fernac Posted March 28, 2021 Share Posted March 28, 2021 Every time this appears in the logs (a few times an hour everyday always with this ip and port), my entire house gets briefly disconnected from the internet. Is there a way to block this ip address? I have the XR1000 1.0.0.52_1.0.38. Link to comment Share on other sites More sharing options...
Zippy Posted March 28, 2021 Share Posted March 28, 2021 Do an IP lookup and see who that IP is.. Thats what I would do first.. Is Comcast your ISP? Thanks! Zippy. Link to comment Share on other sites More sharing options...
fernac Posted March 28, 2021 Author Share Posted March 28, 2021 I did do that and it belongs to Comcast. Yes, I use xfinity. Not sure why this would be coming from them. Since my internet goes down, I don't think it's netgear misidentifying a normal process. Link to comment Share on other sites More sharing options...
Zippy Posted March 28, 2021 Share Posted March 28, 2021 If your internet is going down then it is likely a misidentifying of that IP by your router.. I had a similar situation on my XR500 where is would start to do that to my ISP dns.. You could always call your ISP and ask them about that IP.. You could also possibly make a static route rule and try to block that IP that way... You will know really quick if its tied to you in some sort of fashion.. To me its either a dns IP or its a WAN IP from a range you may have if you have a Dynamic IP from your ISP.. How close is that IP to your WAN IP that your Netgear shows? Also double check to make sure it isnt a dns IP from your ISP.. I just find it really strange that you have Comcast as your ISP and that IP is from them and the router is calling it a form of a DOS Attack or Fraggle Attack.. Im sure either Fraser or Liam will be able to help you further or give some better advice.. Good luck! Zippy. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted March 28, 2021 Administrators Share Posted March 28, 2021 Hey, welcome to the forum! It's likely not an actual attack as Fraggle attack uses UDP whereas the port used in this instance is TCP so I don't think there is anything sinister going on, Zippy is likely correct. The log usually shows connections you've come in contact with, is there anything around that time that is used that is specifically made/provided by Comcat/Xfinity themselves? Excluding the internet itself of course. Link to comment Share on other sites More sharing options...
fernac Posted March 28, 2021 Author Share Posted March 28, 2021 15 hours ago, Zippy said: If your internet is going down then it is likely a misidentifying of that IP by your router.. I had a similar situation on my XR500 where is would start to do that to my ISP dns.. You could always call your ISP and ask them about that IP.. You could also possibly make a static route rule and try to block that IP that way... You will know really quick if its tied to you in some sort of fashion.. To me its either a dns IP or its a WAN IP from a range you may have if you have a Dynamic IP from your ISP.. How close is that IP to your WAN IP that your Netgear shows? Also double check to make sure it isnt a dns IP from your ISP.. I just find it really strange that you have Comcast as your ISP and that IP is from them and the router is calling it a form of a DOS Attack or Fraggle Attack.. Im sure either Fraser or Liam will be able to help you further or give some better advice.. Good luck! Zippy. I switched my DNS IP to 1.1.1.1 a few weeks ago to see if that was the problem, but no luck. IPs are not that close. I did notice that when my internet goes down for a few seconds, my ping time to the router is >500ms even though I'm wired. I'll call comcast to see if something isn't playing nice. Maybe just need to power cycle it or have comcast send a reset signal. Thanks for the help! 9 hours ago, Netduma Fraser said: Hey, welcome to the forum! It's likely not an actual attack as Fraggle attack uses UDP whereas the port used in this instance is TCP so I don't think there is anything sinister going on, Zippy is likely correct. The log usually shows connections you've come in contact with, is there anything around that time that is used that is specifically made/provided by Comcat/Xfinity themselves? Excluding the internet itself of course. Besides the XR1000, I'm using a netgear CM700 as my modem, so there is no comcast hardware. Only thing I can think of that I recently added to the network is a SimpliSafe home security system (base station, cameras, window/door sensors, etc). Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted March 28, 2021 Administrators Share Posted March 28, 2021 Interesting, does that system have a subscription tied to it or an online service that it connects to? If so it could be that. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.