NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

ex2hale's avatar
ex2hale
Guide
Nov 09, 2016
Solved

dos attack by ISP?

Hello, I have been having trouble with my nighthawk. Today I had cox come out to fix an issues to me losing internet random for about 20 seconds. The guy took off a filter that is inbetween the mode...
dos attack
Dropping internet
isp
R7000
Troubleshooting
  • ex2hale's avatar
    ex2hale
    Nov 29, 2016

    So the problem is fixed!! :) I am posting this so if anyone has the same problem they can fix it too. First things first the router and/or the equipment was not the problem. The problem was cox sent out dip**bleep** techs to my house over and over. When calling cox the last time I told them my modems power signals were not looking correct and told them about my modems logs. Ask your ISP for i believe what they call a "Data Tech" this tech actually knew what the **bleep** they were doing and fixed the issues. I had been dealing with this problem for over a year and it took the tech 30 minutes to fix my problem. So in ending this topic after the tons of hours looking on the internet and wasting my time JUST CALL YOUR ISP and have them fix the problem if your logs and symptoms are the same as mine, do not waste your time. Hopefullly this helps someone else out.

     

    these were the errors my modem was giving to look my modems logs i typed 192.168.100.1 in the search bar:

     

    2016-11-15, 20:48:43 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
    2016-11-15, 20:48:57 Warning (5) Dynamic Range Window violation

IrvSp's avatar
IrvSp
Master
Nov 10, 2016

Netgear logging is full of stuff like this, go Google "DoS attack: ACK Scan" and check a few links out, almost ALL will be on Netgear routers.

 

I believe it is a s/w problem in the firmware where the router loses track of TCP/IP packets. TCP/IP packets go out and the routers knows to who. When a packets comes back it sees if it was expecting it and for whom. If 'on the list' it gets sent to you. Not on the list, it IS an attack it thinks and logs it an throws away to the packet.

 

Since it was your ISP, chances are that is why you can notice this. It was probably a DNS query. What came back was the IP ADDRESS you needed to go somewhere on your browser. After a 'timeout period' the browser assumed the reqest go lost or wasn't honored and sent another one, that one came back, and since it took some time that is WHY you noticed you lost internet.

 

I've never discovered a way to 'stop' this? Sometimes a reboot of the router, sometimes it just goes away by itself.

 

Anyway, if you see IP Addresses from places you would normally be going to on the web as an attacker it more than likely are FALSE. Real attacks are not a single or a few tried from the same IP Address but many sequentiallly.