NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Nighthawk C7000 AC1900 DoS attack with speed slowdowns
Hello everyone!
I have tried going through my ISP but they see nothing wrong with modem health or my connection on their end. I have a Nighthawk C7000 AC1900 firmware version v1.01.23, with Windows 10 and in a home environment.
I'm a streamer and frequently watch other streamers to show support. I noticed the stream I was watching kept freezing. So after checking other streamers and seeing the same results, I did multiple speed test. The speed I pay for is 100/10 and I was getting between 3/11 to 50/11. The download speed is never consistant and at times the dial will shoot up to 100+ but then drop right away during the testing.
I'll provide the logs below. All of this started on 10/25/17 and has continued every day. I have done a factory reset several times with no fixes. Please see partial logs below (including the event log too because of critical errors).
Any help would be greatly appreciate. I'm not great with the networking side of things and have no clue what I'm looking at.
Thank You
| [DoS attack: Ping Of Death] from 212.9.9.0, port 0 | 11 | Fri Oct 27 07:24:31 2017 | 12.250.195.76:0 | 212.9.9.0:0 |
| [DoS attack: Illegal Fragments] from 212.9.9.0, port 0 | 1 | Fri Oct 27 07:23:32 2017 | 12.250.195.76:0 | 212.9.9.0:0 |
| [DoS attack: Ping Of Death] from 212.9.9.0, port 0 | 3 | Fri Oct 27 07:16:04 2017 | 12.250.195.76:0 | 212.9.9.0:0 |
| [DoS attack: Illegal Fragments] from 212.9.9.0, port 0 | 5 | Fri Oct 27 07:12:02 2017 | 12.250.195.76:0 | 212.9.9.0:0 |
| [DoS attack: Ping Of Death] from 212.9.9.0, port 0 | 1 | Fri Oct 27 07:12:01 2017 | 12.250.195.76:0 | 212.9.9.0:0 |
| [DoS attack: Teardrop or derivative] from 212.9.9.0, port 0 | 2 | Fri Oct 27 07:12:01 2017 | 12.250.195.76:0 | 212.9.9.0:0 |
| [DoS attack: Ping Of Death] from 212.9.9.0, port 0 | 1 | Fri Oct 27 06:53:32 2017 | 12.250.195.76:0 | 212.9.9.0:0 |
| [DoS attack: Illegal Fragments] from 212.9.9.0, port 0 | 2 | Fri Oct 27 06:53:32 2017 | 12.250.195.76:0 | 212.9.9.0:0 |
| [DoS attack: Ping Of Death] from 212.9.9.0, port 0 | 3 | Fri Oct 27 06:43:59 2017 | 12.250.195.76:0 | 212.9.9.0:0 |
| [DoS attack: Illegal Fragments] from 212.9.9.0, port 0 | 1 | Fri Oct 27 06:40:28 2017 | 12.250.195.76:0 | 212.9.9.0:0 |
| [DoS attack: Teardrop or derivative] from 212.9.9.0, port 0 | 2 | Fri Oct 27 06:40:28 2017 | 12.250.195.76:0 | 212.9.9.0:0 |
5 Replies
Here is some of the event log.
[DoS attack: Ping Of Death] from 212.9.9.0, port 0 11 Fri Oct 27 07:24:31 2017 12.250.195.76:0 212.9.9.0:0 [DoS attack: Illegal Fragments] from 212.9.9.0, port 0 1 Fri Oct 27 07:23:32 2017 12.250.195.76:0 212.9.9.0:0 [DoS attack: Ping Of Death] from 212.9.9.0, port 0 3 Fri Oct 27 07:16:04 2017 12.250.195.76:0 212.9.9.0:0 [DoS attack: Illegal Fragments] from 212.9.9.0, port 0 5 Fri Oct 27 07:12:02 2017 12.250.195.76:0 212.9.9.0:0 [DoS attack: Ping Of Death] from 212.9.9.0, port 0 1 Fri Oct 27 07:12:01 2017 12.250.195.76:0 212.9.9.0:0 [DoS attack: Teardrop or derivative] from 212.9.9.0, port 0 2 Fri Oct 27 07:12:01 2017 12.250.195.76:0 212.9.9.0:0 [DoS attack: Ping Of Death] from 212.9.9.0, port 0 1 Fri Oct 27 06:53:32 2017 12.250.195.76:0 212.9.9.0:0 [DoS attack: Illegal Fragments] from 212.9.9.0, port 0 2 Fri Oct 27 06:53:32 2017 12.250.195.76:0 212.9.9.0:0 [DoS attack: Ping Of Death] from 212.9.9.0, port 0 3 Fri Oct 27 06:43:59 2017 12.250.195.76:0 212.9.9.0:0 [DoS attack: Illegal Fragments] from 212.9.9.0, port 0 1 Fri Oct 27 06:40:28 2017 12.250.195.76:0 212.9.9.0:0 [DoS attack: Teardrop or derivative] from 212.9.9.0, port 0 2 Fri Oct 27 06:40:28 2017 12.250.195.76:0 212.9.9.0:0 It seems to be coming from the same IP tried to remove your phone or tablet from the network one by one it could be some app causing the issues it will help you find if its coming from one of your own devices.
DarrenM
Thank you for the reply!
So none of my devices are connected to my network. I switched to an ISP provided modem and the issues continue. Here is the event log and my signal levels from that modem.
DCID Freq Power SNR Modulation Octets Correcteds Uncorrectables Downstream 1 31 759.00 MHz -8.30 dBmV 37.64 dB 256QAM 10174456403 773 531 Downstream 2 11 639.00 MHz -3.80 dBmV 35.78 dB 256QAM 9039563986 154825 42074 Downstream 3 12 645.00 MHz -3.80 dBmV 37.64 dB 256QAM 9375426056 1866 8873 Downstream 4 13 651.00 MHz -4.50 dBmV 38.61 dB 256QAM 11157426657 1398 4776 Downstream 5 19 687.00 MHz -5.40 dBmV 38.61 dB 256QAM 10840985587 980 4759 Downstream 6 20 693.00 MHz -4.60 dBmV 38.98 dB 256QAM 9573565219 682 1233 Downstream 7 21 699.00 MHz -6.80 dBmV 37.36 dB 256QAM 7647358217 984 3294 Downstream 8 22 705.00 MHz -8.60 dBmV 37.64 dB 256QAM 8252472098 1447 4147 Downstream 9 23 711.00 MHz -6.50 dBmV 37.36 dB 256QAM 8110417512 2335 9375 Downstream 10 25 723.00 MHz -5.20 dBmV 38.98 dB 256QAM 9382500454 1014 1140 Downstream 11 26 729.00 MHz -5.10 dBmV 38.61 dB 256QAM 11345091793 1878 8097 Downstream 12 27 735.00 MHz -5.80 dBmV 37.36 dB 256QAM 7391882817 1113 3751 Downstream 13 28 741.00 MHz -6.00 dBmV 35.78 dB 256QAM 8140687219 15613 1333 Downstream 14 29 747.00 MHz -6.70 dBmV 31.69 dB 256QAM 10875684659 16565521 1821278 Downstream 15 30 753.00 MHz -8.40 dBmV 30.05 dB 256QAM 5827894160 19105862 2282938 Downstream 16 32 765.00 MHz -8.30 dBmV 37.64 dB 256QAM 8834712848 895 1338 Reset FEC Counters Upstream
UCID Freq Power Channel Type Symbol Rate Modulation Upstream 1 42 24.20 MHz 43.50 dBmV DOCSIS2.0 (ATDMA) 5120 kSym/s 64QAM Upstream 2 44 37.00 MHz 46.00 dBmV DOCSIS2.0 (ATDMA) 2560 kSym/s 64QAM Upstream 3 43 30.60 MHz 44.25 dBmV DOCSIS2.0 (ATDMA) 5120 kSym/s 64QAM Upstream 4 41 19.40 MHz 42.50 dBmV DOCSIS1.x (TDMA) 2560 kSym/s 16QAM Status System Uptime: 4 d: 0 h: 56 m Computers Detected: staticCPE(1), dynamicCPE(2) CM Status: OPERATIONAL Time and Date: Wed 2017-11-01 17:17:08 Interface Parameters Interface Name Provisioned State Speed (Mbps) MAC address LAN Port 1 Enabled Up 1000(Full) AC:EC:80:F4:30:F1 LAN Port 2 Enabled Down ----- AC:EC:80:F4:30:F1 LAN Port 3 Enabled Down ----- AC:EC:80:F4:30:F1 LAN Port 4 Enabled Down ----- AC:EC:80:F4:30:F1 CABLE Enabled Up ----- AC:EC:80:F4:30:F2 MTA NotInitiated Down ----- AC:EC:80:F4:30:F3 Date Time Event ID Event Level Description 11/1/2017 18:03 84020200 5 Lost MDD Timeout;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:03 84000700 5 RCS Partial Service;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:03 84020200 5 Lost MDD Timeout;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:03 84000700 5 RCS Partial Service;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:03 84020200 5 Lost MDD Timeout;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:03 84000700 5 RCS Partial Service;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:04 84020200 5 Lost MDD Timeout;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:04 84000700 5 RCS Partial Service;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:04 84020200 5 Lost MDD Timeout;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:04 84000700 5 RCS Partial Service;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:04 84020200 5 Lost MDD Timeout;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:04 84000700 5 RCS Partial Service;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:05 84020200 5 Lost MDD Timeout;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:05 84000700 5 RCS Partial Service;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:05 84020200 5 Lost MDD Timeout;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:05 84000700 5 RCS Partial Service;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:06 84020200 5 Lost MDD Timeout;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:06 84000700 5 RCS Partial Service;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:06 84020200 5 Lost MDD Timeout;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; 11/1/2017 18:06 84000700 5 RCS Partial Service;CM-MAC=ac:ec:80:f4:30:f2;CMTS-MAC=00:01:5c:77:6c:57;CM-QOS=1.1;CM-VER=3.0; PacketCable(MTA) Events Date Time Event ID Description 10/12/2017 12:24 14 Power Supply Telemetry Log - BATTERY MISSING 10/12/2017 12:24 16 MTA TFTP: Successful 10/12/2017 12:24 26 MTA PROV: Successful! 10/12/2017 12:24 3 Voice Line State Change, Line Number = 1, Prev State = OOS, New State = IS 10/12/2017 12:24 3 Voice Line State Change, Line Number = 2, Prev State = OOS, New State = IS 10/12/2017 12:25 3 Voice Line State Change, Line Number = 1, Prev State = IS, New State = OOS 10/12/2017 12:25 3 Voice Line State Change, Line Number = 2, Prev State = IS, New State = OOS 10/12/2017 12:26 16 MTA TFTP: Successful 10/12/2017 12:26 26 MTA PROV: Successful! 10/12/2017 12:26 3 Voice Line State Change, Line Number = 1, Prev State = OOS, New State = IS 10/12/2017 12:26 3 Voice Line State Change, Line Number = 2, Prev State = OOS, New State = IS 10/12/2017 12:26 14 Power Supply Telemetry Log - BATTERY MISSING
