NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Hijacked LAN IP
***This issue has already been posted but it is still unanswered***
My router is producing false DDoS in the log but something strange is happening that I don’t understand. When either of my two iPhones, 192.168.0.13 and 192.168.0.17, are connected to my home network, the IP address is “hijacked” and changes to 136.128.168.0. The MAC address remains the same and the IP change is ONLY viewable via the “Access Control” tab on my Netgear C3000-100NAS modem (V2.02.08 firmware) when the change is active. The IP reverts back to the assigned LAN IP when I scan the network or if either phone is on a VPN. The external IP remains the same, as far as I can tell, and the “attacks” stopped for almost a month after my ISP changed the external IP. I’ve factory reset both phones and the modem twice, changed the DNS and ISP changed the external IP, monitored and blocked several ports, disabled the cellular data, spoken with my ISP, AT&T, Apple, Ford Motor Company, a few companies/organizations in the “target” list, and filed a complaint with the FCC…I can’t seem to get an answer or explanation from anyone. I can’t monitor the traffic or IP behavior when I’m DC’d from my home network so it’s impossible to know if this occurs on AT&T’s network. The log entries I’ve provided are only for a few reports in May but I have logs going back to January. Let me know if anyone has any questions or suggestions, thanks!
Description | Count | Last Occurrence | Target | Source |
[DoS attack: Ping Of Death] from 136.128.168.0, port 8999 | 1 | Wed May 31 23:39:55 2017 |
[DoS attack: Ping Of Death] from 136.128.168.0, port 0 | 2 | Mon May 08 07:01:21 2017 |
[DoS attack: Teardrop or derivative] from 136.128.168.0, port 8999 | 1 | Sun May 07 21:52:05 2017 |
[DoS attack: Teardrop or derivative] from 136.128.168.0, port 8999 | 1 | Sun May 07 16:32:59 2017 |
[DoS attack: Illegal Fragments] from 136.128.168.0, port 8999 | 1 | Sun May 07 14:35:30 2017 |
6 Replies
Could be something your router (C3000) / ISP dridhas has the same issue with his phone(s). He is also using a C3000.
im leaning torwards the possibility of a bug on the C3xxx series.
i read somewhere that they replaced the C3000 with a C3700 and happened the same thing.
I can't imagine it being the router if the LAN IP is unchanged when I'm on a VPN and the VPN only changes the external IP after it leaves the home network...so It only happens when the iphone connects to an external source. The VPN wouldn’t have an effect if the router were assigning the IP to the phone since the VPN only functions after data leaves the modem/router. The LAN IP would chould regardless if it were a router issue.
VPN runs on a different network layer.
as for me, i was able to narrow it down to my iphone due that i reset it to default and upon first connection to activate, the ip was changed within seconds.
