Xr700 and constant dos attacks in log with internet loss
Hello, I apologize in advance if starting a new post for this is out of order or anything but I am quite fed up with this issue. I have previously went thru trying two xr500's (for different reason i'll add) and said I was throwing in the towel on netgear but I wanna like dumaos so much that I gave in and spent even more money on the xr700 to give it another shot. Now, while I understand that this issue might not be the routers fault (and I stress might)...I have never had this issue in the past with ANY router.
Starting off...my son like to play this raindow six siege crap on his xbox and nearly everytime he plays this game the whole internet connection goes down. This never happens on any other game he plays (which i'll say now, is why I stated ealier that I understand it MIGHT not be the router's fault). Nevertheless its quite annoying and when these events happen I subsequently go to the log, you can see a bunch of dos attack messages with udp, ack, teardrop, jolt21 and others im sure im forgetting. Examples below from this morning. There are may more lines of this stuff but I just took some from this 17 min 'attack':
[DoS Attack: Teardrop] from source: 45.57.40.1, Sunday, July 05, 2020 11:51:53
[DoS Attack: Jolt2] from source: 45.57.40.1, Sunday, July 05, 2020 11:51:53
[DoS Attack: ACK Scan] from source: 166.170.35.35, port 21223, Sunday, July 05, 2020 12:24:10
[DoS Attack: ACK Scan] from source: 47.133.77.157, port 60561, Sunday, July 05, 2020 11:57:44
[DoS Attack: ACK Scan] from source: 73.185.100.9, port 41389, Sunday, July 05, 2020 11:57:36
[DoS Attack: ACK Scan] from source: 63.153.100.239, port 39003, Sunday, July 05, 2020 11:57:28
[DoS Attack: UDP Port Scan] from source: 166.78.174.129, port 389, Sunday, July 05, 2020 11:43:17
Upon searching the internet for this issue i've come across:
1. That this is a big known issue for people playing rb6 siege—as kids/loser adults like to send these attacks
2. A constant saying that these are 'false positives' being displayed in the log
This has led me to just start a topic because I am sick of this occurring and if it is other people initiating attacs then is there any help, advice, resources or anything that can stop this nonsense aside from simply telling him he cant play the game anymore because the only 'real positive' that I have to address the notion of 'false positve' is that my whole internet ABSOLUTELY POSITIVELY goes down for however long these attacks go on (typically anywhere from 7-17 mins).
Now, I am in no way super tech guy of the world but can understand and flow with just enough to be dangerous but this game (rb6) is nothing new and has been out for quite some time and he's been playing it for quite some time and we came from an apple airport extreme prior to my ng xr550 trials and now the xr700 and NEVER once experienced these issues.
Another issue I was initially learning to live with after it kept happening and I finally started paying attention to the log to try and see what was going on at that moment it would happn is...almost like clockwork it will boot us off daily around midnight or in the hour before or after. When I started watchin for it I noticed it was onl the dhcp lease change happening in the log which again...never had this issue with any other router I owned but as I said I was just learning to try and live with it hoping that one day netgear and/or dumaos would get this thing figured out.
Any help would be greatly appreciated and I thank any and everyone in advance.
Re: Xr700 and constant dos attacks in log with internet loss
Sorry to hear you're having this issue. Generally these entries are just showing what connections you've made. For example the first and last IPs show Netflix and the game server. The others do belong to various US ISPs so it is possible an attack is coming from a player.
Lets explore other options before that. How is the Xbox setup to achieve an Open NAT? Is it in the DMZ for example? Is the Geo-Filter being used when gaming?
Re: Xr700 and constant dos attacks in log with internet loss
Thanks for the reply. I am quite certain that its attacks that kill the internet because like I said it only happens when my son plays that game. With that being said though...yesterday and today he started making sure he is always appearing offline when he plays and we havent had any attacks for the past day & a half so we'll see if the trend continues. I thought about going in and swapping out my cable modem or seeing if they can just issue it a new ip if apearing offline continues working and telling him that he can only play that game appearing offline or dont play it at all and hopefully we could stay clean.
I am no expert again but to answer your questions the best I can. No the dmz is not being used and yes the geo filter is. There are 4 xboxes that can all get open nat except when some are playing the same game then one boxes game nat may go moderate but thats pretty typical from what i've seen. Only 3 of the 4 boxes are in the geo filter though. I cant really say anything about any issues related to performance of the router outside of the dropping some connections at dhcp lease change time (doesnt happen to every device everytime but its still annoying).
Other than that the kids fuss about occasional lag spikes but from what i've seen thats mostly around lease change time as well and mostly hits every one of their boxes cuz they will simultaneously complain from their rooms and sometimes one will get booted off and others wont. Leases also occur in the log at multiple random times throughout the day even though they say once every 24 hrs.
i guess in the end I was just hoping and wondering if there was any help thru the router or other means to stop the nonsense of someone bein able to disrupt our internet like they've been. The lease change internet disruptions are annoying but secondary to he 'attacks.'
Re: Xr700 and constant dos attacks in log with internet loss
That is very strange, I would have thought it would be someone in a ranked game that he's playing with for example trying to get the advantage. Switching to appear offline wouldn't make a difference there, perhaps it is someone on their friends list who for some reason has a problem with them playing that game?
You could try disabling the Geo-Filter fully but given the offline method has worked I don't think that is an issue. If you unplug the modem for 5 minutes and plug it in that should get you a new IP. We do have a fix in 3.0 for that issue. Meanwhile you can try setting reserved IPs for the devices in LAN Settings.
Re: Xr700 and constant dos attacks in log with internet loss
@Netduma-Fraser wrote: perhaps it is someone on their friends list who for some reason has a problem with them playing that game?
This is exactly what the tech support guy at spectrum said he suspected as he said it happened to him in the past during his playstation playing days.
You could try disabling the Geo-Filter fully but given the offline method has worked I don't think that is an issue. If you unplug the modem for 5 minutes and plug it in that should get you a new IP. We do have a fix in 3.0 for that issue. Meanwhile you can try setting reserved IPs for the devices in LAN Settings.
As far as the modem being unplugged I have unplugged it and left it unplugged for about 30 secs and all but never did the 5 mins (didnt know that did anything different but I will try it). I assume that the reserved ip's you mention mean just setting static ip's for the boxes? I can certainly do that but what exactly will that accomplish relative to the issue of attacks?
Re: Xr700 and constant dos attacks in log with internet loss
Oh ok. I will try it then and I assume u are referring to dumaos 3 as the software fix? 3.0 that many people angrily/eagerly await the unknown release of...
