Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Hijacked LAN IP

Swytch
Aspirant
Aspirant
‎2017-06-01 03:45 AM
‎2017-06-01 03:45 AM

Hijacked LAN IP

***This issue has already been posted but it is still unanswered***

My router is producing false DDoS in the log but something strange is happening that I don’t understand. When either of my two iPhones, 192.168.0.13 and 192.168.0.17, are connected to my home network, the IP address is “hijacked” and changes to 136.128.168.0. The MAC address remains the same and the IP change is ONLY viewable via the “Access Control” tab on my Netgear C3000-100NAS modem (V2.02.08 firmware) when the change is active. The IP reverts back to the assigned LAN IP when I scan the network or if either phone is on a VPN. The external IP remains the same, as far as I can tell, and the “attacks” stopped for almost a month after my ISP changed the external IP. I’ve factory reset both phones and the modem twice, changed the DNS and ISP changed the external IP, monitored and blocked several ports, disabled the cellular data, spoken with my ISP, AT&T, Apple, Ford Motor Company, a few companies/organizations in the “target” list, and filed a complaint with the FCC…I can’t seem to get an answer or explanation from anyone. I can’t monitor the traffic or IP behavior when I’m DC’d from my home network so it’s impossible to know if this occurs on AT&T’s network. The log entries I’ve provided are only for a few reports in May but I have logs going back to January. Let me know if anyone has any questions or suggestions, thanks!

 

Description

Count

Last Occurrence

Target

Source

[DoS attack: Ping Of Death] from 136.128.168.0, port 8999

1

Wed May 31 23:39:55 2017

0.0.0.0:21471

136.128.168.0:8999

[DoS attack: Ping Of Death] from 136.128.168.0, port 0

2

Mon May 08 07:01:21 2017

56.36.86.184:0

136.128.168.0:0

[DoS attack: Teardrop or derivative] from 136.128.168.0, port 8999

1

Sun May 07 21:52:05 2017

104.78.55.79:36136

136.128.168.0:8999

[DoS attack: Teardrop or derivative] from 136.128.168.0, port 8999

1

Sun May 07 16:32:59 2017

132.83.41.155:36136

136.128.168.0:8999

[DoS attack: Illegal Fragments] from 136.128.168.0, port 8999

1

Sun May 07 14:35:30 2017

192.10.250.109:36136

136.128.168.0:8999

Message 1 of 7
Labels:
0 Kudos
Reply
netwrks
Master
Master
‎2017-06-01 06:47 AM
‎2017-06-01 06:47 AM

Re: Hijacked LAN IP

Could be something your router (C3000) / ISP @dridhas has the same issue with his phone(s).  He is also using a C3000.

 

https://community.netgear.com/t5/Cable-Modems-Routers/IP-address-on-phone-changing-from-192-to-136/m...

Message 2 of 7
0 Kudos
Reply
dridhas
Aspirant
Aspirant
‎2017-06-01 06:50 AM
‎2017-06-01 06:50 AM

Re: Hijacked LAN IP

im leaning torwards the possibility of a bug on the C3xxx series.

 

i read somewhere that they replaced the C3000 with a C3700 and happened the same thing.

Message 3 of 7
0 Kudos
Reply
Swytch
Aspirant
Aspirant
‎2017-06-01 07:33 AM
‎2017-06-01 07:33 AM

Re: Hijacked LAN IP

I can't imagine it being the router if the LAN IP is unchanged when I'm on a VPN and the VPN only changes the external IP after it leaves the home network...so It only happens when the iphone connects to an external source. The VPN wouldn’t have an effect if the router were assigning the IP to the phone since the VPN only functions after data leaves the modem/router. The LAN IP would chould regardless if it were a router issue.

Message 4 of 7
0 Kudos
Reply
dridhas
Aspirant
Aspirant
‎2017-06-01 07:36 AM
‎2017-06-01 07:36 AM

Re: Hijacked LAN IP

VPN runs on a different network layer.

 

as for me, i was able to narrow it down to my iphone due that i reset it to default and upon first connection to activate, the ip was changed within seconds.

Message 5 of 7
0 Kudos
Reply
netwrks
Master
Master
‎2017-06-01 08:14 AM
‎2017-06-01 08:14 AM

Re: Hijacked LAN IP

If you are using a VPN, then your IP Address will certainly change to the subnet that is being used by the VPN provider. Once disconnected from the VPN, then your phone's ip should show the router subnet. That's they a VPN connection should work.

Message 6 of 7
0 Kudos
Reply
DarrenM
Sr. NETGEAR Moderator
Sr. NETGEAR Moderator
‎2017-06-13 03:16 PM
‎2017-06-13 03:16 PM

Re: Hijacked LAN IP

Hello Swytch


Can I get some more info from you

 

  1. A Screenshot of IP address of iPhone.

  2. Can you access internet?

  3. C3000's backup file when the issue happens.

  4. Do you use a VPN?

  5. Do you use iTunes or QuickTime app?

  6. Can you provide his Network topology?

  7. When did issue occur?  Is there any change in their iPhone?

  8. What is the iPhone model? iOS version? Or can they provide a video (or some pictures) to describe it in the details?

 

Thanks

DarrenM

Message 7 of 7
0 Kudos
Reply
Discussion stats
  • 6 replies
  • ‎2017-06-01 03:45 AM
  • 3848 views
  • 0 kudos
  • 4 in conversation
Announcements

Orbi WiFi 7