router DOSing it self and makign internet unusable

[Turboamerica]

hello everyone. ive posted this topic on netgear support and literally got no direct answer. i own netgear netduma xr700. basically, for some time now, my router does all the stuff to kill itself. i pay for 1GB/s both upload and download. it all started with DOS attacks from google, amazon, couple of arizona IPs. constant DOS/port scan, killing my inet to 50mb/s and packet loss. i found an issue-for some reason my pc was affecting the router, although i scanned it for viruses and stuff. i fixed an issue for a day, but now i get constant LAN access from remote thing, coming from my ps4 and skipped spike RTT. im honestly frustrated with this, unable to play for 3 weeks now, tried tons of stuff and all firmwares. no help. all i see on forums is that the router is doing its job and stuff, but i honestly dont think self DOS on a 300$ router IS NOT okay. 

p.s stay safe everyone, and greetings from russia

   

[Guest Killhippie]

14 hours ago, Turboamerica said:

hello everyone. ive posted this topic on netgear support and literally got no direct answer. i own netgear netduma xr700. basically, for some time now, my router does all the stuff to kill itself. i pay for 1GB/s both upload and download. it all started with DOS attacks from google, amazon, couple of arizona IPs. constant DOS/port scan, killing my inet to 50mb/s and packet loss. i found an issue-for some reason my pc was affecting the router, although i scanned it for viruses and stuff. i fixed an issue for a day, but now i get constant LAN access from remote thing, coming from my ps4 and skipped spike RTT. im honestly frustrated with this, unable to play for 3 weeks now, tried tons of stuff and all firmwares. no help. all i see on forums is that the router is doing its job and stuff, but i honestly dont think self DOS on a 300$ router IS NOT okay. 

p.s stay safe everyone, and greetings from russia

   

Its not attacking itself. Netgear logs are a tad paranoid but they do not cause the drop in speed, for that look at your buffer bloat settings. Also clear your browsers cache, always factory reset after updating firmware. You may have a rootkit on your PC possibly but I doubt it unless you download silly stuff from torrents. Was the router an import?

[Turboamerica]

2 hours ago, Killhippie said:

Its not attacking itself. Netgear logs are a tad paranoid but they do not cause the drop in speed, for that look at your buffer bloat settings. Also clear your browsers cache, always factory reset after updating firmware. You may have a rootkit on your PC possibly but I doubt it unless you download silly stuff from torrents. Was the router an import?

factory reset the router dozen of times. never downloaded something silly from torrents. the router was imported from germany officially. after i bought ive had no issue for more than a year. ive tried every set up for buffer bloat. 70%, 80%,tunerd off and on. no changes. 

 

[Newfie]

Looks normal regards to logs. 

[Guest Killhippie]

2 minutes ago, Turboamerica said:

factory reset the router dozen of times. never downloaded something silly from torrents. the router was imported from germany officially. after i bought ive had no issue for more than a year. ive tried every set up for buffer bloat. 70%, 80%,tunerd off and on. no changes. 

 

what firmware are you on

 

[Turboamerica]

On 5/25/2020 at 12:43 PM, Newfie said:

Looks normal regards to logs. 

yeah, it only looks normal, 50/50 mb/s speed is what makes me wonder. and packet loss. i dont belive 300$ router is normally killling speed 

On 5/25/2020 at 12:43 PM, Killhippie said:

what firmware are you on

 

i have tried the beta .24, the first one. now im on 1.0.20 or something

[Newfie]

After trying various firmwares did you reset the router after each attempt? 

[Turboamerica]

10 hours ago, Newfie said:

After trying various firmwares did you reset the router after each attempt? 

yep. i tried resetting, not resetting, static and dynamic ip. no difference. i just woke up to see all my logs been LAN access from remote, for 4 hours straight,every 5-10 seconds

[Newfie]

Post a small section of your logs showing this. Copy and paste is fine, just a few lines showing it.

 

[Turboamerica]

1 hour ago, Newfie said:

Post a small section of your logs showing this. Copy and paste is fine, just a few lines showing it.

 

LAN access from remote] from 35.223.90.88:30140 to 192.168.1.5:80, Tuesday, May 26, 2020 18:10:04
[DoS Attack: TCP/UDP Chargen] from source: 183.60.141.171, port 58920, Tuesday, May 26, 2020 18:02:56
[Internet connected] IP address: 95.143.221.95, Tuesday, May 26, 2020 18:01:56
[LAN access from remote] from 64.227.40.137:5106 to 192.168.1.5:80, Tuesday, May 26, 2020 18:01:32
[LAN access from remote] from 13.232.169.241:20200 to 192.168.1.5:80, Tuesday, May 26, 2020 17:59:18
[LAN access from remote] from 124.106.65.6:30730 to 192.168.1.5:80, Tuesday, May 26, 2020 17:53:26
[Internet connected] IP address: 95.143.221.95, Tuesday, May 26, 2020 17:51:56
[Internet connected] IP address: 95.143.221.95, Tuesday, May 26, 2020 17:41:56
[Internet connected] IP address: 95.143.221.95, Tuesday, May 26, 2020 17:31:56
[Internet connected] IP address: 95.143.221.95, Tuesday, May 26, 2020 17:21:56
[LAN access from remote] from 188.165.174.199:58292 to 192.168.1.5:80, Tuesday, May 26, 2020 17:19:52
[Internet connected] IP address: 95.143.221.95, Tuesday, May 26, 2020 17:11:56
[DoS Attack: RST Scan] from source: 45.139.239.238, port 667, Tuesday, May 26, 2020 17:11:02
[LAN access from remote] from 185.234.219.205:59242 to 192.168.1.5:80, Tuesday, May 26, 2020 17:05:13
[Internet connected] IP address: 95.143.221.95, Tuesday, May 26, 2020 17:01:56
[DumaOS] Cloudsync DPI result 'false','All mirrors are down', Tuesday, May 26, 2020 16:51:58
[DumaOS] R-App store cloud sync failed, Tuesday, May 26, 2020 16:51:58
[DumaOS] HTTP download failed with code '404', Tuesday, May 26, 2020 16:51:58
[DumaOS] Resync R-App store cloud, Tuesday, May 26, 2020 16:51:58
[Internet connected] IP address: 95.143.221.95, Tuesday, May 26, 2020 16:51:56
[DumaOS] Cloudsync Themes result 'false','All mirrors are down', Tuesday, May 26, 2020 16:51:56
[LAN access from remote] from 77.237.77.56:48972 to 192.168.1.5:443, Tuesday, May 26, 2020 16:50:39

[Newfie]

Have you got remote access on? If so turn it off.

do you have cameras or webcams?

still looks ok to be honest. 

[Turboamerica]

2 hours ago, Newfie said:

Have you got remote access on? If so turn it off.

do you have cameras or webcams?

still looks ok to be honest. 

no cameras or other wifi devices like printers etc. remote access turned off

 

[Newfie]

Could be related to UPnP.  Are you able to turn this off.

 

[Turboamerica]

3 minutes ago, Newfie said:

Could be related to UPnP.  Are you able to turn this off.

 

turned UPnP off and on many times. litterally no difference either way. it is off ATM

[Newfie]

Do you use Skype by any chance or torrent stuff?

 

 

[Turboamerica]

11 minutes ago, Newfie said:

Do you use Skype by any chance or torrent stuff?

 

 

no skype, ive used torrent maybe like 4 or 5 times in my life, and currently its deleted from my pc for about 2 days now. no difference

[Netduma Fraser]

Are you using the DMZ? Disable respond to internet ping in WAN Settings also. For speed, try this to see if you can get full speeds, in Traffic Prioritization make a manual port rule 1-65535 TCP/UDP and see what happens then. Also does your ISP allow using 3rd party routers?

[TimothyYoung]

8 hours ago, Turboamerica said:

LAN access from remote] from 35.223.90.88:30140 to 192.168.1.5:80, Tuesday, May 26, 2020 18:10:04

Pretty sure these are the same logs that get recorded when trying to access the router dashboard, as soon as you log into it

 

I'm sure you made passwords to secure your login, might turn off remote access and  port forwarding, also I'm curious are you using public up or private on ur netgear box?

[Netduma Fraser]

24 minutes ago, TimothyYoung said:

Pretty sure these are the same logs that get recorded when trying to access the router dashboard, as soon as you log into it

I'm sure you made passwords to secure your login, might turn off remote access and  port forwarding, also I'm curious are you using public up or private on ur netgear box?

It's actually a Google IP so not sure why it's appearing like that.

[TimothyYoung]

20 minutes ago, Netduma Fraser said:

It's actually a Google IP so not sure why it's appearing like that.

Wow that's very odd, I didnt even make it that far, atleast its seemingly a non-harmful ip

Only other thing I can think of similar that I've encountered with legitimate traffic that doesn't have ports opened for it, chromecast...

[Turboamerica]

19 hours ago, Netduma Fraser said:

Are you using the DMZ? Disable respond to internet ping in WAN Settings also. For speed, try this to see if you can get full speeds, in Traffic Prioritization make a manual port rule 1-65535 TCP/UDP and see what happens then. Also does your ISP allow using 3rd party routers?

not using DMZ. disabled internet ping a long time ago. my ISP does support any router, even their own supplied routers are netgear

18 hours ago, Netduma Fraser said:

It's actually a Google IP so not sure why it's appearing like that.

[DumaOS] skiped spike rtt: 74.733 last_rtt: 42.258, Wednesday, May 27, 2020 03:13:25
[DumaOS] skiped spike rtt: 42.258 last_rtt: 153.815, Wednesday, May 27, 2020 03:13:24
[DumaOS] skiped spike rtt: 153.815 last_rtt: 321.842, Wednesday, May 27, 2020 03:13:23
[DumaOS] skiped spike rtt: 321.842 last_rtt: 235.134, Wednesday, May 27, 2020 03:13:22
[DumaOS] skiped spike rtt: 235.134 last_rtt: 42.34, Wednesday, May 27, 2020 03:13:21
[DumaOS] skiped spike rtt: 45.749 last_rtt: 318.897, Wednesday, May 27, 2020 03:13:18
[DumaOS] skiped spike rtt: 339.996 last_rtt: 42.422, Wednesday, May 27, 2020 03:13:16
[DumaOS] skiped spike rtt: 43.472 last_rtt: 326.508, Wednesday, May 27, 2020 03:13:10
[DumaOS] skiped spike rtt: 326.508 last_rtt: 45.824, Wednesday, May 27, 2020 03:13:09
[DumaOS] skiped spike rtt: 343.237 last_rtt: 49.071, Wednesday, May 27, 2020 03:13:05
[DumaOS] skiped spike rtt: 43.503 last_rtt: 325.684, Wednesday, May 27, 2020 03:13:02
[DumaOS] skiped spike rtt: 325.684 last_rtt: 46.43, Wednesday, May 27, 2020 03:13:01
[DumaOS] skiped spike rtt: 46.43 last_rtt: 115.842, Wednesday, May 27, 2020 03:13:00
[DumaOS] skiped spike rtt: 115.842 last_rtt: 46.931, Wednesday, May 27, 2020 03:12:59
[Internet connected] IP address: 95.143.221.95, Wednesday, May 27, 2020 03:05:27

this is what also happens now

[TimothyYoung]

Apparently it's not a safe ip

[Turboamerica]

18 hours ago, Netduma Fraser said:

It's actually a Google IP so not sure why it's appearing like that.

btw, 192.168.1.5 is my ps4 IP, which was turned and not even connected to power socket

17 hours ago, TimothyYoung said:

Apparently it's not a safe ip

i might believe its an attack, but why would it be the same on dynamic IP right after IP change? 

[TimothyYoung]

Could have a trojan possibly, alot will send out signals to show where it is

Not saying that's what it is.. but does kinda seem like something communicating from inside your network out

Does your public ip actually change when u reset ur modem?

Reason I ask is bc att uverse won't, I get stuck with a static ip.. good and bad

While rereading your original post, during ur efforts to find the problem, have u tried only having 1 device connected at a time?

17 hours ago, Turboamerica said:

btw, 192.168.1.5 is my ps4 IP, which was turned and not even connected to power socket

Hmmm that's interesting, I wanna say there's a ton of hacking in the ps4 community's now that I think about it

Does your internet work okay if you connect to your modem directly? 

[Turboamerica]

20 minutes ago, TimothyYoung said:

Does your public ip actually change when u reset ur modem?

 

Reason I ask is bc att uverse won't, I get stuck with a static ip.. good and bad

I do have static IP,but I’ve tested dynamic IP