Turboamerica Posted May 24, 2020 Share Posted May 24, 2020 hello everyone. ive posted this topic on netgear support and literally got no direct answer. i own netgear netduma xr700. basically, for some time now, my router does all the stuff to kill itself. i pay for 1GB/s both upload and download. it all started with DOS attacks from google, amazon, couple of arizona IPs. constant DOS/port scan, killing my inet to 50mb/s and packet loss. i found an issue-for some reason my pc was affecting the router, although i scanned it for viruses and stuff. i fixed an issue for a day, but now i get constant LAN access from remote thing, coming from my ps4 and skipped spike RTT. im honestly frustrated with this, unable to play for 3 weeks now, tried tons of stuff and all firmwares. no help. all i see on forums is that the router is doing its job and stuff, but i honestly dont think self DOS on a 300$ router IS NOT okay. p.s stay safe everyone, and greetings from russia Link to comment Share on other sites More sharing options...
Guest Killhippie Posted May 25, 2020 Share Posted May 25, 2020 14 hours ago, Turboamerica said: hello everyone. ive posted this topic on netgear support and literally got no direct answer. i own netgear netduma xr700. basically, for some time now, my router does all the stuff to kill itself. i pay for 1GB/s both upload and download. it all started with DOS attacks from google, amazon, couple of arizona IPs. constant DOS/port scan, killing my inet to 50mb/s and packet loss. i found an issue-for some reason my pc was affecting the router, although i scanned it for viruses and stuff. i fixed an issue for a day, but now i get constant LAN access from remote thing, coming from my ps4 and skipped spike RTT. im honestly frustrated with this, unable to play for 3 weeks now, tried tons of stuff and all firmwares. no help. all i see on forums is that the router is doing its job and stuff, but i honestly dont think self DOS on a 300$ router IS NOT okay. p.s stay safe everyone, and greetings from russia Its not attacking itself. Netgear logs are a tad paranoid but they do not cause the drop in speed, for that look at your buffer bloat settings. Also clear your browsers cache, always factory reset after updating firmware. You may have a rootkit on your PC possibly but I doubt it unless you download silly stuff from torrents. Was the router an import? Link to comment Share on other sites More sharing options...
Turboamerica Posted May 25, 2020 Author Share Posted May 25, 2020 2 hours ago, Killhippie said: Its not attacking itself. Netgear logs are a tad paranoid but they do not cause the drop in speed, for that look at your buffer bloat settings. Also clear your browsers cache, always factory reset after updating firmware. You may have a rootkit on your PC possibly but I doubt it unless you download silly stuff from torrents. Was the router an import? factory reset the router dozen of times. never downloaded something silly from torrents. the router was imported from germany officially. after i bought ive had no issue for more than a year. ive tried every set up for buffer bloat. 70%, 80%,tunerd off and on. no changes. Link to comment Share on other sites More sharing options...
Newfie Posted May 25, 2020 Share Posted May 25, 2020 Looks normal regards to logs. Link to comment Share on other sites More sharing options...
Guest Killhippie Posted May 25, 2020 Share Posted May 25, 2020 2 minutes ago, Turboamerica said: factory reset the router dozen of times. never downloaded something silly from torrents. the router was imported from germany officially. after i bought ive had no issue for more than a year. ive tried every set up for buffer bloat. 70%, 80%,tunerd off and on. no changes. what firmware are you on Link to comment Share on other sites More sharing options...
Turboamerica Posted May 25, 2020 Author Share Posted May 25, 2020 On 5/25/2020 at 12:43 PM, Newfie said: Looks normal regards to logs. yeah, it only looks normal, 50/50 mb/s speed is what makes me wonder. and packet loss. i dont belive 300$ router is normally killling speed On 5/25/2020 at 12:43 PM, Killhippie said: what firmware are you on i have tried the beta .24, the first one. now im on 1.0.20 or something Link to comment Share on other sites More sharing options...
Newfie Posted May 25, 2020 Share Posted May 25, 2020 After trying various firmwares did you reset the router after each attempt? Link to comment Share on other sites More sharing options...
Turboamerica Posted May 26, 2020 Author Share Posted May 26, 2020 10 hours ago, Newfie said: After trying various firmwares did you reset the router after each attempt? yep. i tried resetting, not resetting, static and dynamic ip. no difference. i just woke up to see all my logs been LAN access from remote, for 4 hours straight,every 5-10 seconds Link to comment Share on other sites More sharing options...
Newfie Posted May 26, 2020 Share Posted May 26, 2020 Post a small section of your logs showing this. Copy and paste is fine, just a few lines showing it. Link to comment Share on other sites More sharing options...
Turboamerica Posted May 26, 2020 Author Share Posted May 26, 2020 1 hour ago, Newfie said: Post a small section of your logs showing this. Copy and paste is fine, just a few lines showing it. LAN access from remote] from 35.223.90.88:30140 to 192.168.1.5:80, Tuesday, May 26, 2020 18:10:04 [DoS Attack: TCP/UDP Chargen] from source: 183.60.141.171, port 58920, Tuesday, May 26, 2020 18:02:56 [Internet connected] IP address: 95.143.221.95, Tuesday, May 26, 2020 18:01:56 [LAN access from remote] from 64.227.40.137:5106 to 192.168.1.5:80, Tuesday, May 26, 2020 18:01:32 [LAN access from remote] from 13.232.169.241:20200 to 192.168.1.5:80, Tuesday, May 26, 2020 17:59:18 [LAN access from remote] from 124.106.65.6:30730 to 192.168.1.5:80, Tuesday, May 26, 2020 17:53:26 [Internet connected] IP address: 95.143.221.95, Tuesday, May 26, 2020 17:51:56 [Internet connected] IP address: 95.143.221.95, Tuesday, May 26, 2020 17:41:56 [Internet connected] IP address: 95.143.221.95, Tuesday, May 26, 2020 17:31:56 [Internet connected] IP address: 95.143.221.95, Tuesday, May 26, 2020 17:21:56 [LAN access from remote] from 188.165.174.199:58292 to 192.168.1.5:80, Tuesday, May 26, 2020 17:19:52 [Internet connected] IP address: 95.143.221.95, Tuesday, May 26, 2020 17:11:56 [DoS Attack: RST Scan] from source: 45.139.239.238, port 667, Tuesday, May 26, 2020 17:11:02 [LAN access from remote] from 185.234.219.205:59242 to 192.168.1.5:80, Tuesday, May 26, 2020 17:05:13 [Internet connected] IP address: 95.143.221.95, Tuesday, May 26, 2020 17:01:56 [DumaOS] Cloudsync DPI result 'false','All mirrors are down', Tuesday, May 26, 2020 16:51:58 [DumaOS] R-App store cloud sync failed, Tuesday, May 26, 2020 16:51:58 [DumaOS] HTTP download failed with code '404', Tuesday, May 26, 2020 16:51:58 [DumaOS] Resync R-App store cloud, Tuesday, May 26, 2020 16:51:58 [Internet connected] IP address: 95.143.221.95, Tuesday, May 26, 2020 16:51:56 [DumaOS] Cloudsync Themes result 'false','All mirrors are down', Tuesday, May 26, 2020 16:51:56 [LAN access from remote] from 77.237.77.56:48972 to 192.168.1.5:443, Tuesday, May 26, 2020 16:50:39 Link to comment Share on other sites More sharing options...
Newfie Posted May 26, 2020 Share Posted May 26, 2020 Have you got remote access on? If so turn it off. do you have cameras or webcams? still looks ok to be honest. Link to comment Share on other sites More sharing options...
Turboamerica Posted May 26, 2020 Author Share Posted May 26, 2020 2 hours ago, Newfie said: Have you got remote access on? If so turn it off. do you have cameras or webcams? still looks ok to be honest. no cameras or other wifi devices like printers etc. remote access turned off Link to comment Share on other sites More sharing options...
Newfie Posted May 26, 2020 Share Posted May 26, 2020 Could be related to UPnP. Are you able to turn this off. Link to comment Share on other sites More sharing options...
Turboamerica Posted May 26, 2020 Author Share Posted May 26, 2020 3 minutes ago, Newfie said: Could be related to UPnP. Are you able to turn this off. turned UPnP off and on many times. litterally no difference either way. it is off ATM Link to comment Share on other sites More sharing options...
Newfie Posted May 26, 2020 Share Posted May 26, 2020 Do you use Skype by any chance or torrent stuff? Link to comment Share on other sites More sharing options...
Turboamerica Posted May 26, 2020 Author Share Posted May 26, 2020 11 minutes ago, Newfie said: Do you use Skype by any chance or torrent stuff? no skype, ive used torrent maybe like 4 or 5 times in my life, and currently its deleted from my pc for about 2 days now. no difference Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted May 26, 2020 Administrators Share Posted May 26, 2020 Are you using the DMZ? Disable respond to internet ping in WAN Settings also. For speed, try this to see if you can get full speeds, in Traffic Prioritization make a manual port rule 1-65535 TCP/UDP and see what happens then. Also does your ISP allow using 3rd party routers? Link to comment Share on other sites More sharing options...
TimothyYoung Posted May 26, 2020 Share Posted May 26, 2020 8 hours ago, Turboamerica said: LAN access from remote] from 35.223.90.88:30140 to 192.168.1.5:80, Tuesday, May 26, 2020 18:10:04 Pretty sure these are the same logs that get recorded when trying to access the router dashboard, as soon as you log into it I'm sure you made passwords to secure your login, might turn off remote access and port forwarding, also I'm curious are you using public up or private on ur netgear box? Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted May 26, 2020 Administrators Share Posted May 26, 2020 24 minutes ago, TimothyYoung said: Pretty sure these are the same logs that get recorded when trying to access the router dashboard, as soon as you log into it I'm sure you made passwords to secure your login, might turn off remote access and port forwarding, also I'm curious are you using public up or private on ur netgear box? It's actually a Google IP so not sure why it's appearing like that. Link to comment Share on other sites More sharing options...
TimothyYoung Posted May 26, 2020 Share Posted May 26, 2020 20 minutes ago, Netduma Fraser said: It's actually a Google IP so not sure why it's appearing like that. Wow that's very odd, I didnt even make it that far, atleast its seemingly a non-harmful ip Only other thing I can think of similar that I've encountered with legitimate traffic that doesn't have ports opened for it, chromecast... Link to comment Share on other sites More sharing options...
Turboamerica Posted May 27, 2020 Author Share Posted May 27, 2020 19 hours ago, Netduma Fraser said: Are you using the DMZ? Disable respond to internet ping in WAN Settings also. For speed, try this to see if you can get full speeds, in Traffic Prioritization make a manual port rule 1-65535 TCP/UDP and see what happens then. Also does your ISP allow using 3rd party routers? not using DMZ. disabled internet ping a long time ago. my ISP does support any router, even their own supplied routers are netgear 18 hours ago, Netduma Fraser said: It's actually a Google IP so not sure why it's appearing like that. [DumaOS] skiped spike rtt: 74.733 last_rtt: 42.258, Wednesday, May 27, 2020 03:13:25 [DumaOS] skiped spike rtt: 42.258 last_rtt: 153.815, Wednesday, May 27, 2020 03:13:24 [DumaOS] skiped spike rtt: 153.815 last_rtt: 321.842, Wednesday, May 27, 2020 03:13:23 [DumaOS] skiped spike rtt: 321.842 last_rtt: 235.134, Wednesday, May 27, 2020 03:13:22 [DumaOS] skiped spike rtt: 235.134 last_rtt: 42.34, Wednesday, May 27, 2020 03:13:21 [DumaOS] skiped spike rtt: 45.749 last_rtt: 318.897, Wednesday, May 27, 2020 03:13:18 [DumaOS] skiped spike rtt: 339.996 last_rtt: 42.422, Wednesday, May 27, 2020 03:13:16 [DumaOS] skiped spike rtt: 43.472 last_rtt: 326.508, Wednesday, May 27, 2020 03:13:10 [DumaOS] skiped spike rtt: 326.508 last_rtt: 45.824, Wednesday, May 27, 2020 03:13:09 [DumaOS] skiped spike rtt: 343.237 last_rtt: 49.071, Wednesday, May 27, 2020 03:13:05 [DumaOS] skiped spike rtt: 43.503 last_rtt: 325.684, Wednesday, May 27, 2020 03:13:02 [DumaOS] skiped spike rtt: 325.684 last_rtt: 46.43, Wednesday, May 27, 2020 03:13:01 [DumaOS] skiped spike rtt: 46.43 last_rtt: 115.842, Wednesday, May 27, 2020 03:13:00 [DumaOS] skiped spike rtt: 115.842 last_rtt: 46.931, Wednesday, May 27, 2020 03:12:59 [Internet connected] IP address: 95.143.221.95, Wednesday, May 27, 2020 03:05:27 this is what also happens now Link to comment Share on other sites More sharing options...
TimothyYoung Posted May 27, 2020 Share Posted May 27, 2020 Apparently it's not a safe ip Link to comment Share on other sites More sharing options...
Turboamerica Posted May 27, 2020 Author Share Posted May 27, 2020 18 hours ago, Netduma Fraser said: It's actually a Google IP so not sure why it's appearing like that. btw, 192.168.1.5 is my ps4 IP, which was turned and not even connected to power socket 17 hours ago, TimothyYoung said: Apparently it's not a safe ip i might believe its an attack, but why would it be the same on dynamic IP right after IP change? Link to comment Share on other sites More sharing options...
TimothyYoung Posted May 27, 2020 Share Posted May 27, 2020 Could have a trojan possibly, alot will send out signals to show where it is Not saying that's what it is.. but does kinda seem like something communicating from inside your network out Does your public ip actually change when u reset ur modem? Reason I ask is bc att uverse won't, I get stuck with a static ip.. good and bad While rereading your original post, during ur efforts to find the problem, have u tried only having 1 device connected at a time? 17 hours ago, Turboamerica said: btw, 192.168.1.5 is my ps4 IP, which was turned and not even connected to power socket Hmmm that's interesting, I wanna say there's a ton of hacking in the ps4 community's now that I think about it Does your internet work okay if you connect to your modem directly? Link to comment Share on other sites More sharing options...
Turboamerica Posted May 27, 2020 Author Share Posted May 27, 2020 20 minutes ago, TimothyYoung said: Does your public ip actually change when u reset ur modem? Reason I ask is bc att uverse won't, I get stuck with a static ip.. good and bad I do have static IP,but I’ve tested dynamic IP Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.