Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

UPC "Drop-outs" of late, going insane

  • 21-12-2012 1:15am
    #1
    Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭


    Hey all,

    Time this gets its own thread. Got a little bit of feedback that this isnt just me, hoping for more.

    Setup:
    EPC3925 (Replaced on wednesday last, problem persists)
    WNDR3800
    Handfull of client devices, switches, and two wifi APs

    .2.6 = Machine I'm currently on, not that it matters.
    Logs added. All that I have(it only keeps a short segment).
    IPs of third parties have been removed for privacy, as has mine.
    Some of the junk as been removed("..").

    Tonight its died twice. First time 32Mb down to .5Mb, next time speed tests failed to connect.

    Lots of DOS listings there, but they arent always actually DOS attacks from what I've read. My networking isnt strong enough to be sure.

    Seems to happen a lot while I'm on YT(first time tonight I was skyping) but hard to tell if thats just that I notice it more for heavy load applications. Been happening for probably 2 months now btw.


    Going to start logging these "drop-outs" here and when I have more info I'll get in touch with the UPC reps.

    If anyone is having similar issues please pipe up, or if you have any suggestions as to the cause.

    Thanks,
    ED E
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:64036, Friday, December 21,2012 00:31:38
    [UPnP set event: add_nat_rule] from source 192.168.2.6, Friday, December 21,2012 00:31:38
    [COLOR="Lime"][Internet connected] IP address: 46.7.75.XX, Friday, December 21,2012 00:31:08
    [Internet connected] IP address: 192.168.100.10, Friday, December 21,2012 00:28:37[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Friday, December 21,2012 00:23:34
    [COLOR="Red"][DoS Attack: ACK Scan] from source: 87.248.210.253, port 80, Friday, December 21,2012 00:18:52[/COLOR]
    [DHCP IP: 192.168.2.2] to MAC address 00:90:a9:23:3c:77, Friday, December 21,2012 00:17:59
    [COLOR="red"][DoS Attack: ACK Scan] from source: 87.248.210.253, port 80, Friday, December 21,2012 00:17:54[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Friday, December 21,2012 00:17:45
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Friday, December 21,2012 00:17:38
    [COLOR="red"][DoS Attack: ACK Scan] from source: 87.248.210.253, port 80, Friday, December 21,2012 00:15:24[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Friday, December 21,2012 00:14:59
    [COLOR="red"][DoS Attack: ACK Scan] from source: 87.248.210.253, port 80, Friday, December 21,2012 00:14:09[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Friday, December 21,2012 00:13:41
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.8:62638, Friday, December 21,2012 00:13:03
    [UPnP set event: add_nat_rule] from source 192.168.2.8, Friday, December 21,2012 00:13:02
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:60983, Friday, December 21,2012 00:12:40
    [UPnP set event: del_nat_rule] from source 192.168.2.8, Friday, December 21,2012 00:12:40
    [UPnP set event: add_nat_rule] from source 192.168.2.6, Friday, December 21,2012 00:12:40
    [COLOR="red"][DoS Attack: ACK Scan] from source: 87.248.210.253, port 80, Friday, December 21,2012 00:12:28[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.8:54008, Friday, December 21,2012 00:11:41
    [UPnP set event: add_nat_rule] from source 192.168.2.8, Friday, December 21,2012 00:11:41
    [DHCP IP: 192.168.2.10] to MAC address 00:1f:3a:82:6f:22, Friday, December 21,2012 00:11:20
    [DHCP IP: 192.168.2.8] to MAC address 00:1d:09:c5:5f:0d, Friday, December 21,2012 00:11:08
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Friday, December 21,2012 00:10:52
    [UPnP set event: del_nat_rule] from source 192.168.2.8, Friday, December 21,2012 00:07:44
    [COLOR="red"][DoS Attack: RST Scan] from source: 190.207.141.121, port 55106, Friday, December 21,2012 00:05:19[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Friday, December 21,2012 00:03:44
    [COLOR="red"][DoS Attack: RST Scan] from source: 190.207.141.121, port 53908, Friday, December 21,2012 00:00:23[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:53:52
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:53:51
    [COLOR="red"][DoS Attack: RST Scan] from source: 69.247.52.71, port 56555, Thursday, December 20,2012 23:52:47[/COLOR]
    [DHCP IP: 192.168.2.4] to MAC address 00:24:d2:d1:6c:a9, Thursday, December 20,2012 23:52:08
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:49:41
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:48:51
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:48:51
    [COLOR="red"][DoS Attack: RST Scan] from source: 70.36.142.191, port 62812, Thursday, December 20,2012 23:48:27[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:46:53
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:45:29
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:44:46
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:44:11
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:41:51
    [COLOR="red"][DoS Attack: RST Scan] from source: 70.80.143.190, port 50109, Thursday, December 20,2012 23:41:48[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:41:43
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:40:42
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:40:32
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:38:50
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:38:49
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:38:02
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:37:54
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:37:35
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:37:35
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:36:44
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:36:09
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:35:50
    [COLOR="red"][DoS Attack: RST Scan] from source: 70.80.143.190, port 49792, Thursday, December 20,2012 23:35:11[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:33:53
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:33:50
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:33:49
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:33:49
    [COLOR="red"][DoS Attack: RST Scan] from source: 93.80.219.59, port 16264, Thursday, December 20,2012 23:33:48[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:31:52
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:31:26
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:31:18
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:30:31
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:29:38
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:29:36
    [COLOR="red"][DoS Attack: RST Scan] from source: 93.80.219.59, port 12627, Thursday, December 20,2012 23:28:56[/COLOR]
    [DHCP IP: 192.168.2.6] to MAC address 00:19:d1:81:09:69, Thursday, December 20,2012 23:28:52
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:28:03
    [COLOR="red"][DoS Attack: RST Scan] from source: 93.80.219.59, port 15991, Thursday, December 20,2012 23:26:47[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:26:41
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:25:19
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:25:13
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:24:25
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:23:29
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:23:28
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:23:27
    [COLOR="red"][DoS Attack: RST Scan] from source: 75.131.5.145, port 61538, Thursday, December 20,2012 23:22:35[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:21:54
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:21:31
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:21:05
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:21:02
    [COLOR="red"][DoS Attack: RST Scan] from source: 75.131.5.145, port 60779, Thursday, December 20,2012 23:20:59[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:20:55
    ..
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.8:55450, Thursday, December 20,2012 23:18:46
    [UPnP set event: add_nat_rule] from source 192.168.2.8, Thursday, December 20,2012 23:18:45
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:18:45
    [COLOR="red"][DoS Attack: ACK Scan] from source: 157.56.126.173, port 443, Thursday, December 20,2012 23:18:24[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:51662, Thursday, December 20,2012 23:18:19
    [UPnP set event: add_nat_rule] from source 192.168.2.6, Thursday, December 20,2012 23:18:19
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:18:12
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:18:11
    [COLOR="lime"][Internet connected] IP address: 46.7.75.XX, Thursday, December 20,2012 23:18:05
    [UPnP set event: del_nat_rule] from source 192.168.2.6, Thursday, December 20,2012 23:17:37
    [Internet connected] IP address: 192.168.100.10, Thursday, December 20,2012 23:17:19[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:16:25
    ..
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:13:47
    [COLOR="red"][DoS Attack: RST Scan] from source: 212.93.105.38, port 57477, Thursday, December 20,2012 23:13:44[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:13:07
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:13:04
    [COLOR="red"][DoS Attack: ACK Scan] from source: 74.66.84.101, port 65141, Thursday, December 20,2012 23:12:45[/COLOR]
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:12:42
    ..
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:08:40
    [COLOR="red"][DoS Attack: RST Scan] from source: 71.34.234.144, port 10185, Thursday, December 20,2012 23:08:36[/COLOR]
    [UPnP set event: del_nat_rule] from source 192.168.2.6, Thursday, December 20,2012 23:08:09
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:6885, Thursday, December 20,2012 23:08:06
    ..
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:6885, Thursday, December 20,2012 23:06:46
    [DHCP IP: 192.168.2.3] to MAC address d0:66:7b:65:ea:4e, Thursday, December 20,2012 23:06:44
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:6885, Thursday, December 20,2012 23:06:36
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:6885, Thursday, December 20,2012 23:06:32
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:6885, Thursday, December 20,2012 23:06:26
    [DHCP IP: 192.168.2.3] to MAC address d0:66:7b:65:ea:4e, Thursday, December 20,2012 23:06:20
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:06:12
    ..
    [LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:6885, Thursday, December 20,2012 22:58:51
    
    LOG END (Wish I could enable longer logging but......)
    


«134567

Comments

  • Registered Users, Registered Users 2 Posts: 799 ✭✭✭Cork981


    Looks like your modem could be accepting or triggering to many tcp or udp connections as in a torrent application or a multithreaded downloader just as free download manager.
    Try disabling IP flood detection on your router an see does this make a difference.


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Could the EPC be flood detecting even while bridging?


  • Registered Users, Registered Users 2 Posts: 3,323 ✭✭✭jay93


    IP address URL="http://www.ip-adress.com/host/"]?[/URL: 87.248.210.253 Copy [Whois] [Reverse IP] IP country code: GB IP address country: gb.png United Kingdom IP address state: London, City of IP address city: London IP address latitude: 51.5142 IP address longitude: -0.0931 ISP of this IP URL="http://www.ip-adress.com/isp"]?[/URL: Limelight Networks


  • Registered Users, Registered Users 2 Posts: 3,323 ✭✭✭jay93


    That's a track from one IP that seems to be DOS attacking you although you did say you didn't believe it to be an attack seems strange though.


  • Registered Users, Registered Users 2 Posts: 3,323 ✭✭✭jay93


    IP address URL="http://www.ip-adress.com/host/"]?[/URL: 190.207.141.121 Copy [Whois] [Reverse IP] IP country code: VE IP address country: ve.png Venezuela IP address state: Vargas IP address city: Maiquetía IP address latitude: 10.6000 IP address longitude: -66.9500 ISP of this IP URL="http://www.ip-adress.com/isp"]?[/URL: CANTV Servicios


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,323 ✭✭✭jay93


    The whole Venezula thing seems to be the strangest something bad going on here seems dodgy to me.

    IP address [?]: 212.93.105.38 Copy [Whois] [Reverse IP]
    IP country code: LV
    IP address country: ip address flag Latvia

    IP address [?]: 71.34.234.144 Copy [Whois] [Reverse IP]
    IP country code: US
    IP address country: ip address flag United States
    IP address state: Oregon

    IP address [?]: 157.56.126.173 Copy [Whois] [Reverse IP]
    IP country code: US
    IP address country: ip address flag United States
    IP address state: n/a
    IP address city: n/a
    IP address latitude: 38.0000
    IP address longitude: -97.0000
    ISP of this IP [?]: Microsoft Corp
    Organization: Microsoft Corp

    that one seems strange attack from Microsoft?

    IP address [?]: 93.80.219.59 Copy [Whois] [Reverse IP]
    IP country code: RU
    IP address country: ip address flag Russian Federation
    IP address state: Moscow City

    IP address [?]: 69.247.52.71 Copy [Whois] [Reverse IP]
    IP country code: US
    IP address country: ip address flag United States
    IP address state: Florida
    IP address city: Naples
    IP address latitude: 26.1420
    IP address longitude: -81.7948
    ISP of this IP [?]: Comcast Cable

    IP address [?]: 75.131.5.145 Copy [Whois] [Reverse IP]
    IP country code: US
    IP address country: ip address flag United States
    IP address state: Georgia
    IP address city: Covington
    IP postcode: 30016
    IP address latitude: 33.5120
    IP address longitude: -83.9496
    ISP of this IP [?]: Charter Communications
    Organization: Charter Communications


  • Registered Users, Registered Users 2 Posts: 3,323 ✭✭✭jay93


    I hope you find out what the problem is soon sounds very frustrating did a couple of tracks on the IPs from your log,

    Try disable ip flood detection if it is enabled on your modem

    If it's going down like that and saying dos attack seems very likely that maybe something is attempting to attack your connection have never seen anything like this before.


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Thanks for your input, EPC is very locked down in bridge mod naturally, so if its on I can't configure it.

    Gonna do a kasp rescue disk scan tonight to scan for malware/rootkits that av could have missed.

    Logs clean last night.

    I don't game online a lot, no consoles, so I'm trying to.figure out why I could be attacked.

    Always on stuff that dials out:
    Teamviewer
    Hamachi
    Dropbox
    Filezilla
    No-ip

    Thanks again for your effort.


  • Closed Accounts Posts: 1,856 ✭✭✭Clover


    Been having alot of drop outs also, where the EPC3925 drops it's connection for a few seconds and then gets it back(reboots itself). Also have trouble with the connection dropping it's speed all the way down to under 1meg down 1meg up.

    Had the modem replaced last week and I still have the same problem and also had an upc tech out today , but all is showing as ok to them, even the drops in the connection are not showing up on there end.

    Had ip flood detection off but have now turned it on as my log was empty, you getting the log info from going : administration / reporting / view log?.


  • Registered Users, Registered Users 2 Posts: 370 ✭✭UCD AFC


    Hi there, I think I am having the same problem. Also EPC3925 - when I am playing online on the Xbox I will not disconnect from Xbox Live but will lose connection to the host on Minecraft and disconnect from games on Fifa as well as losing connection to the party chat - all reconnecting within 10 seconds (back into the party chat) - but very frustrating as disrupts gaming lose progress etc. Just checked and my Disable IP Flood Detection box is not checked. Very grateful if anyone has any suggestions - have tried a million different settings on the xbox it can't be the problem at this stage.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    UCD AFC wrote: »
    Hi there, I think I am having the same problem. Also EPC3925 - when I am playing online on the Xbox I will not disconnect from Xbox Live but will lose connection to the host on Minecraft and disconnect from games on Fifa as well as losing connection to the party chat - all reconnecting within 10 seconds (back into the party chat) - but very frustrating as disrupts gaming lose progress etc. Just checked and my Disable IP Flood Detection box is not checked. Very grateful if anyone has any suggestions - have tried a million different settings on the xbox it can't be the problem at this stage.

    That's not a fault per say, its just the general design of the epc not managing simultaneous connections very well. Its a POS. Try not using chat, playing solo online and see if it helps.


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Clover wrote: »
    Been having alot of drop outs also, where the EPC3925 drops it's connection for a few seconds and then gets it back(reboots itself). Also have trouble with the connection dropping it's speed all the way down to under 1meg down 1meg up.

    Had the modem replaced last week and I still have the same problem and also had an upc tech out today , but all is showing as ok to them, even the drops in the connection are not showing up on there end.

    Had ip flood detection off but have now turned it on as my log was empty, you getting the log info from going : administration / reporting / view log?.

    Ok, these are the exact same symptoms as me.

    We also had it replaced to no avail.

    Difference though is ours is bridged, but we can now eliminate that as a factor.

    My logging comes from my WNDR3800.

    If anybody thinks it would be of use I could make verbose logs with wireshark.


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Just rebooted itself again not 2 minutes ago. Logs are clean.


  • Registered Users, Registered Users 2 Posts: 799 ✭✭✭Cork981


    Are you running any p2p apps? Such as torrents or spotify ? Try to get your IP address renewed I don't have upc but believe they dont refresh your ip that often.
    And yes ip flood detection would still be operating on the outer gateway unless you disabled the firewall.
    But it's still strange to see them remote ip addresses in the logs.

    Change you wifi password disconnect all other devices close your web browser and do run netstat -a and have a look what connections show up.


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    2392263034.png

    Just in the door and back to this.


    There is some torrent activity, also relic P2P updates now and again. Thing is, it happens even when there hasnt been any kind of P2P in 24+hrs. So its unlikely to be related.
    And yes ip flood detection would still be operating on the outer gateway unless you disabled the firewall.

    This seems counter-intuitive to me. The whole idea of bridging is move the load, and the control to your router, which has its own firewall.
    [DoS Attack: RST Scan] from source: 67.42.47.227, port 16221, Monday, December 24,2012 16:54:53
    [UPnP set event: del_nat_rule] from source 192.168.2.6, Monday, December 24,2012 16:54:33
    

    Just a few minutes ago.


    Will try and get it renewed, they change very rarely.


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Back into normal mode to have a look around, though I may as well log fw version and stats in the thread:
    Model:	 Cisco EPC3925
    Vendor:	 Cisco
    Hardware Revision:	 1.0
    Serial Number:	
    MAC Address:	
    Bootloader Revision:	 2.3.0_R1
    Current Software Revision:	 epc3925-ESIP-12-v302r125561-120727c_upc
    Firmware Name:	 epc3925-ESIP-12-v302r125561-120727c_upc.bin
    Firmware Build Time:	 Jul 27 21:06:28 2012
    Cable Modem Status:	Operational
    Wireless Network:	Disable
    
     		
    Cable Modem State	 	 
    DOCSIS Downstream Scanning:	Completed
    DOCSIS Ranging:	Completed
    DOCSIS DHCP:	Completed
    DOCSIS TFTP:	Completed
    DOCSIS Data Reg Complete:	Completed
    DOCSIS Privacy:	Enabled
    
     		
    Downstream Channels	 	 
     	Power Level:	Signal to Noise Ratio:
    Channel 1:	 3.5 dBmV	39.9 dB
    Channel 2:	 3.5 dBmV	41.0 dB
    Channel 3:	 3.5 dBmV	41.2 dB
    Channel 4:	 3.2 dBmV	39.1 dB
    Channel 5:	 2.4 dBmV	39.9 dB
    Channel 6:	 2.6 dBmV	40.4 dB
    Channel 7:	 2.3 dBmV	40.0 dB
    Channel 8:	 2.0 dBmV	39.8 dB
    
     		
    Upstream Channels	 	 
     	Power Level:
    Channel 1:	48.7 dBmV
    Channel 2:	 0.0 dBmV
    Channel 3:	 0.0 dBmV
    Channel 4:	 0.0 dBmV
    

    Changing mode caused a reboot too, which returned me to normal speeds. For now...

    I got the router last week:
    PKiJC.png
    Default settings when I switched back from bridge.
    u4yrh.png


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    2395030172.png


  • Registered Users, Registered Users 2 Posts: 370 ✭✭UCD AFC


    Hi there, not up to speed on what you've done so far (excuse the pun) - have you had any success in fixing the problem? Thanks


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    UCD AFC wrote: »
    Hi there, not up to speed on what you've done so far (excuse the pun) - have you had any success in fixing the problem? Thanks

    1 Random reboot of its own accord that I witnessed, other than that its been running ok. That said, I wasnt in the house for the last three days so I wouldnt have seen any down time, and usage would have been low.


  • Registered Users, Registered Users 2 Posts: 370 ✭✭UCD AFC


    Thanks - did you change anything to get it back to normal behavior or was it of it's own accord?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    I'm not so sure we're out of the woods yet, but no, nothings been changed really.


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    2411335625.png

    Reared its ugly head again tonight. Logs are "clean" again.


    New FW available for the WNDR3800:
    WNDR3800 V1.0.0.44 firmware release:
    Note:
    Before you upgrade, NETGEAR recommends that you write down your Internet settings and also your wireless settings if you changed them. After the upgrade you can use NETGEAR Genie to detect and set up your Internet connection, or you can manually enter the settings.
    
    Bug fix:
    1. Fix the issue that when android devices in sleep mode might cause router connection issue.
    2. Fix the issue that router don't support Up to 300Mbps wireless mode for Korea region.
    3. Fix the issue that router can't support 3TB USB disk well in DLNA function and ReadySHARE FTP protocol.
    
    Known issues & bugs
    1. Time Machine function limitation:
    --Time Machine function limitation: Only support "GUID Partition Table" and "Master Boot Record" in partition table format.
    We don't support "Apple Partition Map" this format.
    Workaround: When you choose the partition scheme of your USB disk, please don't select "Apple Partition Map" this format.
    --For Non-journal system, support Time Machine backup size up to 750 GB.
    --For Journal system+ MBR partition table, support Time Machine backup size up to 750 GB.
    --For Journal system+ GUID partition table, support Time Machine backup size up to 500 GB.
    -- We suggest customer to use the new USB disk to do Time Machine backup. If customer uses the USB disk which already include the old Time Machine backup file, WNDR3800 might need spend time
    to scan/valid the old backup file is ok to be used or not and customer need to wait for couple minutes or even a hours.
    
    2. Traffic meter - Traffic volume control is not accurate due to sampling rate. It may exceed the limit.
    Workaround: Set a proper number in "Mbytes before the monthly limit is reached" in the traffic control.
    
    

    Nothing relevant but just in case things were to change I'm logging it here.

    For good measure:
    74961098.png


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    [admin login] from source 192.168.2.6, Thursday, January 03,2013 18:22:41
    [admin login] from source 192.168.2.3, Thursday, January 03,2013 18:20:17
    [admin login failure] from source 192.168.2.3, Thursday, January 03,2013 18:20:12
    [DoS Attack: RST Scan] from source: 82.74.247.58, port 50527, Thursday, January 03,2013 18:19:09
    [DoS Attack: RST Scan] from source: 71.56.79.91, port 49163, Thursday, January 03,2013 18:18:18
    [DoS Attack: RST Scan] from source: 66.230.85.160, port 49229, Thursday, January 03,2013 18:14:12
    [DoS Attack: RST Scan] from source: 82.74.247.58, port 49456, Thursday, January 03,2013 18:14:11
    [DoS Attack: RST Scan] from source: 212.93.100.62, port 45803, Thursday, January 03,2013 18:11:28
    [admin login] from source 192.168.2.3, Thursday, January 03,2013 18:07:19
    [Time synchronized with NTP server] Thursday, January 03,2013 18:07:03
    [Initialized, firmware version: V1.0.0.44] Thursday, January 03,2013 18:06:35
    

    :/


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    http://www.dslreports.com/forum/r26477232-Cisco-3925-web-traffic-slows-to-a-crawl~start=20

    Thats related. His case seems to be a NAT issue. Dont think there's much I can do about that with locked down FW though.


  • Registered Users, Registered Users 2 Posts: 21,499 ✭✭✭✭Alun


    ED E wrote: »
    http://www.dslreports.com/forum/r26477232-Cisco-3925-web-traffic-slows-to-a-crawl~start=20

    Thats related. His case seems to be a NAT issue. Dont think there's much I can do about that with locked down FW though.
    That's a "real Cisco" 3900 series router running IOS, nothing like what we have :D


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Alun wrote: »
    That's a "real Cisco" 3900 series router running IOS, nothing like what we have :D

    I was assuming that UPC/CISCO just reskinned the normal FW for the EPC/DPC? Would they actually rewrite everything?


  • Registered Users, Registered Users 2 Posts: 21,499 ✭✭✭✭Alun


    ED E wrote: »
    I was assuming that UPC/CISCO just reskinned the normal FW for the EPC/DPC? Would they actually rewrite everything?
    Full blown enterprise level Cisco routers are different animals altogether, and run a completely different operating system (IOS) to both the consumer level Cisco (ex Linksys) stuff, and the consumer level cable (ex Scientific Atlanta) stuff.

    A Cisco 3925 is not the same as a Cisco EPC3925 ... this is a Cisco 3925 :D

    http://www.router-switch.com/cisco3925-k9-p-291.html

    As you can see, just a bit bigger, and a tad more expensive.


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Daniel__s_Facepalm_by_xAikaNoKurayami.jpg

    On track now. Thanks.


    Update:

    Logs now being sent to my email hourly, will filter them and then scan for restarts.


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    .66Mb this morning again.

    Logging emails duplicate some content so some lines may be here twice.
    [DoS Attack: RST Scan] from source: 69.165.209.9, port 15709, Sunday, January 06,2013 11:43:15
    
    [DoS Attack: RST Scan] from source: 24.69.58.217, port 60487, Sunday, January 06,2013 10:56:03
    
    [DoS Attack: RST Scan] from source: 68.105.7.165, port 64323, Sunday, January 06,2013 10:54:51
    
    [DoS Attack: RST Scan] from source: 24.69.58.217, port 60212, Sunday, January 06,2013 10:49:28
    
    [DoS Attack: ACK Scan] from source: 24.1.5.75, port 62874, Sunday, January 06,2013 10:49:17
    
    [DoS Attack: RST Scan] from source: 24.69.58.217, port 60487, Sunday, January 06,2013 10:56:03
    
    [DoS Attack: RST Scan] from source: 68.105.7.165, port 64323, Sunday, January 06,2013 10:54:51
    
    [DoS Attack: RST Scan] from source: 24.69.58.217, port 60212, Sunday, January 06,2013 10:49:28
    
    [DoS Attack: ACK Scan] from source: 24.1.5.75, port 62874, Sunday, January 06,2013 10:49:17
    
    [DoS Attack: ACK Scan] from source: 61.42.85.214, port 150, Sunday, January 06,2013 09:39:22
    
    [DoS Attack: RST Scan] from source: 69.165.209.9, port 15709, Sunday, January 06,2013 09:48:41
    
    [DoS Attack: ACK Scan] from source: 61.42.85.214, port 150, Sunday, January 06,2013 09:39:22
    
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 07:57:42
    
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 07:54:45
    
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 07:57:42
    
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 06:53:58
    
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 05:57:09
    
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 05:57:09
    
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 05:38:34
    
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 03:53:34
    
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 03:38:37
    
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 03:53:34
    
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 03:38:37
    
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 02:46:20
    
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 02:42:15
    
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 02:38:21
    
    [DoS Attack: RST Scan] from source: 110.168.19.213, port 19024, Sunday, January 06,2013 01:44:01
    [DoS Attack: RST Scan] from source: 110.168.19.213, port 18642, Sunday, January 06,2013 01:42:18
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 01:38:24
    
    [DoS Attack: RST Scan] from source: 186.14.120.174, port 51827, Sunday, January 06,2013 01:25:13
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 01:24:34
    
    [DoS Attack: RST Scan] from source: 186.14.120.174, port 51764, Sunday, January 06,2013 01:18:13
    
    [DoS Attack: RST Scan] from source: 66.230.80.186, port 57950, Sunday, January 06,2013 01:11:25
    [DoS Attack: RST Scan] from source: 186.14.120.174, port 51188, Sunday, January 06,2013 01:06:20
    [DoS Attack: RST Scan] from source: 66.230.80.186, port 56195, Sunday, January 06,2013 01:04:45
    [DoS Attack: RST Scan] from source: 186.14.120.174, port 51178, Sunday, January 06,2013 01:04:31
    
    [DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 01:00:39
    
    


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    IP	:	94.242.214.225	     Neighborhood
    Host	:	ip-static-94-242-214-225.as5577.net    
    Country	:	Luxembourg   
    
     
        Address information
        Related IP adresses
    IP address	Type	Host name	DNS state
    94.242.192.2	 A 	as5577.net	
    94.242.192.2	 MX 	mx.as5577.net	
    195.26.4.3	 NS 	ns1.root.lu	
    2a01:608::3	 NS 	ns1.root.lu	  ( 195.26.4.3 )
    83.243.8.3	 NS 	ns2.root.lu	
    195.26.4.3	 NS 	a.root.lu	
    2a01:608::3	 NS 	a.root.lu	  ( 195.26.4.3 )
    83.243.8.3	 NS 	b.root.lu	
    2a01:608::4	 NS 	b.root.lu	  ( 83.243.8.3 )
    195.24.72.3	 NS 	c.root.lu	
    
        IP owner info (Whois)
    #
    # The following results may also be obtained via:
    # http://whois.arin.net/rest/nets;q=94.242.214.225?showDetails=true&showARIN=false&ext=netref2
    #
     
    NetRange:       94.0.0.0 - 94.255.255.255
    CIDR:           94.0.0.0/8
    OriginAS:       
    NetName:        94-RIPE
    NetHandle:      NET-94-0-0-0-1
    Parent:         
    NetType:        Allocated to RIPE NCC
    Comment:        These addresses have been further assigned to users in
    Comment:        the RIPE NCC region. Contact information can be found in
    Comment:        the RIPE database at http://www.ripe.net/whois
    RegDate:        2007-07-30
    Updated:        2009-05-18
    Ref:            http://whois.arin.net/rest/net/NET-94-0-0-0-1
     
    OrgName:        RIPE Network Coordination Centre
    OrgId:          RIPE
    Address:        P.O. Box 10096
    City:           Amsterdam
    StateProv:      
    PostalCode:     1001EB
    Country:        NL
    RegDate:        
    Updated:        2011-09-24
    Ref:            http://whois.arin.net/rest/org/RIPE
     
    ReferralServer: whois://whois.ripe.net:43
     
    OrgAbuseHandle: RNO29-ARIN
    OrgAbuseName:   RIPE NCC Operations
    OrgAbusePhone:  +31 20 535 4444 
    OrgAbuseEmail:  hostmaster@ripe.net
    OrgAbuseRef:    http://whois.arin.net/rest/poc/RNO29-ARIN
     
    OrgTechHandle: RNO29-ARIN
    OrgTechName:   RIPE NCC Operations
    OrgTechPhone:  +31 20 535 4444 
    OrgTechEmail:  hostmaster@ripe.net
    OrgTechRef:    http://whois.arin.net/rest/poc/RNO29-ARIN
     
    #
    # ARIN WHOIS data and services are subject to the Terms of Use
    # available at: https://www.arin.net/whois_tou.html
    #
     
    
     
     
    Deferred to specific whois server: whois.ripe.net...
     
     
    % This is the RIPE Database query service.
    % The objects are in RPSL format.
    %
    % The RIPE Database is subject to Terms and Conditions.
    % See http://www.ripe.net/db/support/db-terms-conditions.pdf
     
    % Note: this output has been filtered.
    %       To receive output for a database update, use the "-B" flag.
     
    % Information related to '94.242.192.0 - 94.242.223.255'
     
    inetnum:        94.242.192.0 - 94.242.223.255
    netname:        ROOT-NETWORK
    descr:          root SA
    country:        LU
    admin-c:        AB99-RIPE
    tech-c:         RE655-RIPE
    status:         ASSIGNED PA
    mnt-by:         ROOT-MNT
    source:         RIPE # Filtered
     
    role:           root eSolutions
    address:        35, rue John F. Kennedy
    address:        7327 Steinsel
    address:        Luxembourg
    phone:          +352 20.500
    fax-no:         +352 20.500.500
    abuse-mailbox:  abuse@as5577.net
    remarks:
    remarks:        +------------------------------------+
    remarks:        | Operational Issues:                |
    remarks:        |                     noc@as5577.net |
    remarks:        +------------------------------------+
    remarks:        | Abuse and Spam:                    |
    remarks:        |                   abuse@as5577.net |
    remarks:        +------------------------------------+
    remarks:
    admin-c:        RE655-RIPE
    tech-c:         AB99-RIPE
    nic-hdl:        RE655-RIPE
    mnt-by:         ROOT-MNT
    source:         RIPE # Filtered
     
    person:         Andy BIERLAIR
    address:        root SA
    address:        35, rue John F. Kennedy
    address:        7327 Steinsel
    address:        Luxembourg
    phone:          +352 20.500
    fax-no:         +352 20.500.500
    nic-hdl:        AB99-RIPE
    mnt-by:         ROOT-MNT
    remarks:
    remarks:        +------------------------------------+
    remarks:        | I did *NOT* spam your mailbox!     |
    remarks:        | I will *NOT* reply to abuse mails! |
    remarks:        |                                    |
    remarks:        | Please contact abuse@as5577.net !  |
    remarks:        +------------------------------------+
    remarks:
    source:         RIPE # Filtered
     
    % Information related to '94.242.192.0/18AS5577'
     
    route:          94.242.192.0/18
    descr:          root SA
    origin:         AS5577
    mnt-by:         ROOT-MNT
    source:         RIPE # Filtered
     
    % This query was served by the RIPE Database Query Service version 1.47.5 (WHOIS1)
    

    http://www.ripe.net/ - these guys.


  • Registered Users, Registered Users 2 Posts: 34 Fizzix


    Guess what.. I'm having the exact same problem as you right down to the last symptom. Just check my router logs for today:

    Illegal TCP header 939 Mon Jan 07 00:15:48 2013 192.168.1.18:0 190.178.149.82:0


    The IP Whois is RIPE..something fishy is going on.


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Now that is suspicious.


  • Registered Users, Registered Users 2 Posts: 34 Fizzix


    So it seems this is a Dos attack, and its ongoing as we speak. I wonder who we pissed off.


  • Registered Users, Registered Users 2 Posts: 21,499 ✭✭✭✭Alun


    RIPE is an internet registrar just like InterNIC, APNIC and ARIN that cover different regions, nothing suspicious about that at all.

    Looks like you may have ended up with an IP address of someone that pissed off somebody, and they're attempting to DOS you.


  • Registered Users, Registered Users 2 Posts: 34 Fizzix


    How long is UPCs DHCP lease ?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    2422775213.png

    Just did it again in the last ten minutes. Going to reboot now and then I'll check the logs.


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    [admin login] from source 192.168.2.3, Tuesday, January 08,2013 22:27:53
    [LAN access from remote]
    [UPnP set event: add_nat_rule] from source 192.168.2.6, Tuesday, January 08,2013 22:22:01
    [LAN access from remote] 
    [UPnP set event: add_nat_rule] from source 192.168.2.3, Tuesday, January 08,2013 22:21:46
    [Internet connected] IP address: 46.7.xx.xx, Tuesday, January 08,2013 22:21:04
    [Internet connected] IP address: 192.168.100.10, Tuesday, January 08,2013 22:19:48
    [DoS Attack: RST Scan] from source: 108.162.203.29, port 80, Tuesday, January 08,2013 22:16:38
    [LAN access from remote]
    [DoS Attack: RST Scan] from source: 108.162.203.29, port 80, Tuesday, January 08,2013 22:07:58
    [LAN access from remote]
    [DHCP IP: 192.168.2.18] to MAC address 00:26:08:1a:63:80, Tuesday, January 08,2013 22:03:18
    [DoS Attack: RST Scan] from source: 69.244.75.173, port 57853, Tuesday, January 08,2013 22:02:18
    [LAN access from remote]
    [DoS Attack: RST Scan] from source: 69.244.75.173, port 56987, Tuesday, January 08,2013 21:57:30
    [DHCP IP: 192.168.2.7] to MAC address d0:66:7b:65:ea:4e, Tuesday, January 08,2013 21:56:20
    [LAN access from remote] 
    [DHCP IP: 192.168.2.4] to MAC address 6c:62:6d:7f:bb:55, Tuesday, January 08,2013 21:55:44
    [DoS Attack: RST Scan] from source: 75.72.40.225, port 59783, Tuesday, January 08,2013 21:52:00
    [DoS Attack: RST Scan] from source: 74.160.162.81, port 58380, Tuesday, January 08,2013 21:49:06
    [LAN access from remote] 
    [LAN access from remote]
    [LAN access from remote]
    [DHCP IP: 192.168.2.2] to MAC address 00:90:a9:23:3c:77, Tuesday, January 08,2013 21:48:04
    [LAN access from remote] 
    [LAN access from remote] 
    [DoS Attack: RST Scan] from source: 75.72.40.225, port 57664, Tuesday, January 08,2013 21:44:04
    [LAN access from remote] 
    [DoS Attack: RST Scan] from source: 74.160.162.81, port 57941, Tuesday, January 08,2013 21:40:50
    [DoS Attack: RST Scan] from source: 71.174.186.109, port 50989, Tuesday, January 08,2013 21:40:36
    [LAN access from remote] 
    [DoS Attack: RST Scan] from source: 80.233.23.106, port 31022, Tuesday, January 08,2013 21:37:03
    [LAN access from remote] 
    [LAN access from remote]
    [DoS Attack: RST Scan] from source: 24.92.144.206, port 39111, Tuesday, January 08,2013 21:29:04
    [DoS Attack: RST Scan] from source: 199.185.132.4, port 63121, Tuesday, January 08,2013 21:28:42
    [DoS Attack: RST Scan] from source: 199.185.133.5, port 65317, Tuesday, January 08,2013 21:28:32
    [LAN access from remote]
    [DoS Attack: RST Scan] from source: 24.92.144.206, port 39111, Tuesday, January 08,2013 21:22:32
    [DoS Attack: RST Scan] from source: 80.233.23.106, port 28710, Tuesday, January 08,2013 21:20:52
    [UPnP set event: del_nat_rule] from source 192.168.2.6, Tuesday, January 08,2013 21:20:07
    [LAN access from remote] 
    [LAN access from remote]
    [LAN access from remote] 
    
    [LAN access from remote] 
    [LAN access from remote] 
    [LAN access from remote] 
    [LAN access from remote] 
    [DoS Attack: RST Scan] from source: 24.69.58.217, port 60726, Tuesday, January 08,2013 21:14:47
    [LAN access from remote] 
    [LAN access from remote] 
    
    [LAN access from remote] 
    [LAN access from remote] 
    [DoS Attack: ACK Scan] from source: 87.69.142.248, port 1962, Tuesday, January 08,2013 21:13:52
    [LAN access from remote] 
    [LAN access from remote] 
    
    [LAN access from remote] 
    [LAN access from remote] 
    [DoS Attack: RST Scan] from source: 24.69.58.217, port 62657, Tuesday, January 08,2013 21:12:57
    [LAN access from remote] 
    [LAN access from remote] 
    
    [LAN access from remote] 
    


    uqfxT.png


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Dropped for 60 seconds just there :mad:


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Died again.


  • Registered Users, Registered Users 2 Posts: 3,243 ✭✭✭DECEiFER


    What are your SNR numbers like these days?

    Have you tried connecting your computer directly to the EPC while in Bridge mode to see if that helps?

    If you're going to nuke Spyware, I recommend (as I feel it's an under-rated app) Spybot S&D. It really does a great job. I never turn on real-time scanning. I run an on-demand scan every now and again to get rid of some nasty parasites. Hell, if you've ever been completely infected to the point where some parasites completely take over your machine (where you couldn't even get into Control Panel or into Default or Add/Remove Programs to uninstall anything in the OS), running Spybot S&D in Safe Mode saved many PCs I scanned completely (many friends back in the Windows XP days were often not careful about what they were downloading and after running Spyboy S&D their OSs were back to normal after one scan with no more popups and no more access restrictions).


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Downstream Channels	 	 
     	Power Level:	Signal to Noise Ratio:
    Channel 1:	 3.2 dBmV	39.9 dB
    Channel 2:	 3.5 dBmV	40.5 dB
    Channel 3:	 3.2 dBmV	39.9 dB
    Channel 4:	 2.8 dBmV	39.9 dB
    Channel 5:	 1.9 dBmV	40.9 dB
    Channel 6:	 2.0 dBmV	41.4 dB
    Channel 7:	 2.0 dBmV	41.4 dB
    Channel 8:	 2.0 dBmV	40.2 dB
    
     		
    Upstream Channels	 	 
     	Power Level:
    Channel 1:	45.9 dBmV
    Channel 2:	 0.0 dBmV
    Channel 3:	 0.0 dBmV
    Channel 4:	 0.0 dBmV
    

    Kaspersky RD 10 does a similar job :)


  • Registered Users, Registered Users 2 Posts: 3,243 ✭✭✭DECEiFER


    ED E wrote: »
    Downstream Channels	 	 
     	Power Level:	Signal to Noise Ratio:
    Channel 1:	 3.2 dBmV	39.9 dB
    Channel 2:	 3.5 dBmV	40.5 dB
    Channel 3:	 3.2 dBmV	39.9 dB
    Channel 4:	 2.8 dBmV	39.9 dB
    Channel 5:	 1.9 dBmV	40.9 dB
    Channel 6:	 2.0 dBmV	41.4 dB
    Channel 7:	 2.0 dBmV	41.4 dB
    Channel 8:	 2.0 dBmV	40.2 dB
    
     		
    Upstream Channels	 	 
     	Power Level:
    Channel 1:	45.9 dBmV
    Channel 2:	 0.0 dBmV
    Channel 3:	 0.0 dBmV
    Channel 4:	 0.0 dBmV
    

    Kaspersky RD 10 does a similar job :)
    Don't get me wrong. Do that, too. Give 'em both a lash! :)

    Also, your stats are fine (which I know you know :P), better than mine, even, and I'm not facing issues anything like yours. I guess that's not the problem.


    EDIT: Fyi, here's my stats. They're not terrible (better than before I did some re-cabling downstairs in late 2012) but clearly yours are better.
    Downstream Channels	 	 
     	Power Level:	Signal to Noise Ratio:
    Channel 1:	 -5.9 dBmV	39.5 dB
    Channel 2:	 -5.7 dBmV	39.6 dB
    Channel 3:	 -5.3 dBmV	39.8 dB
    Channel 4:	 -5.9 dBmV	39.0 dB
    Channel 5:	 -6.9 dBmV	38.7 dB
    Channel 6:	 -5.6 dBmV	39.5 dB
    Channel 7:	 -5.5 dBmV	39.6 dB
    Channel 8:	 -6.6 dBmV	38.6 dB
    
     		
    Upstream Channels	 	 
     	Power Level:
    Channel 1:	49.2 dBmV
    Channel 2:	 0.0 dBmV
    Channel 3:	 0.0 dBmV
    Channel 4:	 0.0 dBmV
    


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    MAC spoofed. New external IP leased. SIP and Strict NAT still in full effect.

    Will report back when we've ran with this for a few days, or when it dies again.

    Thanks for the suggestions DECEiFER.


  • Registered Users, Registered Users 2 Posts: 3,243 ✭✭✭DECEiFER


    No problem! Best of luck with it...

    Also, does this happen in Router mode? If you faux bridged your WNDR3800 to it like the good ol' days, would that help? I know if you were being DoS'd, it wouldn't matter one bit, so assuming that's not the issue and it's completely down to the EPC3925, it might be worth trying again over a decent period of time.


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    DECEiFER wrote: »
    No problem! Best of luck with it...

    Also, does this happen in Router mode? If you faux bridged your WNDR3800 to it like the good ol' days, would that help? I know if you were being DoS'd, it wouldn't matter one bit, so assuming that's not the issue and it's completely down to the EPC3925, it might be worth trying again over a decent period of time.

    Thats next. For a while after the change though it was fine, so I'm leaning towards it being something else.


  • Registered Users, Registered Users 2 Posts: 3,243 ✭✭✭DECEiFER


    ED E wrote: »
    Thats next. For a while after the change though it was fine, so I'm leaning towards it being something else.
    The firmware went through an update a while after we all started bridging our routers and wasn't that one of the things people like you with the drop-out problem were blaming primarily? But it doesn't stack up when you consider that I and others aren't experiencing issues, and you are. It's a bit bizarre. I hope UPC will nevertheless look into the firmware being a possibility, at least just to rule it out, and make an announcement on their "Talk" forum.


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Saw somebody using the EPC on its own and having identical symptoms. Not sure which thread.


    If its bridging related we wont get any help from UPC :|


  • Registered Users, Registered Users 2 Posts: 3,243 ✭✭✭DECEiFER


    ED E wrote: »
    Saw somebody using the EPC on its own and having identical symptoms. Not sure which thread.


    If its bridging related we wont get any help from UPC :|

    Coincidentally I'm reading that very thread right now! I saw your post on page 3 asking for an explanation as to why they won't support it.

    I can understand them not supporting it as far as whatever router you're bridging it with but the EPC should always be supported. In-fact, by enabling the bridging option since late last year, it definitely should be supported. But the thing is, we all know that UPC's tech support aren't very knowledgeable (didn't someone say that UPC told them the the SNR figures pertained to WiFi?) and when they say that they won't support bridge mode, it could mean any number of things and they might not have one clue where to draw the line and where not to.


  • Registered Users, Registered Users 2 Posts: 34 Fizzix


    I'm having these issues again tonight speed keeps dropping right down and ping is not consistent.These are the sort off speed tests I'm getting 25mb line :

    Last Result:
    Download Speed: 1264 kbps (158 KB/sec transfer rate)
    Upload Speed: 567 kbps (70.9 KB/sec transfer rate)
    Latency: 23 ms
    Thu Jan 10 2013 00:18:58 GMT+0000 (GMT Standard Time)

    Last Result:
    Download Speed: 886 kbps (110.8 KB/sec transfer rate)
    Upload Speed: 883 kbps (110.4 KB/sec transfer rate)
    Latency: 17 ms
    Thu Jan 10 2013 00:22:18 GMT+0000 (GMT Standard Time)

    Last Result:
    Download Speed: 886 kbps (110.8 KB/sec transfer rate)
    Upload Speed: 883 kbps (110.4 KB/sec transfer rate)
    Latency: 17 ms
    Thu Jan 10 2013 00:22:18 GMT+0000 (GMT Standard Time)

    Really should be getting better speeds at this hour of the night.



    www.speedtest.net/result/2425412368.png < best one yet cant link picture because of my postcount


  • Registered Users, Registered Users 2 Posts: 70 ✭✭DublinC


    Ah, so I'm not the only one. I've had this issue on-going now for over a week or two, it's really beginning to piss me off. The connection will be fine after rebooting, but after a while it seems to degrade and go slow again. Considering I'm paying for ~125mb/s and it's dropping to 2mb/s and lower, it's a disgrace.


  • Advertisement
Advertisement