Orbi WiFi 7 RBE973
Reply

netgear C3700-100NAS sporatic web browsing issues (able to ping / not able to browse).

trigger113
Tutor

netgear C3700-100NAS sporatic web browsing issues (able to ping / not able to browse).

I have a C3700-100NAS Router/Modem for about 3 months now with comcast as my Internet Service Provider (ISP).

 

Upon first install around November of 2015, I had issues getting the asset to work appropriately.  Unable to load pages, etc.  After a factory reset, it seemed to resolve the issue for about 2 or so months. As of around the beginning of January, we have been experiencing issues where Web Pages will not load (firefox/internet explorer/etc), netflix connectivity fails on TV's, etc.   Although it seems I am am able to successfully ping 8.8.8.8, google.com, and other sites, web pages seem to sporatically load 20% of the time, and netflix barely works.

 

Product: Netgear C3700-100NAS

Firmware Version: 2.02.06

ISP: Comcast

Netgear IP: 192.168.1.1

DNS: Auto

DHCP: Enabled

 

Symptoms: Slow Page Loads, Pages do not load at all, ping works from what I can tell. Adjusted DNS settings from ISP's to Google (8.8.8.8) and no difference. Users experiencing the issue are Wired and Wireless. Platform's are iphones, ipads, tvs, laptops, pcs (no discrimination).

 

Any help would be greatly appreciated.

 

In the logs, I do see some follow messages:

- [DoS attack: Teardrop or derivative] from 192.0.104.80, port 0

- [DoS attack: SYN Flood] from 216.241.219.198, port 443

- [DoS attack: TCP- or UDP-based Port Scan] from 75.75.75.75, port 53

 

In the Event Log, I see some of these errors (last one in November of 2015):

- SYNC Timing Synchronization failure - Failed to acquire FEC framing;CM-

 

Any help would be great!

Message 1 of 13
TheEther
Guru

Re: netgear C3700-100NAS sporatic web browsing issues (able to ping / not able to browse).

Have you tried doing a speed test?  Try Comcast's and Ookla's to get a couple of data points.

 

You may also want to look at the traffic statistics on the C3700 and see if your Internet port is saturated.  Perhaps those DoS attacks are consuming all of your bandwidth.  Did you piss off someone in an online game? 

Message 2 of 13
Eric19
Initiate

Re: netgear C3700-100NAS sporatic web browsing issues (able to ping / not able to browse).

I'm having the same problems. a temporary fix is to log into your C3700, go to advanced home tab, then on the internet port area, click on connection status. another small window will popup. you can click "renew" to renew your lease. For me it immediately makes the internet work - until the next time which could be hours or minutes.

Message 3 of 13
trigger113
Tutor

Re: netgear C3700-100NAS sporatic web browsing issues (able to ping / not able to browse).

When I can do a speed test, I'm getting about 50-75Mbps download and 15-25Mbps Uploads.  Normally, we cannot access the server (it appears the DNS is messed up but changing to google DNS doesn't help).

 

Since multiple users are experiencing the same issue, it leads me to believe it is the NETGEAR Modem/Router; common denominator.

 

No. we have not upset anyone in an online game. Nice try... 😉

Message 4 of 13
trigger113
Tutor

Re: netgear C3700-100NAS sporatic web browsing issues (able to ping / not able to browse).

I'll give that a swagger Eric and see if that helps.

Message 5 of 13
PainInMyNet
Initiate

Re: netgear C3700-100NAS sporatic web browsing issues (able to ping / not able to browse).

I'm having the EXACT same problem, also using Comcast and same Netgear model. I just started looking at my log yesterday because of other suspicious behaviour I've noticed on personal accounts like banking, gaming, etc.

 

Releasing, power cycling, renewing, and changing to Google DNS servers did not change my IP address. Here is my most recent log

 

 

[DoS attack: SYN Flood] from 152.163.13.6, port 801Sun Jan 24 13:13:02 2016192.168.0.23:51854152.163.13.6:80
[DoS attack: SYN Flood] from 69.172.216.111, port 801Sun Jan 24 13:12:19 2016192.168.0.23:5168469.172.216.111:80
[DoS attack: SYN Flood] from 74.119.118.94, port 801Sun Jan 24 13:12:13 2016192.168.0.23:5166974.119.118.94:80
[DoS attack: SYN Flood] from 69.194.244.11, port 801Sun Jan 24 13:12:09 2016192.168.0.23:5164069.194.244.11:80
[DoS attack: SYN Flood] from 173.241.250.221, port 801Sun Jan 24 13:11:52 2016192.168.0.23:51505173.241.250.221:80
[DoS attack: SYN Flood] from 184.25.254.64, port 801Sun Jan 24 13:11:05 2016192.168.0.23:51381184.25.254.64:80
[DoS attack: SYN Flood] from 69.194.244.11, port 4431Sun Jan 24 13:10:55 2016192.168.0.23:51351

69.194.244.11:443

[DoS attack: TCP- or UDP-based Port Scan] from 75.75.75.75, port 531Sun Jan 24 12:55:47 201673.71.107.103:5594975.75.75.75:53

 

Ping has also been disabled since installation, which was about 8 months ago. I'm beginning to think there's a vulnerability in the router Netgear is unaware of or unable to address. Any other suggestions would be great.

 

Thanks

Message 6 of 13
MeIMyself
Initiate

Re: netgear C3700-100NAS sporatic web browsing issues (able to ping / not able to browse).

I suggest you read what is at this link http://searchsecurity.techtarget.com/definition/SYN-flooding then go to the page in Genie under advanced setup wan setup and make certain that none of those little check boxes are checked for starters.

 

 

 

 

 

Message 7 of 13
trigger113
Tutor

Re: netgear C3700-100NAS sporatic web browsing issues (able to ping / not able to browse).

Thanks MelMyself for the advice, but I made certain those lil guys were not checked.

 

After reviewing some routers (that I haven't visited in a while), I discovered that one was acting as a DHCP/DNS on the network which was confusing a lot of devices. I resolved that quickly and it cleared up a lot of client issues, but not all.

 

One local network in particular was having a weird issue (no matter what I tried).  This local network is using a ASUS RT-N66U Router.  For some reason, any device (iphone, samsung phone, note, ipad, laptop, samsung tv, didn't matter) that would connect to it would load pages for about 10 minutes without issue, and then all of a sudden cease to load any pages (with timeout errors on the browsers). After several hours+++ assigning new ip ranges, new dns servers, etc on the ASUS router.... nothing worked... FINALLY... finally... I noticed that the Netgear C3700-100NAS modem was logging many DOS errors against the same router (ASUS RT-N66U) which I was troubleshooting.... 

 

In an effort to see if the Netgear Modem was blocking what I would call  "good traffic", I turned "OFF" the DOS feature on the Netgear C3700-100NAS, and everything started to work on the ASUS Router's network... the pages loaded up on all devices attached to the ASUS RT-N66U router without issues.

 

Looking at the logs of the NETGEAR Modem further, I realized that it appears a new firmware was loaded on the router around January 1st at 00:30:00 2016.  This is around the same time that I noticed the issues. So I'm leaning towards this firmware load as the potential problem....

 

Since I don't think it is a very good idea to disable the DOS protection on the Modem... so here are my questions I'd like to ask netgear/comcast or an expert in the arena:

  1. Is the Netgear Modem's DOS feature working as designed (seems buggy)? 
  2. If it is working as designed, why is it blocking EVERTHING coming from my ASUS RT-N66U router?
  3. Should I contact COMCAST or is this a NETGEAR issues


Here are some more logs from the router this afternoon and some of my notes after the //:

 

  1. [DoS attack: IP packet w/MC or BC SRC addr] from 207.46.134.255, port 443    // only has a count of "1" on occurance, and this IP Is owned by Microsoft.com
  2. [DoS attack: SYN Flood] from 65.52.108.11, port 443 // only has a count of "1" on occurance and this IP is owned by Microsot.com it appears
  3. [DoS attack: Teardrop or derivative] from 192.0.104.80, port 0 //has an occurance of "16" owned by the makers of wordpress (the source/target are not even in my network which is weird why it's loading on my modem). This one seems fishy...

 

Message 8 of 13
trigger113
Tutor

Re: netgear C3700-100NAS sporatic web browsing issues (able to ping / not able to browse).

----

Message 9 of 13
trigger113
Tutor

Re: netgear C3700-100NAS sporatic web browsing issues (able to ping / not able to browse).


@PainInMyNet wrote:

I'm having the EXACT same problem, also using Comcast and same Netgear model. I just started looking at my log yesterday because of other suspicious behaviour I've noticed on personal accounts like banking, gaming, etc.

 

Releasing, power cycling, renewing, and changing to Google DNS servers did not change my IP address. Here is my most recent log

 

 

[DoS attack: SYN Flood] from 152.163.13.6, port 801Sun Jan 24 13:13:02 2016192.168.0.23:51854152.163.13.6:80
[DoS attack: SYN Flood] from 69.172.216.111, port 801Sun Jan 24 13:12:19 2016192.168.0.23:5168469.172.216.111:80
[DoS attack: SYN Flood] from 74.119.118.94, port 801Sun Jan 24 13:12:13 2016192.168.0.23:5166974.119.118.94:80
[DoS attack: SYN Flood] from 69.194.244.11, port 801Sun Jan 24 13:12:09 2016192.168.0.23:5164069.194.244.11:80
[DoS attack: SYN Flood] from 173.241.250.221, port 801Sun Jan 24 13:11:52 2016192.168.0.23:51505173.241.250.221:80
[DoS attack: SYN Flood] from 184.25.254.64, port 801Sun Jan 24 13:11:05 2016192.168.0.23:51381184.25.254.64:80
[DoS attack: SYN Flood] from 69.194.244.11, port 4431Sun Jan 24 13:10:55 2016192.168.0.23:51351

69.194.244.11:443

[DoS attack: TCP- or UDP-based Port Scan] from 75.75.75.75, port 531Sun Jan 24 12:55:47 201673.71.107.103:5594975.75.75.75:53

 

Ping has also been disabled since installation, which was about 8 months ago. I'm beginning to think there's a vulnerability in the router Netgear is unaware of or unable to address. Any other suggestions would be great.

 

Thanks


 

PainInMyNet,

 

First, I like th name! 😉

 

Second, did you notice if comcast upgraded your firmware around 1/1/2016 at 00:30:00?

 

Also, if you disable the "DOS" feature on your Netgear Modem, do your symptoms disappear (the symptoms being your internet explorer/firefox/browser web pages don't load....)? 

Message 10 of 13
PainInMyNet
Initiate

Re: netgear C3700-100NAS sporatic web browsing issues (able to ping / not able to browse).

Page loading does seem a little better, but I'm concerned about security more than anything. I don't see where anything may have changed with Comcast settings on my Netgear. All my checkboxes on the WAN setup page were already unchecked, but page loading improved after checking "Disable Port Scan and DoS Protection."

Message 11 of 13
mfox
Initiate

Re: netgear C3700-100NAS sporatic web browsing issues (able to ping / not able to browse).

C7000 here. Similar issues.

 

I notice if I change DNS to 8.8.8.8 then it feels it's being DoS'd by 8.8.8.8 and if I leave it at Comcast's default of 75.75.75.75 then the router thinks it's being DoS'd by 75.75.75.75.

 

It's probably okay to "Disable Port Scan and DoS Protection" as suggested. We have no way to know what this feature even does but can assume from the logs that it's kind of dumb.

 

Model: C7000|Nighthawk - AC1900 WiFi Cable Modem Router
Message 12 of 13
trigger113
Tutor

Re: netgear C3700-100NAS sporatic web browsing issues (able to ping / not able to browse).

Im happy to hear I'm not the only one! After disabling that feature several months ago, there haven't been any complaints from my friends who use it. I'm hopeful that NETGEAR will release a firmware update to remedy soon.

Thanks for responding!
Message 13 of 13
Top Contributors
Discussion stats
  • 12 replies
  • 9445 views
  • 5 kudos
  • 6 in conversation
Announcements

Orbi WiFi 7