FVS318 - Intermittent Network Drops, Began Recently
Hello all, We have had an FVS318 for about 6 years or so without an issue, until about 2 weeks ago. All of the sudden, about three times a day the entire network will drop and then restart all in the span of 30 to 60 seconds. Any programs that were accessing network resources at that moment will crash. It only seems to happen about 2 to 3 times a day. No settings have been changed on it recently and I am rather puzzled as to why this is happening. The log(listed below) on the VPN shows that the date/time has been reset during this outage. I have searched the internet and come up short. Any ideas would be greatly appreciated!
Sun, 01/01/1900 00:00:00 - Netgear Activated. Sun, 01/01/1900 00:00:00 - TCP connection dropped - Source:68.142.118.4, 80, WAN - Destination:[OUR IP ADDRESS], 18891, LAN - 'Possible Port Scan' Sun, 01/01/1900 00:00:00 - TCP connection dropped - Source:69.171.235.16, 443, WAN - Destination:[OUR IP ADDRESS], 20741, LAN - 'Suspicious TCP Data' Sun, 01/01/1900 00:00:00 - TCP connection dropped - Source:193.182.8.66, 4070, WAN - Destination:[OUR IP ADDRESS], 19449, LAN - 'Possible Port Scan' Sun, 01/01/1900 00:00:00 - TCP connection dropped - Source:216.248.29.104, 443, WAN - Destination:[OUR IP ADDRESS], 18745, LAN - 'Suspicious TCP Data' Sun, 01/01/1900 00:00:00 - TCP connection dropped - Source:69.171.224.42, 443, WAN - Destination:[OUR IP ADDRESS], 19200, LAN - 'Suspicious TCP Data' Sun, 01/01/1900 00:00:00 - TCP connection dropped - Source:65.55.71.47, 1863, WAN - Destination:[OUR IP ADDRESS], 16887, LAN - 'Possible Port Scan' Tues, 02/19/2013 12:10:21 - Get NTP Time: Tues, 02/19/2013 12:10:21 Tues, 02/19/2013 12:11:49 - TCP connection dropped - Source:184.26.142.49, 443, WAN - Destination:[OUR IP ADDRESS], 20566, LAN - 'Suspicious TCP Data' Tues, 02/19/2013 12:12:47 - TCP connection dropped - Source:17.149.36.93, 443, WAN - Destination:[OUR IP ADDRESS], 24001, LAN - 'Possible Port Scan' Tues, 02/19/2013 12:14:41 - TCP connection dropped - Source:129.3.172.226, 62801, WAN - Destination:[OUR IP ADDRESS], 45014, LAN - 'Suspicious TCP Data' Tues, 02/19/2013 12:14:41 - TCP connection dropped - Source:174.55.193.192, 49237, WAN - Destination:[OUR IP ADDRESS], 45014, LAN - 'Suspicious TCP Data'
Re: FVS318 - Intermittent Network Drops, Began Recently
OUR IP ADDRESS
Should LAN , Private IP so hiding doesn't do any good.
whois 68.142.118.4 Junes-iMac:~ Junebug$ whois 68.142.118.4 # # Query terms are ambiguous. The query is assumed to be: # "n 68.142.118.4" # # Use "?" to get help. #
NetRange: 68.142.64.0 - 68.142.127.255 CIDR: 68.142.64.0/18 OriginAS: AS22822 NetName: LLNW-2 NetHandle: NET-68-142-64-0-1 Parent: NET-68-0-0-0-0 NetType: Direct Allocation Comment: *** All abuse complaints must go to abuse (at) Comment: limelightnetworks.com Comment: Network reassignments available via rwhois.llnw.net:4321 RegDate: 2004-03-17 Updated: 2012-02-24 Ref: http://whois.arin.net/rest/net/NET-68-142-64-0-1
OrgName: Limelight Networks, Inc. OrgId: LLNW Address: 2220 W. 14th Street City: Tempe StateProv: AZ PostalCode: 85281 Country: US RegDate: 2002-07-26 Updated: 2011-10-27 Ref: http://whois.arin.net/rest/org/LLNW
Re: FVS318 - Intermittent Network Drops, Began Recently
I have tried to run whois on multiple IP addresses. I haven't came up with anything concrete yet. Most are different and seem to point to different regions or countries.
Today I am focusing on running Malwarebytes scans on several of the PCs that are on during these outages, to see if I can catch anything.
From the log, though, do you feel like the source is from inside the network? Do you have any further suggestions of ways to track the source of the problem?
Re: FVS318 - Intermittent Network Drops, Began Recently
jmizoguchi wrote:
what ever related to the IP , look in to malware issues.
I really don't understand your advise. I have a list of 30+ IP addresses from the security log, all different and each whois pulls from different locations. I have 12 computers on our network at the same time.
First, how can a process be shutting down our network for 30 to 60 seconds?
Second, how can I track the issue to a single machine? The destination in the Security Log is our external IP Address. It doesn't give me a local machine IP.
I tried Wiretap on one PC... but the PC was lagging too much for our software to run properly.
Re: FVS318 - Intermittent Network Drops, Began Recently
Well, after thinking about this a little yesterday... I decided to pull the FVS318 out and replace it with another router that we had. Thus far (24+ hours) we haven't had any network outages. At this point I feel that maybe this was a symptom of a failing FVS318. If we don't have any further network issues, then I will assume that it was just going bad.
Re: FVS318 - Intermittent Network Drops, Began Recently
This maybe a little bit too late to help, but I noticed almost the exact same problem with my Cisco rv016 when my cable company changed their backend. The new backend (Arris c4) was sending 100 packets/sec to my rv016, so it would constantly reboot thinking it was under attack. Seems like the same thing might be going on with the snippet of the log you posted.
