Go Back   Android Forums > Android Community > The Lounge > Computers & IT

Get excited for the Samsung Galaxy S5! Find everything you need and discuss it in our Galaxy S5 Forum!

Like Tree2Likes
  • 2 Post By Slug

test: Reply
 
LinkBack Thread Tools
Old December 2nd, 2013, 05:58 PM   #1 (permalink)
AF Contributor
Thread Author (OP)
 
nickdalzell's Avatar
 
Join Date: Jun 2011
Location: Owensboro, KY
Posts: 3,221
 
Device(s): Nexus 10, Nexus 7, Galaxy S3, Galaxy Tab 3's
Carrier: Verizon

Thanks: 89
Thanked 546 Times in 433 Posts
Default Netgear Router WNR2300v3 dying?

My fourth router has reached it's 1 year birthday. every time i have a router for a year or so they start getting mighty finnicky. this one seems to be doing the same thing. i have taken plenty of measures to unplug it during storms, bought a really expensive surge protector for it, because i lost #2 to a lightning strike, also a Netgear. This one has never gotten hot (only barely warm) and now it's doing weird things.

Almost every night the log is chock full of 'DOS ATTACK IP SPOOF' entries, and the internet is listed as 'disabled' in the status page. these Attacks are showing the MAC addresses of my computers that connect to it (my TiVo, SmartTV, Chromebook currently). there are also plenty of 'WLAN ACCESS REJECTED Incorrect Security' entries also pertaining to the same MAC addresses. this appears to be filling the log more now than in the past.

so i have to reset it each day. i also had to do a factory reset as i think it got corrupted or full of some kind of malware (even though i use WPA2/TKIP) as all the icons when i was doing diagnostics turned into little 't-rexes'. basically little 8-bit looking dinosaurs, followed by Chrome suddenly saying 'page not available' and the little 'I' light would blink off.

When i have to reset it, the little 'I' light, which is for the port that plugs into my WISP's subscriber module, is amber or red, indicating no connectivity. Amber is often a simple disconnect, but red is what it does when the status page says 'disabled' under 'internet'. it should be green when it's up and running.

A reset sometimes fixes it, but once i had to get physical with it and literally smack it before it would go from red/amber to green and resume working. when it gets back online, at first, pings are extremely slow, lookups fail off and on, but slowly get faster and faster until i'm getting normal speed again. it's like an old box fan that starts slow and gains speed a little more each minute. only this is the internet speed. i think it's dying but before i spend money on yet another disposable router, is there a way to find one that is made in the USA? one made of good enough quality that i can get more than a year from it? apparently paying a premium for some of the higher end models doesn't do much for me. i got a dual-band ASUS once that died the same night. another time i spent more on a LinkSYS dual-band that died two days later. the cheap ones at around $49-89 last around a year then quit. not sure what is happening.

EDIT: it died again as i was attempting to submit this post. Internet 'disabled' and 'WLAN ACCESS REJECTED: Incorrect Security' for my Chromebook's MAC Address. it's not incorrect and i have the right password. when that shows up it just drops the entire internet for everything and the Internet port shows '0.0.0.0' for everything. i couldn't get it to get an WAN IP without literally smacking it on the counter again.

__________________
Device(s):
Samsung Galaxy S4 **NEW** (GS3 screen finally shattered)
Samsung Galaxy Tab 3 7.0 (non-rooted, stock)
Samsung Galaxy Tab 2 10.1 (obsolete, slow, rooted)
Samsung Galaxy Note 10.1 2014 Edition
nickdalzell is offline  
Last edited by nickdalzell; December 2nd, 2013 at 06:01 PM.
Reply With Quote
sponsored links
Old December 2nd, 2013, 07:30 PM   #2 (permalink)
AF Contributor
 
Join Date: Jan 2012
Location: Fayetteville, NC, USA
Gender: Male
Posts: 9,040
 
Device(s): Note3 stock (so far) been replaced. Working great so far.
Carrier: AT&T

Thanks: 6
Thanked 2,565 Times in 2,372 Posts
Default

I can't run any tests on your network, of course, but
Quote:
Originally Posted by nickdalzell View Post
'DOS ATTACK IP SPOOF'
says to me that one or more of your computers has been hijacked by a virus. You can keep replacing routers, but the virus will still be in the computer(s).
Rukbat is offline  
Reply With Quote
Old December 2nd, 2013, 09:32 PM   #3 (permalink)
AF Contributor
Thread Author (OP)
 
nickdalzell's Avatar
 
Join Date: Jun 2011
Location: Owensboro, KY
Posts: 3,221
 
Device(s): Nexus 10, Nexus 7, Galaxy S3, Galaxy Tab 3's
Carrier: Verizon

Thanks: 89
Thanked 546 Times in 433 Posts
Default

On a Chromebook and Android tablet? not likely. these entries seem to populate the log right before the router goes belly up. the last one did the same thing. right now it's on life support connected to an ethernet switch. seems to be working half the time this way. i tried to DD WRT the thing but it wouldn't accept the file, and Netgear's download server is down currently. i can browse but not download older firmware.

Here's an excerpt from the logs. only five minutes into it:

Code:
[admin login] from source 192.168.1.3, Monday, December 02, 2013 19:42:27
[DoS Attack: RST Scan] from source: 31.13.74.64, port 80, Monday, December 02, 2013 19:38:45
[DHCP IP: 192.168.1.3] to MAC address 1c:3e:84:24:d7:ab, Monday, December 02, 2013 19:37:53
[Time synchronized with NTP server] Monday, December 02, 2013 19:36:41
[DHCP IP: 192.168.1.3] to MAC address 1c:3e:84:24:d7:ab, Monday, December 02, 2013 19:36:35
[WLAN access rejected: incorrect security] from MAC address 1c:3e:84:24:d7:ab, Monday, December 02, 2013 19:36:32
[Initialized, firmware version: V1.1.2.6] Monday, December 02, 2013 19:35:03
Code:
[DoS Attack: ACK Scan] from source: 173.192.24.228, port 80 
[admin login] from source 192.168.1.3 
[DHCP IP: 192.168.1.3] to MAC address 1c:3e:84:24:d7:ab 
[WLAN access rejected: incorrect security] from MAC address 1c:3e:84:24:d7:ab 
[DoS Attack: ACK Scan] from source: 173.192.24.228, port 80 
[Initialized, firmware version: V1.1.2.6]
Keeps repeatedly kicking my Chromebook offline with multiple 'WLAN Access Rejected' messages in the log, pertaining specifically to my Chromebook's MAC address.

for kicks, here's what is left of the Netgear WNR2000v3:



More logs, the longer it's up, the worse it gets until it needs to be hard reset:

Code:
[admin login] from source 192.168.1.3, Monday, December 02, 2013 20:24:21
[DoS Attack: ACK Scan] from source: 23.0.165.88, port 443, Monday, December 02, 2013 19:59:29
[admin login] from source 192.168.1.3, Monday, December 02, 2013 19:57:26
[DoS Attack: IP Spoofing] from source: 192.168.1.101, Monday, December 02, 2013 19:57:03
[DoS Attack: ACK Scan] from source: 173.192.24.228, port 80, Monday, December 02, 2013 19:53:30
[Time synchronized with NTP server] Monday, December 02, 2013 19:52:58
[DoS Attack: ACK Scan] from source: 173.192.24.228, port 80, Monday, December 02, 2013 19:51:29
[admin login] from source 192.168.1.3, Monday, December 02, 2013 19:50:03
[DHCP IP: 192.168.1.3] to MAC address 1c:3e:84:24:d7:ab, Monday, December 02, 2013 19:47:45
[WLAN access rejected: incorrect security] from MAC address 1c:3e:84:24:d7:ab, Monday, December 02, 2013 19:47:42
nickdalzell is offline  
Last edited by nickdalzell; December 2nd, 2013 at 10:26 PM.
Reply With Quote
Old December 3rd, 2013, 05:52 AM   #4 (permalink)
Check six!
 
Slug's Avatar
 
Join Date: Aug 2009
Location: Inverness, UK
Gender: Male
Posts: 17,431
 
Device(s): Sony Xperia Z
Carrier: EE

Thanks: 2,651
Thanked 10,884 Times in 5,533 Posts
Send a message via Skype™ to Slug slugbrem@gmail.com
Default

Those looks like remote attacks to me. The IP addresses are all remote i.e. outside your own network.

31.13.74.64 belongs to Facebook Ireland Ltd in Dublin.

173.192.24.228 is registered to Softlayer Technologies Inc of Dallas TX.

23.0.165.88 is Akamai Technologies Inc, Cambridge MA.

In addition someone is attempting access by attempting to 'spoof' the *.*.*.101 IP address on your internal network.

If it were mine, I'd reset it completely and (a) whitelist all internal MAC addresses, (b) restrict the DHCP address pool to only provide enough IPs for my devices, (c) disable PING from the WAN and (d) configure firewall rules to drop all incoming traffic from the above-mentioned external IPs, before ever reconnecting it to my ISP.
Dngrsone and codesplice like this.
Slug is offline  
Reply With Quote
The Following User Says Thank You to Slug For This Useful Post:
MoodyBlues (December 3rd, 2013)
Old December 3rd, 2013, 06:30 PM   #5 (permalink)
AF Contributor
Thread Author (OP)
 
nickdalzell's Avatar
 
Join Date: Jun 2011
Location: Owensboro, KY
Posts: 3,221
 
Device(s): Nexus 10, Nexus 7, Galaxy S3, Galaxy Tab 3's
Carrier: Verizon

Thanks: 89
Thanked 546 Times in 433 Posts
Default

i finally got the DD-WRT to download and i flashed it and made it where only 256 TCP packets can be open at one time, set the max clients to 10, and turned on QoS. so far it seems to be up and going and getting decent speeds, speed test showing download rates normal for my WISP and steady streams. so far so good. i think my router was just wonky. these 'attacks' show more and more as they age. seems stock firmware specific. none of those showing in the logs now with the new firmware.

the max clients allows only all my devices to connect and that is all ten products, now if one logs off, or gets shut down, it won't open a slot for any other unless it's in the list in the config.

Telnet, DMZ, and remote config are all disabled. what really is interesting is the new stats page. with normal use it is using more than 60% of the router's RAM and CPU. hardware wise it's shoddy. only 320MHz and only 30MB or RAM, with 3.5MB Flash memory.

EDIT: think i found the real culprit. the 8-bit dino graphics started showing again on my Chromebook and it then wouldn't even turn on. it'd keep saying 'no network available' with an 8-bit 't-rex' icon above it. no matter what. i tossed it and broke out the MacBook Pro, works just fine. tried the PowerBook G4, works perfectly well. break out the Dell D610 with VectorLinux. no problems.

Thought Chromebooks were supposed to be immune to viruses? i had it back on ChromeOS and everything. it had a virus apparently.
nickdalzell is offline  
Last edited by nickdalzell; December 3rd, 2013 at 09:30 PM.
Reply With Quote
Reply


Go Back   Android Forums > Android Community > The Lounge > Computers & IT
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 07:13 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.