TheJam Posted May 21, 2021 Author Share Posted May 21, 2021 @Netduma Liam Below are the email settings that I have for both the XR1000 and Orbi. I'm using my personal iCloud account so I've blanked out my email and the password. I followed the settings from here: https://support.apple.com/en-us/HT202304 I attached pictures for the settings and an output of the email logs for both. Hope that helps. I forgot that the XR1000 is a mixture between Netgear functionality with DumaOS. I'll raise the issue to Netgear as well. Thanks very much! Link to comment Share on other sites More sharing options...
Netduma Liam Posted May 21, 2021 Share Posted May 21, 2021 Hey @TheJam, thanks for this! That all looks good to me, I don't suppose you've got an account setup for another email provider that you could also test? I'm curious as to whether this is specific to your XR, the iCloud email service or something else. Let us know what NG say as well! Link to comment Share on other sites More sharing options...
TheJam Posted May 21, 2021 Author Share Posted May 21, 2021 Just now, Netduma Liam said: Hey @TheJam, thanks for this! That all looks good to me, I don't suppose you've got an account setup for another email provider that you could also test? I'm curious as to whether this is specific to your XR, the iCloud email service or something else. Let us know what NG say as well! Cheers, I tried using Outlook and still got the same issue only sending 3 characters. I'll post back with any feedback I receive from Netgear - cheers Link to comment Share on other sites More sharing options...
TheJam Posted May 22, 2021 Author Share Posted May 22, 2021 DoS attack: ACK Scan] from source XX.XXX.XXX.XX,port 443 Saturday, May 22,2021 02:12:23 [Time synchronized with NTP server] Saturday, May 22,2021 02:12:20 [Internet connected] IP address: XX.XXX.XX.X, Saturday, May 22,2021 02:12:20 [DHCP IP: (XXX.XXX.X.X)] to MAC address XX:XX:XX:XX:XX:XX, Saturday, May 22,2021 02:12:18 [DoS attack: ACK Scan] from source 81.130.106.35,port 443 Saturday, May 22,2021 02:12:15 [DoS attack: ACK Scan] from source 34.196.226.27,port 80 Saturday, May 22,2021 02:12:15 [DoS attack: ACK Scan] from source 81.130.106.35,port 443 Saturday, May 22,2021 02:12:14 [DoS attack: ACK Scan] from source 34.196.226.27,port 80 Saturday, May 22,2021 02:12:14 [DoS attack: ACK Scan] from source 81.130.106.35,port 443 Saturday, May 22,2021 02:12:13 [DHCP IP: (XXX.XXX.X.X)] to MAC address XX:XX:XX:XX:XX:XX, Saturday, May 22,2021 02:11:13 [DHCP IP: (XXX.XXX.X.X)] to MAC address XX:XX:XX:XX:XX:XX Saturday, May 22,2021 02:11:01 [Internet disconnected] Saturday, May 22,2021 XX:XX:XX [DHCP IP: (XXX.XXX.X.X)] to MAC address XX:XX:XX:XX:XX:XX, Saturday, May 22,2021 02:08:44 [DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, May 22,2021 02:08:24 [DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, May 22,2021 02:06:19 [DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, May 22,2021 02:04:14 [DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, May 22,2021 02:02:09 [DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, May 22,2021 02:00:04 [DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, May 22,2021 01:57:59 [DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, May 22,2021 01:55:54 [DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, May 22,2021 01:53:49 [DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, May 22,2021 01:51:44 [DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, May 22,2021 01:49:39 [DoS attack: Fraggle Attack] from source UNKNOWN,port 443 Saturday, May 22,2021 01:47:34 [DoS attack: RST Scan] from source 52.209.230.238,port 443 Saturday, May 22,2021 01:47:24 [DoS attack: Fraggle Attack] from source UNKNOWN,port 35976 Saturday, May 22,2021 01:45:29 [DoS attack: Fraggle Attack] from source UNKNOWN,port 35976 Saturday, May 22,2021 01:43:24 [DoS attack: Fraggle Attack] from source UNKNOWN,port 35976 Saturday, May 22,2021 01:41:19 [DoS attack: Fraggle Attack] from source UNKNOWN,port 35976 Saturday, May 22,2021 01:39:14 [DoS attack: Fraggle Attack] from source UNKNOWN,port 35976 Saturday, May 22,2021 01:37:09 [DoS attack: Fraggle Attack] from source UNKNOWN,port 35976 Saturday, May 22,2021 01:35:04 [DoS attack: Fraggle Attack] from source UNKNOWN,port 35976 Saturday, May 22,2021 01:32:59 [DHCP IP: (XXX.XXX.X.X)] to MAC address XX:XX:XX:XX:XX:XX Saturday, May 22,2021 01:32:17 [DoS attack: Fraggle Attack] from source UNKNOWN,port 35976 Saturday, May 22,2021 01:30:54 [DoS attack: Fraggle Attack] from source UNKNOWN,port 35976 Saturday, May 22,2021 01:28:49 [DoS attack: Fraggle Attack] from source UNKNOWN,port 35976 Saturday, May 22,2021 01:26:44 [DoS attack: Fraggle Attack] from source UNKNOWN,port 35976 Saturday, May 22,2021 01:24:39 [DoS attack: Fraggle Attack] from source UNKNOWN,port 35976 Saturday, May 22,2021 01:22:34 [DoS attack: Fraggle Attack] from source UNKNOWN,port 35976 Saturday, May 22,2021 01:20:29 Unfortunately, I got another disconnect last night. Should I be worried about security at this stage? Are DoS attacks taking my internet down? On a side note, I opened up a support ticket for the log issue. I'll let you know if I hear anything back, cheers! Link to comment Share on other sites More sharing options...
Newfie Posted May 22, 2021 Share Posted May 22, 2021 Looks like the routers doing it’s job. NG routers always show logs full of scans so nothing to worry. You can look up addresses to see what they are for more info. Issues arise when you have something nasty on your network for example Kodi and a third party add on but I not sure without their Armor if it would show and the threat detection is not really built into NG routers. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted May 22, 2021 Administrators Share Posted May 22, 2021 As above, that should be fine. Great, do keep us posted on the ticket! Link to comment Share on other sites More sharing options...
TheJam Posted May 22, 2021 Author Share Posted May 22, 2021 1 minute ago, Newfie said: Looks like the routers doing it’s job. NG routers always show logs full of scans so nothing to worry. You can look up addresses to see what they are for more info. Cheers @Newfie, I guess my main concern is I used to get daily internet disconnects, sometimes multiple times a day. After @Netduma Fraser suggested to turn NAT to 'Secured' rather than Open, the disconnects stopped. Now there's been another disconnect, I'm a bit worried that it could be a security issue. I know these "attacks" show regularly in the logs and aren't necessarily an issue, however, with the disconnects, it seems there might be something else going on. Unfortunately, the OpenReach modem we have is locked off so I can't see the logs at the modem which is a bit frustrating. Having limited visibility of the network does make it really difficult to debug. Maybe this is a sign I should get back to studying for my CompTia Network+ cert 😬 Link to comment Share on other sites More sharing options...
Newfie Posted May 22, 2021 Share Posted May 22, 2021 45 minutes ago, TheJam said: Cheers @Newfie, I guess my main concern is I used to get daily internet disconnects, sometimes multiple times a day. After @Netduma Fraser suggested to turn NAT to 'Secured' rather than Open, the disconnects stopped. Now there's been another disconnect, I'm a bit worried that it could be a security issue. I know these "attacks" show regularly in the logs and aren't necessarily an issue, however, with the disconnects, it seems there might be something else going on. Unfortunately, the OpenReach modem we have is locked off so I can't see the logs at the modem which is a bit frustrating. Having limited visibility of the network does make it really difficult to debug. Maybe this is a sign I should get back to studying for my CompTia Network+ cert 😬 The modem is invisible, I use the HG612 and it’s not seen online so very little issues there. With BT you can turn the modem off for 30mins which will issue a new address, that might be worth a try but as long as you have no hidden surprises on your own devices it should be fine. My NG router would constantly show probes all day long. When it disconnects is the modem still showing a connection? Perhaps it’s worth turning off the modem for 30mins but also check all cables are ok so cable from modem to wall inlet and cable from modem to router, unplug and plug back in. It could be the old modem as they are pushing on in age but the lights on the front will show an issue hopefully on the modems. Unfortunately most home routers don’t store the logs when a drop in power or reboot occurs which is a pain. I can see the internet drop but it’s like it’s a fault with something else rather than the router as it’s just a drop. Might be worth checking it’s not a line fault too just incase. Normally NG routers are pretty stable on BT. You can log into BT and raise a fault too. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted May 22, 2021 Administrators Share Posted May 22, 2021 Good advice above, the disconnect could just be a symptom of the issue that NG are looking into and not necessarily indicative of a problem on your end. Link to comment Share on other sites More sharing options...
TheJam Posted May 22, 2021 Author Share Posted May 22, 2021 Cheers @Newfie, @Netduma Fraser. We have a ZTLink MT992 G.fast modem which was installed a few months ago when we got a G.fast connection - was supplied by OpenReach. I'll replace the ethernet cable from the modem to the router in case there is an issue there. Unfortunately, I don't really catch the disconnects unless I'm gaming which I haven't had much time for recently. I only notice it when I look at the Nest Camera we have and I can see an outage which correlates to the disconnect in the logs. The disconnect only happens briefly as well so it's a bit challenging to catch that modem light, even if I caught it while it disconnects. I'll raise a fault ticket with BT in case there's something else going on there though - thanks for the support! Link to comment Share on other sites More sharing options...
Newfie Posted May 22, 2021 Share Posted May 22, 2021 Don’t suppose you have a BT router you could pop on. That would show if it’s a fault on your modem or line if it still drops. Link to comment Share on other sites More sharing options...
TheJam Posted May 22, 2021 Author Share Posted May 22, 2021 1 minute ago, Newfie said: Don’t suppose you have a BT router you could pop on. That would show if it’s a fault on your modem or line if it still drops. We do have a BT Smart Hub we can try. I’ll ask if everyone in the house is happy for me to temporarily replace the modem and router to test with it. Would that show in the logs, or is there a separate section for it? Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted May 22, 2021 Administrators Share Posted May 22, 2021 I haven't used their hub but I would expect it would show something in the logs as well yes. If the issue goes then it could be your public IP is renewing and the XR isn't re-establishing the connection properly. Link to comment Share on other sites More sharing options...
CRarsenxL Posted May 23, 2021 Share Posted May 23, 2021 16 hours ago, Netduma Fraser said: I haven't used their hub but I would expect it would show something in the logs as well yes. If the issue goes then it could be your public IP is renewing and the XR isn't re-establishing the connection properly. Fios I believe has this issue. Fios hands out new IPs sometimes every 2-5 hrs. Something needs to be done to fix it ; logs don’t show anything also Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted May 23, 2021 Administrators Share Posted May 23, 2021 4 hours ago, CRarsenxL said: Fios I believe has this issue. Fios hands out new IPs sometimes every 2-5 hrs. Something needs to be done to fix it ; logs don’t show anything also Yeah it's something we are looking into as we've seen a few people have this issue Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.