoS Attack: ACK Scan] from source: 162.254.192.101, port 27025, Thursday, April 09, 2020 12:22:20 [DoS Attack: ACK Scan] from source: 162.254.192.101, port 27025, Thursday, April 09, 2020 12:22:19 [DoS Attack: ACK Scan] from source: 162.254.192.101, port 27025, Thursday, April 09, 2020 12:22:18 [DoS Attack: ACK Scan] from source: 162.254.192.101, port 27025, Thursday, April 09, 2020 12:22:17 [DoS Attack: ACK Scan] from source: 162.254.192.101, port 27025, Thursday, April 09, 2020 12:22:16 [Time synchronized with NTP server] Thursday, April 09, 2020 12:22:15 [DoS Attack: ACK Scan] from source: 35.190.244.156, port 4070, Thursday, April 09, 2020 12:22:10 [DoS Attack: ACK Scan] from source: 35.190.244.156, port 4070, Thursday, April 09, 2020 12:22:09 [DoS Attack: ACK Scan] from source: 35.190.244.156, port 4070, Thursday, April 09, 2020 12:22:08 [DoS Attack: ACK Scan] from source: 35.190.244.156, port 4070, Thursday, April 09, 2020 12:22:08 [DumaOS] Error parsing line in ARP table: 'fe80::851:5822:f9fb:6b9e dev br0 lladdr 94:f6:d6:a0:0f:71 STALE', Thursday, April 09, [DumaOS] Error parsing line in ARP table: 'fe80::6a9a:87ff:fe3d:82a0 dev br0 lladdr 68:9a:87:3d:82:a0 STALE', Thursday, April 09 [DumaOS] Error parsing line in ARP table: 'fe80::851:5822:f9fb:6b9e dev br0 lladdr 94:f6:d6:a0:0f:71 STALE', Thursday, April 09, [DumaOS] Error parsing line in ARP table: 'fe80::8e45:ff:feae:301e dev br0 lladdr 8c:45:00:ae:30:1e STALE', Thursday, April 09, [DumaOS] Error parsing line in ARP table: 'fe80::e979:e7bd:5807:9939 dev br0 lladdr 70:bc:10:68:de:17 STALE', Thursday, April 09 [DumaOS] Error parsing line in ARP table: 'fe80::6a9a:87ff:fe3d:82a0 dev br0 lladdr 68:9a:87:3d:82:a0 STALE', Thursday, April 09 [DumaOS] Error parsing line in ARP table: 'fe80::851:5822:f9fb:6b9e dev br0 lladdr 94:f6:d6:a0:0f:71 STALE', Thursday, April 09, [DumaOS] Error parsing line in ARP table: 'fe80::8e45:ff:feae:301e dev br0 lladdr 8c:45:00:ae:30:1e STALE', Thursday, April 09, [DumaOS] Error parsing line in ARP table: 'fe80::e979:e7bd:5807:9939 dev br0 lladdr 70:bc:10:68:de:17 STALE', Thursday, April 09 [DumaOS] Error parsing line in ARP table: 'fe80::6a9a:87ff:fe3d:82a0 dev br0 lladdr 68:9a:87:3d:82:a0 STALE', Thursday, April 09' Thanks, Horenter Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted April 9, 2020 Administrators Share Posted April 9, 2020 Hey, welcome to the forum! Sorry to hear you're having this issue. What is your physical setup now? Do you require PPPoE, VLAN or DHCP 60 to connect to the internet? Does it occur on all devices or just the ones gaming? If you wait does the internet come back? If so how long does it take? The DoS attacks are fine, they're just showing normal connections you're coming in contact with. For the ARP entries do any of the MAC addresses match devices you're getting disconnected from and did it happen when those entries appeared? Link to comment Share on other sites More sharing options...
Horenter Posted April 9, 2020 Author Share Posted April 9, 2020 Hey Fraser, - This occurs on all devices, the main devices are 3 pc's using cat 7 all gaming (Typically). - If I wait the internet DOES come back, but under 100Mbps. I dont know how long, probobaly within 2-3 minutes. ( I have posted a 2nd picture with my speed when I restart my router usually) I am going to look into the ARP entries and the PPPOE,VLAN,DHCP to connect. - Pretty sure DHCP and I dont really know a good way to check the ARP entries with MAC Adress'. But they did show up right before I logged into my DumaOS in the log. Thanks, Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted April 9, 2020 Administrators Share Posted April 9, 2020 How long has it been since you've set the XR up on this new connection as it can sometimes take a few days to properly sync with the ISP. Are you using QoS at all? If you are disable this completely from the Anti-Bufferbloat option menu, does that help? - Wondering if Traffic Prioritization might be having issues prioritizing them all at once. Have a look in Device Manager and click on the devices, you'll see their MAC addresses there so you can try to match it to the logs. Link to comment Share on other sites More sharing options...
Horenter Posted April 9, 2020 Author Share Posted April 9, 2020 It have been roughly 45 days at the new location, I have tried all 3 of the setting on QOS as well as disabling and it didnt change it. And match it in the Monitoring>Logs "Logs" or at a different location. Thanks, Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted April 9, 2020 Administrators Share Posted April 9, 2020 The ARP entries from the log you posted have the MAC addresses of devices in e.g. 94:f6:d6:a0:0f:71 so have a look in the Device Manager by clicking on devices and see if you can see the same MAC addresses. Also do you have IPv6 enabled? Looks from the logs that you might do so disable that on the XR if it is. In LAN Settings set reserved IP addresses for the devices that are disconnecting as well, use the IP address they already have for ease. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.