Intermittent Network Connectivity Interrupted. Please Help

[mygamertagsucks]

Hi guys, and gals,

  I'm not being a jerk, just trying to be succinct due to the inclusion of a LOG file that I know is not meant for us to use, and that it's only there for the developers, and not to worry about it. That being said, these DoS attacks are knocking us offline every 5-10 minutes, max. 

  Issue: Constantly losing Internet connectivity on my xr1000v2. The latest firmware is installed. No port forwarding has been done for anything, and all LAN ports are open. Our PS5, and XBox ONE X are both unplugged from the wall (not sure how important that is, but thought I would include it). Our connection is, still, through Comcast/Xfinity gigabit speed internet package using our own gear. Our setup is Cable to Arris SB6183 modem to Nighthawk Netgear XR1000v2 via the patch cable included with the router. Up until this past Friday, things had run fairly normal. Given the limitations of our modem, we only "approach" the gbps, but that is on us, and we know that. Now, we cannot go more than 10 minutes without getting booted offline. This is the only reason I checked the log files. If I post the correct file, you will actually see where it says "Internet disconnect from" then a MAC address that returns nothing when you search MAC address lookup. At the very bottom of this, you will see where it says "Internet disconnected." My apologies in advance for this next part, it's the log file. If anybody can help me, I know it will be you guys over here. NetDuma Fraser has helped me here, and I believe on Reddit, more times than I can count. Anyhow, here's the "fun stuff." Not sure why it's showing up funky, as a link to my Google docs, but that is where I copy and pasted the text from.

 

com.google.android.apps.docs.editors.kix.editors.clipboard?uuid=053d155f-b7a6-4609-afe2-2fc910513998

[DARKNESS]

@mygamertagsucksThere shouldn’t be much of an issue. If you’re experiencing DDoS attacks and have a static WAN IP, that’s likely the cause. You’ll need to contact your ISP to have it changed unless you already have a dynamic IP if so reboot modem. How do you know you’re being DDoSed? Have you checked your modem status, uncorrectable errors, event logs, etc.?

Best advice: shut down everything for 10 minutes and check if the same issue persists referring to the router and modem.

You can experience a DDoS attack on a console by joining a party chat, but if someone goes out of their way to send petabytes of attacks, that's quite petty. Which, from experience, are cod bums. 

[DanologyUK]

4 hours ago, DARKNESS said:

@mygamertagsucksThere shouldn’t be much of an issue. If you’re experiencing DDoS attacks and have a static WAN IP, that’s likely the cause. You’ll need to contact your ISP to have it changed unless you already have a dynamic IP if so reboot modem. How do you know you’re being DDoSed? Have you checked your modem status, uncorrectable errors, event logs, etc.?

Best advice: shut down everything for 10 minutes and check if the same issue persists referring to the router and modem.

You can experience a DDoS attack on a console by joining a party chat, but if someone goes out of their way to send petabytes of attacks, that's quite petty. Which, from experience, are cod bums. 

Dos Attacks seen in the logs are NOT DDoS Attacks. If you search on the forum, such as this post, you will see they are not DDoS attacks 

 

[Netduma Fraser]

As above the DoS attacks are rarely attacks and are usually showing connections you've made, for example some of IPs from your logs are:

3.169.149.83 - Amazon
69.147.65.251 - Yahoo
142.251.41.78 - Google
185.146.173.20 - Shopify/Cloudflare
100.52.165.89 - Amazon

The others look to be reputable as far as I can see. There is something that potentially by the looks of the MAC addresses and the fact that they don't show as legitimate device on lookups you can solve which may help, is that you're likely using iPhone(s)/Android(s)/Windows PC(s) via WiFi that are using Private/Randomized MAC addresses which would explain the constant reporting of them in the logs. If you disable this option on each of those devices it should remove the entries from the logs and hopefully if that's the cause stop the issue you're having. If not then I would suggest connecting a PC directly to your modem and see if you get the same issue, if you do then that's something you'll need to contact your ISP about.

[mygamertagsucks]

On 3/4/2026 at 9:29 AM, DARKNESS said:

@mygamertagsucksThere shouldn’t be much of an issue. If you’re experiencing DDoS attacks and have a static WAN IP, that’s likely the cause. You’ll need to contact your ISP to have it changed unless you already have a dynamic IP if so reboot modem. How do you know you’re being DDoSed? Have you checked your modem status, uncorrectable errors, event logs, etc.?

Best advice: shut down everything for 10 minutes and check if the same issue persists referring to the router and modem.

You can experience a DDoS attack on a console by joining a party chat, but if someone goes out of their way to send petabytes of attacks, that's quite petty. Which, from experience, are cod bums. 

Maaaan, I know, in my heart, that the issue of DoS attacks showing up in the log file is something that I should ignore, but I can't get that through my thick, dense, head, and I apologize. Losing our Internet connection used to be such a rare occurrence, that I got into the bad habit of checking them to see if there is anything "fishy" going on via the log files. So, when I started experiencing drops every few minutes, I couldn't help but think that the "reason" for all of this would be listed in the logs that, as I've perfectly demonstrated an embarrassing number of rimes, I do not have the full technical know-how to discern the data in them. Much worse, I seem to think I find a cause and stay locked in on it until I make a moron of myself by coming over here and posting. About it. I really am sorry for wasting your time, as well as Netduma Frasers time, but I am sincerely thankful to you guys for taking time out of your day to look at it. Now, I need to address Netduma Frasers post really quick, and then maybe just mark this whole thing as solved?

[mygamertagsucks]

12 hours ago, Netduma Fraser said:

As above the DoS attacks are rarely attacks and are usually showing connections you've made, for example some of IPs from your logs are:

3.169.149.83 - Amazon
69.147.65.251 - Yahoo
142.251.41.78 - Google
185.146.173.20 - Shopify/Cloudflare
100.52.165.89 - Amazon

The others look to be reputable as far as I can see. There is something that potentially by the looks of the MAC addresses and the fact that they don't show as legitimate device on lookups you can solve which may help, is that you're likely using iPhone(s)/Android(s)/Windows PC(s) via WiFi that are using Private/Randomized MAC addresses which would explain the constant reporting of them in the logs. If you disable this option on each of those devices it should remove the entries from the logs and hopefully if that's the cause stop the issue you're having. If not then I would suggest connecting a PC directly to your modem and see if you get the same issue, if you do then that's something you'll need to contact your ISP about.

Hey there, Netduma Fraser, I just wanted to thank you, yet again, for reading one of my "Omg, my networks being attacked" nonsense posts that turn out to be nothing. As much as I didn't want to post the log files, I just "knew" that this time was different. Shocker, it wasn't. Even though, to people like me, all of the evidence would suggest that this time was different, I'm completely unshocked to find out that I was wrong again. Like you, I ran the IP addresses through whois, and various other sites, and I found most of them to be reputable sources as well. There were a few whose ID came back as four different things, in 3 different countries, but those were all outliers. 

You mentioned the MAC ID issue, and naturally, were correct on it as well. Heck, even my Pixel 8 pro has the option for a randomize, or the default, mac address. I am going to run the test through the modem in a few minutes, and I have a feeling this is going to wind up being one of those "contact Comcast" issues. I've been too busy this weekend to notice anything but the Internet, but I was told that our Television is behaving erratically, no matter the channel, or time, or anything else, it's just freezing up. Obviously, given we aren't streaming anything, this should not be happening. I.was on the verge of just nuking my own network, and starting from scratch (by that, I mean letting the setup wizard do its thing, lol), because I can not stand the small talk the customer service agents try to make with me, when I can't understand them in the first place. Might piss everyone else off tonight if I choose to do this tonight, but I don't care. I'm sick of feeling defeated over this. I'm sorry, I'm just frustrated because things had been going so well for so long, and out of left field, this happens. Also, sorry for posting two separate answers when I could have made one post I guess. I appreciate everyone's time who helped me.

Josh

[mygamertagsucks]

One last question: I happened to be awake at 315am, and noticed in the network monitoring section that the iPad was using 100% of the bandwidth, downloading God knows what. I am sure that this iPad was not on at the time, so I am curious as to how this would be possible? It is my father's iPad, and the dude thinks every news site, sports site, even retrogaming, and video game collection sites that have an app, needs to be installed. I have noticed a few times when I'm around him, And he's using it, he is constantly getting notifications, and somehow he found out how to turn on the ability to automatic updates, after I had gone in and turned his notifications off (he doesn't know what they're for, or why they're popping up), as well as the auto update feature. 

Through a brutal process, I convinced him to turn off his xbox one Series X, and unplug it, after he had two Xbox ones fry. However, he is pretty terrible about remembering to turn off one of his two iPads when he's not using it, but I can't say much to him about that since one belongs to the dialysis center, and isn't actually "his". But he does leave multiple things connected to the network at the same time, like his two kendals,the iPads, and his phone- a lot. Even though I'm betting this turns out to be a Comcast issue, I'm curious how much of an issue, in theory, leaving so many devices connected to the network at one time might be. My Mom and I, both, only have our phones online at any given time. On the rare occasion I play my PS5, I'll have 2 devices online. Yet, we routinely have 7, 8, even 9 devices online at once, for 3 people; two of whom are sleeping. (I'm taking care of my parents, working from home)

[DanologyUK]

5 minutes ago, mygamertagsucks said:

One last question: I happened to be awake at 315am, and noticed in the network monitoring section that the iPad was using 100% of the bandwidth, downloading God knows what. I am sure that this iPad was not on at the time, so I am curious as to how this would be possible? It is my father's iPad, and the dude thinks every news site, sports site, even retrogaming, and video game collection sites that have an app, needs to be installed. I have noticed a few times when I'm around him, And he's using it, he is constantly getting notifications, and somehow he found out how to turn on the ability to automatic updates, after I had gone in and turned his notifications off (he doesn't know what they're for, or why they're popping up), as well as the auto update feature. 

Through a brutal process, I convinced him to turn off his xbox one Series X, and unplug it, after he had two Xbox ones fry. However, he is pretty terrible about remembering to turn off one of his two iPads when he's not using it, but I can't say much to him about that since one belongs to the dialysis center, and isn't actually "his". But he does leave multiple things connected to the network at the same time, like his two kendals,the iPads, and his phone- a lot. Even though I'm betting this turns out to be a Comcast issue, I'm curious how much of an issue, in theory, leaving so many devices connected to the network at one time might be. My Mom and I, both, only have our phones online at any given time. On the rare occasion I play my PS5, I'll have 2 devices online. Yet, we routinely have 7, 8, even 9 devices online at once, for 3 people; two of whom are sleeping. (I'm taking care of my parents, working from home)

I have currently got 14 devices connected to my router and that is after I have cleared up dead connections. Wireless devices are meant to be connected so what you are seeing is not a problem. It's like you buying a brand new car but saying you dont want to drive it, incase it gets dirty. Just carrying on using your router like normal. You are worrying too much about nothing. 

[mygamertagsucks]

@DARKNESSActually, I'm embarrassed to admit this, but I hadn't even considered troubleshooting the modem. In fact, it wasn't even on my radar, so I thank you for this suggestion. As for my connection; nothing has been assigned a static IP, and I let the router do the entire setup this time. I should have mentioned that before. But, I let it stay with the "get automatically from ISP", in regards to IP addresses. Same with the Subnet mask (which is still wrong on the router page, yet all of my devices are showing the correct subnet masks, including my PS5 when I do get around to playing it, hardwired. And yes, CoD, lol). By the way, I'm far too trash at CoD to warrant a true DDoS attack. 

I've power cycled everything, but only for a few minutes having the devices unplugged. I'll try shutting it all down, and restarting it after awhile, and see what happens. 

Thank you, again, for the advice. 

[mygamertagsucks]

@DanologyUKThank you. I honestly figured this was the case, but was hoping y'all would tell me otherwise. I like the analogy, btw. And, honestly, when you said I was worrying over nothing; you have absolutely no clue how square you hit the nail on the head with that, lol.

[Netduma Fraser]

@mygamertagsucks don't apologise or think that you're wasting anyone's time, Dan & Darkness are replying because they want to, there is no obligation for them to do so and I am literally paid to reply to your issues big or small. You're having an issue and you need assistance, that's what you're here for! It's unlikely that all the traffic is causing issues but perhaps prolonged 100% bandwidth usage could cause it - make sure you're utilizing Congestion Control to ensure that even if that is happening that it's leaving some bandwidth available for other devices. If I were you these would be the order of tasks I'd do:

1. Ensure Congestion Control is enabled - Always & 70% would be a good start
2. The disabling of private/random MAC addresses, reboot the router from the interface then monitor
3. If it continues test directly to the modem
4. If it doesn't happen directly to the modem post back here with some fresh logs
5. If it happens even to the modem then contact the ISP

[mygamertagsucks]

Thank you @Netduma Fraser, I appreciate that reply because I always feel like, "I know I'm wrong, but, could I be right this time?" Unsurprisingly, the answer is no. 

Edited to update: Just saw the 70% & always setting change, as well as disabling the randomized mac addresses. Doing that now, and will report back before Comcast does anything. Thank you, again. 

I took a look at the modem, and lo and behold, I have a service call setup tomorrow with Comcast/Xfinity due to the following picture. I know it will need Moderator approval before it posts, but before I post it, I will say it is altered to try to remove the identifiable MAC address to my router. I edited it on my phone bc I'm using mobile data at the moment, so, please keep that in mind when viewing the picture. I know that this first started on the 27th, or 28th, but wasn't really very aware due to exhaustion. That being said, I'm told that the very first entry of this log is cause for concern. Also, my downstream frequency is listed as 57000000. I may add that picture as well assuming I find it on my phone. So, does this pic help at all?

 

[DARKNESS]

@mygamertagsucksHow does your modem page look? Are there many uncorrectable errors, untuned channels, etc.? If the power levels are out of range, that could be the issue. It might also be caused by a damaged cable inside the home, but that would typically just cause packet loss, so make sure your equipment is not damaged if not, you’re going to pay the fee for that. 

Properly Tuned vs Improperly Tuned: An Example

• https://www.dropbox.com/scl/fi/ubp466t0efofykauvmbf5/CM3000-Good-Power?rlkey=49jx3ew2klk9032opwamq3r0q&st=0cy8yeio&dl=0
• https://www.dropbox.com/scl/fi/kk94mgwbk8j1muh0whgdw/CM3000-Bad-Power?rlkey=ybfja5im492akcl9k6lxe6nil&st=apsiscjk&dl=0

[Netduma Fraser]

8 hours ago, mygamertagsucks said:

Thank you @Netduma Fraser, I appreciate that reply because I always feel like, "I know I'm wrong, but, could I be right this time?" Unsurprisingly, the answer is no. 

Edited to update: Just saw the 70% & always setting change, as well as disabling the randomized mac addresses. Doing that now, and will report back before Comcast does anything. Thank you, again. 

I took a look at the modem, and lo and behold, I have a service call setup tomorrow with Comcast/Xfinity due to the following picture. I know it will need Moderator approval before it posts, but before I post it, I will say it is altered to try to remove the identifiable MAC address to my router. I edited it on my phone bc I'm using mobile data at the moment, so, please keep that in mind when viewing the picture. I know that this first started on the 27th, or 28th, but wasn't really very aware due to exhaustion. That being said, I'm told that the very first entry of this log is cause for concern. Also, my downstream frequency is listed as 57000000. I may add that picture as well assuming I find it on my phone. So, does this pic help at all?

It's always a good idea to get clarity! Good advice above but that could be it. Fingers crossed they'll be able to sort it out for you. Do keep us updated!