Reply

Re: dos attack by ISP?

ex2hale
Guide

dos attack by ISP?

Hello,

I have been having trouble with my nighthawk. Today I had cox come out to fix an issues to me losing internet random for about 20 seconds. The guy took off a filter that is inbetween the modem and cable. Since the internet has not lost service for about 6 hours. Then around 20 mins ago i lost service once again. So i go to my router log and see this:

 

[DoS attack: ACK Scan] attack packets in last 20 sec from ip [72.195.165.88], Tuesday, Nov 08,2016 17:31:33
[DHCP IP: (192.168.1.6)] to MAC address 00:25:F0:A9:3F:F1, Tuesday, Nov 08,2016 17:29:53
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [72.195.165.144], Tuesday, Nov 08,2016 17:29:46
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [72.195.165.144], Tuesday, Nov 08,2016 17:29:41

 

Now i understand that these are not REAL Dos attacks, but I googled the IP and it was IPs from Cox Communications. So i called cox to confirm that I just lost internet and they told me the internet has been stable for 8 hours and see no indication of a disconnect. I have the latest firmware on my R7000: V1.0.7.2_1.1.93 and also have gone to factory defaults multiple times. I have search all around the internet to figure out this problem and have not come up with a solution. My internet connection speed is:

 

Speed

as i was running speed test my internet dropped out for another 20 seconds log shows this:

 

[Admin login] from source 192.168.1.2, Tuesday, Nov 08,2016 23:03:27
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [52.89.158.114], Tuesday, Nov 08,2016 22:54:32
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [52.89.158.114], Tuesday, Nov 08,2016 22:54:27
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [151.101.24.175], Tuesday, Nov 08,2016 22:44:29
[DHCP IP: (192.168.1.7)] to MAC address E4:98Smiley Very Happy6:71:16Smiley Very HappyA, Tuesday, Nov 08,2016 22:37:58

 

Any help on this will be greatly appricated i have been battling this for months now. Let me know if any other information is needed.

 

 

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 1 of 19

Accepted Solutions
ex2hale
Guide

Re: dos attack by ISP?

So the problem is fixed!! Smiley Happy I am posting this so if anyone has the same problem they can fix it too. First things first the router and/or the equipment was not the problem. The problem was cox sent out dip**bleep** techs to my house over and over. When calling cox the last time I told them my modems power signals were not looking correct and told them about my modems logs. Ask your ISP for i believe what they call a "Data Tech" this tech actually knew what the **bleep** they were doing and fixed the issues. I had been dealing with this problem for over a year and it took the tech 30 minutes to fix my problem. So in ending this topic after the tons of hours looking on the internet and wasting my time JUST CALL YOUR ISP and have them fix the problem if your logs and symptoms are the same as mine, do not waste your time. Hopefullly this helps someone else out.

 

these were the errors my modem was giving to look my modems logs i typed 192.168.100.1 in the search bar:

 

2016-11-15, 20:48:43 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-15, 20:48:57 Warning (5) Dynamic Range Window violation

View solution in original post

Message 17 of 19

All Replies
microchip8
Master

Re: dos attack by ISP?

Probably I'm not very helpful since it's been ages since I used the stock firmware, but if it supports disabling DoS protection, then do it. Also, NG's DoS detection is seriously flawed and reports many false positives as correct

Routing: NETGEAR R7800 - Voxel Firmware 1.0.2.88SF & Kamoj addon
Switching: 2x NETGEAR 8-ports (GS108v4) / 1x NETGEAR 16-ports (JGS516v2)
Desktop: AMD Ryzen 7 3700X - Server: Intel Core i7-7700K - NAS: Intel Pentium G4400 - Cruncher: Intel Core i5-7400
Message 2 of 19
IrvSp
Master

Re: dos attack by ISP?

Netgear logging is full of stuff like this, go Google "DoS attack: ACK Scan" and check a few links out, almost ALL will be on Netgear routers.

 

I believe it is a s/w problem in the firmware where the router loses track of TCP/IP packets. TCP/IP packets go out and the routers knows to who. When a packets comes back it sees if it was expecting it and for whom. If 'on the list' it gets sent to you. Not on the list, it IS an attack it thinks and logs it an throws away to the packet.

 

Since it was your ISP, chances are that is why you can notice this. It was probably a DNS query. What came back was the IP ADDRESS you needed to go somewhere on your browser. After a 'timeout period' the browser assumed the reqest go lost or wasn't honored and sent another one, that one came back, and since it took some time that is WHY you noticed you lost internet.

 

I've never discovered a way to 'stop' this? Sometimes a reboot of the router, sometimes it just goes away by itself.

 

Anyway, if you see IP Addresses from places you would normally be going to on the web as an attacker it more than likely are FALSE. Real attacks are not a single or a few tried from the same IP Address but many sequentiallly.

Message 3 of 19
ex2hale
Guide

Re: dos attack by ISP?

Alright i will disable dos protection and see it that fixes it. fingers crossed.

Message 4 of 19
ex2hale
Guide

Re: dos attack by ISP?

after disabling dos protection i seem to be dropping internet more frequent. i downgrade to V1.0.5.70_1.1.91 and same thing is happening. i dont know what else to do.....

Message 5 of 19
Retired_Member
Not applicable

Re: dos attack by ISP?

Try V1.0.4.30 and or internet setup....Use Pc Mac address.... changing the MAC should change your Public IP

Message 6 of 19
IrvSp
Master

Re: dos attack by ISP?

Have you tried a different cable between the modem and router?

 

Sometimes you can get to the modem and see its log. In my case I can, it is an ISP provided Surfboard SB6141 and if I enter 192.168.100.1 into a browser I can see it. If that works and you can see a LOG tab, check it out for yourself.

 

Oh, for month I've not seen any attacks (I get logs emailed to me daily) and today I see it happened twice yesterday.

 

[DoS attack: Smurf] attack packets in last 20 sec from ip [184.88.19.241], Wednesday, Nov 09,2016 17:01:13

[DoS attack: ACK Scan] attack packets in last 20 sec from ip [52.7.238.134], Wednesday, Nov 09,2016 09:02:42

 

First is Time Warner, which my ISP uses for email (Road Runner). Second is Amazon. I used this site, https://www.ultratools.com/tools/ipWhoisLookupResult to look them up. Neither is a real attack.

 

 

 

Message 7 of 19
ex2hale
Guide

Re: dos attack by ISP?

i have tried multiple cables and same thing whats weird is my connection is more stable with dos protection on?

Message 8 of 19
IrvSp
Master

Re: dos attack by ISP?

Leave the DOS Protection on.

 

Make sure the MTU is 1500 too.

 

One other 'trick', under ADVANCED TAB --> SETUP --> INTERNET SETUP, under ROUTER MAC ADDRESS, set it to 'USE COMPUTER MAC ADDRESS" which you can just check and then SAVE. This will 'simulate' having the PC connected directly to the Modem. See if that helps.

Message 9 of 19
ex2hale
Guide

Re: dos attack by ISP?

when i switch the mac address i do not have any internet at all. MTU is at 1500

Message 10 of 19
Retired_Member
Not applicable

Re: dos attack by ISP?


@ex2hale wrote:

when i switch the mac address i do not have any internet at all. MTU is at 1500


reboot modem.. wait 5 minutes... then connect router and turn it on

Message 11 of 19
ex2hale
Guide

Re: dos attack by ISP?

Okay so i had a warrenty on my r7000 so in the mean time i bought a asus RT-AC87U and the problem seems to be continuing. Today I had steady internet for 5 hours straight then when everyone got home the internet started going out like crazy and would come back within 20 seconds I have devices on both 5ghz and 2.4 so its evenly bounced. Since the same thing is happening on two different routers i do not believe that it is the routers. I have done tons of reasearch with no clue on what to do next. At a time there are a total of 8 devices connected (not actively using the wifi but connected). Anyone have a idea on a fix? please. Thank you. 

 

EDIT: As the internet went out i ping www.google.com and los 50% of packets.

Message 12 of 19
ex2hale
Guide

Re: dos attack by ISP?

do not know if this will help but here is a log from my modem:

 



2016-11-15, 20:48:43 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-15, 20:48:57 Warning (5) Dynamic Range Window violation
2016-11-15, 20:49:13 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-15, 20:49:27 Warning (5) Dynamic Range Window violation
2016-11-15, 21:43:02 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-15, 21:43:03 Warning (5) Dynamic Range Window violation
2016-11-15, 21:43:17 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-15, 21:43:46 Warning (5) Dynamic Range Window violation
2016-11-15, 21:47:16 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-15, 21:54:14 Warning (5) Dynamic Range Window violation
2016-11-15, 22:00:28 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-15, 22:00:42 Warning (5) Dynamic Range Window violation
2016-11-15, 22:01:58 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-15, 22:02:58 Warning (5) Dynamic Range Window violation
2016-11-15, 22:10:41 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-15, 22:24:52 Warning (5) Dynamic Range Window violation
2016-11-15, 22:25:08 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-15, 22:25:22 Warning (5) Dynamic Range Window violation
2016-11-15, 22:26:38 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-15, 22:26:39 Warning (5) Dynamic Range Window violation
2016-11-15, 22:26:53 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-15, 22:26:55 Warning (5) Dynamic Range Window violation
2016-11-15, 22:27:38 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-15, 22:27:39 Warning (5) Dynamic Range Window violation
2016-11-15, 22:27:53 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-15, 22:27:54 Warning (5) Dynamic Range Window violation
2016-11-15, 22:28:08 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-15, 22:28:22 Warning (5) Dynamic Range Window violation
2016-11-16, 00:42:10 Critical (3) Started Unicast Maintenance Ranging - No Response received - T3 time-out;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-16, 01:14:04 Warning (5) Dynamic Range Window violation
2016-11-16, 01:20:18 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-16, 01:22:32 Warning (5) Dynamic Range Window violation
2016-11-16, 01:22:48 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-16, 01:22:50 Warning (5) Dynamic Range Window violation
2016-11-16, 01:23:03 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-16, 01:23:04 Warning (5) Dynamic Range Window violation
2016-11-16, 01:23:18 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-16, 01:23:32 Warning (5) Dynamic Range Window violation
2016-11-16, 01:23:48 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-16, 01:24:02 Warning (5) Dynamic Range Window violation
 

Message 13 of 19
ex2hale
Guide

Re: dos attack by ISP?

Also i ran MiniToolBox.exe from here and the log came up with this:

 

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/16/2016 01:26:45 AM) (Source: Microsoft-Windows-EFS) (User: JOSH-PC)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (11/15/2016 10:50:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: obs32.exe, version: 0.0.0.0, time stamp: 0x5821ffd3
Faulting module name: obs32.exe, version: 0.0.0.0, time stamp: 0x5821ffd3
Exception code: 0xc0000005
Fault offset: 0x00023218
Faulting process id: 0x3df4
Faulting application start time: 0xobs32.exe0
Faulting application path: obs32.exe1
Faulting module path: obs32.exe2
Report Id: obs32.exe3
Faulting package full name: obs32.exe4
Faulting package-relative application ID: obs32.exe5

Error: (11/15/2016 10:04:36 PM) (Source: Perflib) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8

Error: (11/15/2016 10:04:36 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (11/15/2016 09:59:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: obs32.exe, version: 0.0.0.0, time stamp: 0x5821ffd3
Faulting module name: obs32.exe, version: 0.0.0.0, time stamp: 0x5821ffd3
Exception code: 0xc0000005
Fault offset: 0x00023218
Faulting process id: 0x20ac
Faulting application start time: 0xobs32.exe0
Faulting application path: obs32.exe1
Faulting module path: obs32.exe2
Report Id: obs32.exe3
Faulting package full name: obs32.exe4
Faulting package-relative application ID: obs32.exe5

Error: (11/15/2016 09:26:45 PM) (Source: Microsoft-Windows-EFS) (User: JOSH-PC)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (11/15/2016 09:23:35 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/15/2016 09:17:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/15/2016 09:17:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/15/2016 09:14:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (11/16/2016 01:24:35 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/16/2016 01:21:16 AM) (Source: Service Control Manager) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (11/16/2016 01:21:02 AM) (Source: Ntfs) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

The exact nature of the corruption is unknown. The file system structures need to be scanned and fixed offline.

Error: (11/16/2016 01:21:02 AM) (Source: Microsoft-Windows-Ntfs) (User: NT AUTHORITY)
Description: C:\Device\HarddiskVolume23

Error: (11/16/2016 01:21:11 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:55:30 PM on ‎11/‎15/‎2016 was unexpected.

Error: (11/16/2016 01:21:00 AM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT AUTHORITY)
Description: 32212256845639738737559768

Error: (11/15/2016 09:24:39 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/15/2016 09:24:34 PM) (Source: Service Control Manager) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (11/15/2016 09:24:20 PM) (Source: Microsoft-Windows-Ntfs) (User: NT AUTHORITY)
Description: C:\Device\HarddiskVolume23

Error: (11/15/2016 09:23:32 PM) (Source: DCOM) (User: JOSH-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}


Microsoft Office Sessions:
=========================
Error: (11/16/2016 01:26:45 AM) (Source: Microsoft-Windows-EFS)(User: JOSH-PC)
Description: 74880x80070005

Error: (11/15/2016 10:50:06 PM) (Source: Application Error)(User: )
Description: obs32.exe0.0.0.05821ffd3obs32.exe0.0.0.05821ffd3c0000005000232183df401d23fccb977bd55B:\Programs\obs-studio\bin\32bit\obs32.exeB:\Programs\obs-studio\bin\32bit\obs32.exe75ef6d54-eacc-456f-8603-38a7e402ec78

Error: (11/15/2016 10:04:36 PM) (Source: Perflib)(User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8

Error: (11/15/2016 10:04:36 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (11/15/2016 09:59:44 PM) (Source: Application Error)(User: )
Description: obs32.exe0.0.0.05821ffd3obs32.exe0.0.0.05821ffd3c00000050002321820ac01d23fc15eed2e46B:\Programs\obs-studio\bin\32bit\obs32.exeB:\Programs\obs-studio\bin\32bit\obs32.exea00f9fa1-7379-43ed-9cbb-871833fd15cb

Error: (11/15/2016 09:26:45 PM) (Source: Microsoft-Windows-EFS)(User: JOSH-PC)
Description: 74880x80070005

Error: (11/15/2016 09:23:35 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (11/15/2016 09:17:56 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"c:\program files (x86)\microsoft office\root\office16\lync.exe.Manifestc:\program files (x86)\microsoft office\root\office16\UccApi.DLL1

Error: (11/15/2016 09:17:10 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\versions\1.0\Adobe AIR.dll3

Error: (11/15/2016 09:14:23 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1


CodeIntegrity Errors:
===================================
Date: 2016-11-16 01:21:17.717
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-15 21:24:34.519
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-11 01:44:19.497
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-10 23:15:41.263
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-10 12:13:54.452
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-09 21:25:30.632
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-09 18:38:34.380
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-09 01:35:24.332
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-08 00:29:12.301
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-07 18:42:50.834
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

Message 14 of 19
IrvSp
Master

Re: dos attack by ISP?

Don't mixup Modem log errors with Windows Event Viewer logged errors. Two different animals.

 

I have a Surfboard SB6141 and I can see its log and I get a lot of Critcal, but nothing like the constant log entries you've got. If these timestamps matched when you had problems, then it could be your modem, especially since your problems occur with 2 different routers.

 

What I'd do is connect a wired PC direct to the modem. Then do a PING. Problem with lost packets continue, call your ISP.

 

Do not sweat the Windows log. Many many of the entries in it, even the Critical ones are NORMAL.

 

About the only one I'd be concerned about the C: one about problems on the drive:

 

Error: (11/16/2016 01:21:02 AM) (Source: Ntfs) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

The exact nature of the corruption is unknown. The file system structures need to be scanned and fixed offline.

Error: (11/16/2016 01:21:02 AM) (Source: Microsoft-Windows-Ntfs) (User: NT AUTHORITY)
Description: C:\Device\HarddiskVolume23

Error: (11/16/2016 01:21:11 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:55:30 PM on ‎11/‎15/‎2016 was unexpected.

 

Looks like the PC shutdown by powering off, not gracefully doing a shutdown? Happen at 10:55PM the night before?

 

Run CHKDSK C: from a CMD prompt as an Administrator and see if there are errors. If so run CHKDSK /F and then the CHKDSK will run on the next boot prior to loading the OS and fix any problems.

 

That does NOT explain your network problems though.

 

First things first, do the CHKDSK and get drive C: corrected, then the PING while connected to the modem.

 

Let us know how it goes. If the PC connected to the Modem works fine, then we'll have to look further on your LAN and/or router setup.

Message 15 of 19
Retired_Member
Not applicable

Re: dos attack by ISP?

Call you cable/ISP company have them explain the errors or send a tech out and fix THEIR problem.

Message 16 of 19
ex2hale
Guide

Re: dos attack by ISP?

So the problem is fixed!! Smiley Happy I am posting this so if anyone has the same problem they can fix it too. First things first the router and/or the equipment was not the problem. The problem was cox sent out dip**bleep** techs to my house over and over. When calling cox the last time I told them my modems power signals were not looking correct and told them about my modems logs. Ask your ISP for i believe what they call a "Data Tech" this tech actually knew what the **bleep** they were doing and fixed the issues. I had been dealing with this problem for over a year and it took the tech 30 minutes to fix my problem. So in ending this topic after the tons of hours looking on the internet and wasting my time JUST CALL YOUR ISP and have them fix the problem if your logs and symptoms are the same as mine, do not waste your time. Hopefullly this helps someone else out.

 

these were the errors my modem was giving to look my modems logs i typed 192.168.100.1 in the search bar:

 

2016-11-15, 20:48:43 Critical (3) Unicast Ranging Received Abort Response - Re-initializing MAC;CM-MAC=40:5d:82:e5:26:a0;CMTS-MAC=00:1e:be:ff:28:b0;CM-QOS=1.1;CM-VER=3.0;
2016-11-15, 20:48:57 Warning (5) Dynamic Range Window violation

View solution in original post

Message 17 of 19
IrvSp
Master

Re: dos attack by ISP?

REMOVED, wrong thread.

Message 18 of 19
Retired_Member
Not applicable

Re: dos attack by ISP?

You're Welcome!

Message 19 of 19
Top Contributors
Discussion stats
  • 18 replies
  • 13641 views
  • 2 kudos
  • 4 in conversation
Announcements