NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi drop ping
Today, i was wondering why is my internet moving so slow. My mac is connected to the router via ethernet. when i tried to ping to the Orbi router, this is the result
========= Ping result ===========
PING 192.168.68.1 (192.168.68.1): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
64 bytes from 192.168.68.1: icmp_seq=0 ttl=64 time=4223.830 ms
64 bytes from 192.168.68.1: icmp_seq=1 ttl=64 time=4546.026 ms
64 bytes from 192.168.68.1: icmp_seq=2 ttl=64 time=4772.018 ms
Request timeout for icmp_seq 7
64 bytes from 192.168.68.1: icmp_seq=3 ttl=64 time=5201.399 ms
64 bytes from 192.168.68.1: icmp_seq=4 ttl=64 time=4948.567 ms
64 bytes from 192.168.68.1: icmp_seq=5 ttl=64 time=4739.169 ms
64 bytes from 192.168.68.1: icmp_seq=6 ttl=64 time=4135.138 ms
64 bytes from 192.168.68.1: icmp_seq=7 ttl=64 time=4571.927 ms
64 bytes from 192.168.68.1: icmp_seq=8 ttl=64 time=4696.905 ms
64 bytes from 192.168.68.1: icmp_seq=9 ttl=64 time=5642.768 ms
64 bytes from 192.168.68.1: icmp_seq=10 ttl=64 time=5872.942 ms
64 bytes from 192.168.68.1: icmp_seq=11 ttl=64 time=5880.483 ms
64 bytes from 192.168.68.1: icmp_seq=12 ttl=64 time=5903.051 ms
64 bytes from 192.168.68.1: icmp_seq=13 ttl=64 time=5342.181 ms
64 bytes from 192.168.68.1: icmp_seq=14 ttl=64 time=4369.549 ms
64 bytes from 192.168.68.1: icmp_seq=15 ttl=64 time=3856.222 ms
64 bytes from 192.168.68.1: icmp_seq=16 ttl=64 time=3065.729 ms
64 bytes from 192.168.68.1: icmp_seq=17 ttl=64 time=2240.430 ms
64 bytes from 192.168.68.1: icmp_seq=18 ttl=64 time=1460.137 ms
64 bytes from 192.168.68.1: icmp_seq=19 ttl=64 time=529.277 ms
^C
--- 192.168.68.1 ping statistics ---
21 packets transmitted, 20 packets received, 4.8% packet loss
round-trip min/avg/max/stddev = 529.277/4299.887/5903.051/1425.746 ms
============ End Ping ===========
Version 1.10.1.2 running on router and satellite
please advise
attached is the router log
======= Router Log ============
[DHCP IP: 192.168.68.123] to MAC address 90:b2:1f:42:ac:d0, Wednesday, June 14, 2017 08:23:30
[admin login] from source 192.168.68.98, Wednesday, June 14, 2017 08:21:48
[DoS Attack: ARP Attack] from source: 192.168.68.222, Wednesday, June 14, 2017 08:19:10
[DHCP IP: 192.168.68.122] to MAC address ac:7b:a1:04:bd:61, Wednesday, June 14, 2017 08:18:45
[LAN access from remote] from 58.220.46.31:6000 to 192.168.68.252:3306, Wednesday, June 14, 2017 08:14:12
[DHCP IP: 192.168.68.94] to MAC address a0:18:28:5a:d7:7d, Wednesday, June 14, 2017 08:13:03
[LAN access from remote] from 61.164.149.211:56664 to 192.168.68.252:81, Wednesday, June 14, 2017 08:12:24
[LAN access from remote] from 61.164.149.211:55191 to 192.168.68.252:81, Wednesday, June 14, 2017 08:12:24
[LAN access from remote] from 61.164.149.211:53776 to 192.168.68.252:81, Wednesday, June 14, 2017 08:12:23
[LAN access from remote] from 61.164.149.211:52344 to 192.168.68.252:81, Wednesday, June 14, 2017 08:12:23
[DHCP IP: 192.168.68.94] to MAC address a0:18:28:5a:d7:7d, Wednesday, June 14, 2017 08:11:57
[DHCP IP: 192.168.68.94] to MAC address a0:18:28:5a:d7:7d, Wednesday, June 14, 2017 08:11:56
[DoS Attack: ACK Scan] from source: 23.66.236.226, port 80, Wednesday, June 14, 2017 08:10:24
[DHCP IP: 192.168.68.123] to MAC address 90:b2:1f:42:ac:d0, Wednesday, June 14, 2017 08:09:01
[DHCP IP: 192.168.68.123] to MAC address 90:b2:1f:42:ac:d0, Wednesday, June 14, 2017 08:09:00
[DHCP IP: 192.168.68.94] to MAC address a0:18:28:5a:d7:7d, Wednesday, June 14, 2017 08:08:51
[DHCP IP: 192.168.68.129] to MAC address b8:e8:56:4f:96:b4, Wednesday, June 14, 2017 08:06:54
[DHCP IP: 192.168.68.129] to MAC address b8:e8:56:4f:96:b4, Wednesday, June 14, 2017 08:06:54
[DoS Attack: ACK Scan] from source: 122.116.146.180, port 12109, Wednesday, June 14, 2017 08:04:03
[DHCP IP: 192.168.68.92] to MAC address c0:9f:05:29:7b:8a, Wednesday, June 14, 2017 08:02:08
[DHCP IP: 192.168.68.123] to MAC address 90:b2:1f:42:ac:d0, Wednesday, June 14, 2017 07:59:10
[LAN access from remote] from 201.54.122.109:45527 to 192.168.68.252:81, Wednesday, June 14, 2017 07:56:20
[LAN access from remote] from 201.54.122.109:59348 to 192.168.68.252:81, Wednesday, June 14, 2017 07:56:20
[DHCP IP: 192.168.68.123] to MAC address 90:b2:1f:42:ac:d0, Wednesday, June 14, 2017 07:49:21
[DHCP IP: 192.168.68.123] to MAC address 90:b2:1f:42:ac:d0, Wednesday, June 14, 2017 07:49:21
[admin login] from source 192.168.68.98, Wednesday, June 14, 2017 07:45:27
[LAN access from remote] from 121.214.29.107:40188 to 192.168.68.252:81, Wednesday, June 14, 2017 07:41:39
[LAN access from remote] from 121.214.29.107:8742 to 192.168.68.252:81, Wednesday, June 14, 2017 07:41:39
[DoS Attack: ACK Scan] from source: 23.66.236.226, port 80, Wednesday, June 14, 2017 07:41:00
[LAN access from remote] from 78.187.36.121:47556 to 192.168.68.252:81, Wednesday, June 14, 2017 07:40:28
[LAN access from remote] from 78.187.36.121:18768 to 192.168.68.252:81, Wednesday, June 14, 2017 07:40:28
[DoS Attack: ACK Scan] from source: 23.66.236.226, port 80, Wednesday, June 14, 2017 07:40:25
[DoS Attack: SYN/ACK Scan] from source: 23.66.236.226, port 80, Wednesday, June 14, 2017 07:39:29
[DHCP IP: 192.168.68.123] to MAC address 90:b2:1f:42:ac:d0, Wednesday, June 14, 2017 07:34:41
[DoS Attack: ARP Attack] from source: 192.168.68.222, Wednesday, June 14, 2017 07:34:10
[DHCP IP: 192.168.68.103] to MAC address dc:86:d8:f2:cc:77, Wednesday, June 14, 2017 07:32:34
[DHCP IP: 192.168.68.94] to MAC address a0:18:28:5a:d7:7d, Wednesday, June 14, 2017 07:26:21
[DHCP IP: 192.168.68.94] to MAC address a0:18:28:5a:d7:7d, Wednesday, June 14, 2017 07:26:20
[DHCP IP: 192.168.68.123] to MAC address 90:b2:1f:42:ac:d0, Wednesday, June 14, 2017 07:24:50
[DoS Attack: ACK Scan] from source: 31.13.78.13, port 443, Wednesday, June 14, 2017 07:22:32
[DoS Attack: ACK Scan] from source: 157.240.7.20, port 443, Wednesday, June 14, 2017 07:21:11
[DoS Attack: ARP Attack] from source: 192.168.68.221, Wednesday, June 14, 2017 07:19:09
[DoS Attack: ACK Scan] from source: 157.240.7.35, port 443, Wednesday, June 14, 2017 07:18:29
[DHCP IP: 192.168.68.123] to MAC address 90:b2:1f:42:ac:d0, Wednesday, June 14, 2017 07:18:05
[DoS Attack: ACK Scan] from source: 157.240.7.20, port 443, Wednesday, June 14, 2017 07:17:08
[DHCP IP: 192.168.68.121] to MAC address 48:d2:24:0f:4e:0b, Wednesday, June 14, 2017 07:16:56
[DoS Attack: ACK Scan] from source: 157.240.7.20, port 443, Wednesday, June 14, 2017 07:16:19
[DHCP IP: 192.168.68.110] to MAC address 90:b2:1f:0a:6c:14, Wednesday, June 14, 2017 07:11:58
[DHCP IP: 192.168.68.110] to MAC address 90:b2:1f:0a:6c:14, Wednesday, June 14, 2017 07:11:58
[DoS Attack: ACK Scan] from source: 184.51.96.56, port 443, Wednesday, June 14, 2017 07:10:19
[DoS Attack: ACK Scan] from source: 157.240.7.54, port 443, Wednesday, June 14, 2017 07:05:38
[DoS Attack: ACK Scan] from source: 157.240.13.54, port 443, Wednesday, June 14, 2017 07:05:13
[DoS Attack: ACK Scan] from source: 157.240.7.54, port 443, Wednesday, June 14, 2017 07:04:51
[DoS Attack: ARP Attack] from source: 192.168.68.222, Wednesday, June 14, 2017 07:04:10
[DHCP IP: 192.168.68.94] to MAC address a0:18:28:5a:d7:7d, Wednesday, June 14, 2017 07:03:00
[LAN access from remote] from 222.75.66.21:56027 to 192.168.68.252:81, Wednesday, June 14, 2017 07:02:17
[DHCP IP: 192.168.68.121] to MAC address 48:d2:24:0f:4e:0b, Wednesday, June 14, 2017 07:00:22
[DHCP IP: 192.168.68.123] to MAC address 90:b2:1f:42:ac:d0, Wednesday, June 14, 2017 06:59:42
[DHCP IP: 192.168.68.123] to MAC address 90:b2:1f:42:ac:d0, Wednesday, June 14, 2017 06:59:41
[DHCP IP: 192.168.68.121] to MAC address 48:d2:24:0f:4e:0b, Wednesday, June 14, 2017 06:58:58
[DoS Attack: ARP Attack] from source: 103.224.164.1, Wednesday, June 14, 2017 06:58:28
[LAN access from remote] from 123.249.45.211:6000 to 192.168.68.252:3306, Wednesday, June 14, 2017 06:57:44
[DoS Attack: ACK Scan] from source: 65.55.163.74, port 443, Wednesday, June 14, 2017 06:55:56
[DoS Attack: RST Scan] from source: 157.55.134.18, port 443, Wednesday, June 14, 2017 06:54:27
[DoS Attack: SYN/ACK Scan] from source: 157.55.134.18, port 443, Wednesday, June 14, 2017 06:54:15
[DHCP IP: 192.168.68.121] to MAC address 48:d2:24:0f:4e:0b, Wednesday, June 14, 2017 06:52:20
[DoS Attack: ACK Scan] from source: 157.55.134.17, port 443, Wednesday, June 14, 2017 06:51:27
[DoS Attack: SYN/ACK Scan] from source: 221.228.219.144, port 80, Wednesday, June 14, 2017 06:50:56
[DHCP IP: 192.168.68.122] to MAC address ac:7b:a1:04:bd:61, Wednesday, June 14, 2017 06:50:49
[DHCP IP: 192.168.68.94] to MAC address a0:18:28:5a:d7:7d, Wednesday, June 14, 2017 06:49:53
[DHCP IP: 192.168.68.94] to MAC address a0:18:28:5a:d7:7d, Wednesday, June 14, 2017 06:49:15
[DHCP IP: 192.168.68.94] to MAC address a0:18:28:5a:d7:7d, Wednesday, June 14, 2017 06:48:36
[DoS Attack: RST Scan] from source: 199.83.168.130, port 80, Wednesday, June 14, 2017 06:48:30
================== End Router Log =============
regards
chris
5 Replies
You have an bunch of this on your logs:
[LAN access from remote] from 61.164.149.211:56664 to 192.168.68.252:81, Wednesday, June 14, 2017 08:12:24
[LAN access from remote] from 61.164.149.211:55191 to 192.168.68.252:81, Wednesday, June 14, 2017 08:12:24
[LAN access from remote] from 61.164.149.211:53776 to 192.168.68.252:81, Wednesday, June 14, 2017 08:12:23
[LAN access from remote] from 61.164.149.211:52344 to 192.168.68.252:81, Wednesday, June 14, 2017 08:12:23IPLOOKUP shows 61.164.149 is from China..
Which means, someone other than you, is accessing your router..
Do you have remote access or UPNP, or DMZ enabled on the Orbi?
Port 81 is the apache web server used in the pc.
Is there a way to log whats happening when someone comes into this port?
please advise
thanks
chris
Hi
The remote management, DMZ is all turned OFF. However, UPnP is on for certain ports.
The port 81 is a port redirection for myself to access the web server from outside the company.
please advise
thanks
chris
Port forwarding comes to mind, if the Orbi supports it. Then you could shut down UPnP..
