Orbi WiFi 7 RBE973
Reply

CBR40 DDOS Attack from the Inside? Weirdness happening...

steveberry10
Tutor

CBR40 DDOS Attack from the Inside? Weirdness happening...

Hi all,

 

I have an Oribi CBR40 cable modem/router.  It's at firmware release V2.5.0.28_1.0.8 and it's running the Netgear armor.  

 

On Sunday afternoon I had issues with my internet and I saw the downstream light was flashing (which usually indicates a problem with service).  I rebooted the unit and that's when I started receiving a lot of DDOS attack messages.  These messages are not coming from an external IP address...they come from any/all devices attached to my home network.  I did power it down for a bit and that seems to stop it for about 12 hours or so.

 

I had Comcast out today and they addressed some issues with my service but the problem still persists.  Some of the things I've seen in the logs are multiple DCHP requests for the same device.  There is one DoS message for netbios, however this is from my work laptop and it was only connected as of this morning.  I also see that the router has trouble keeping the correct time and date.  In the event log I also see a lot of 'Lost MMD Timeout' and MIMO event messages as well as time sync failures.

 

I guess my question is this: are these messages the result of a false positive due to service or equipment problems?  Or is this a legit DDOS attack?

 

Thanks.

 

 

 

Message 1 of 2
steveberry10
Tutor

Re: CBR40 DDOS Attack from the Inside? Weirdness happening...

Some more info after watching this for a bit...

 

The router appears to be slow.  Logging in via the webpage and I see that sometimes menus time out because it took too long for a response.

 

There are a *lot* of DNS IP requests for a particular device.  It turns out to be my iPhone which was updated this weekend.  I do see a lot of chatter about iOS 15 and Wi-Fi where there can be issues.  (The phone is now disconnected from the network).

 

My laptop changed IP addresses for no apparent reason this morning.  It was 192.168.1.12 this morning and after a blip it's now 192.168.1.6.  I've never seen that before.

 

Anyone care to take a stab at this?  

 

 

Message 2 of 2
Top Contributors
Discussion stats
  • 1 reply
  • 988 views
  • 0 kudos
  • 1 in conversation
Announcements

Orbi 770 Series