09-08-2010 10:54 AM - edited 09-08-2010 10:55 AM
After several TCP/UDP scans is when the problem starts, after a while the internet connection stops and if I turn the router off and then back on it starts working again. I don't have to wait any amount of time, just turn it off and then back on and it's back up and running again.
I thought that my service provider my have been experiencing problems and working on their system but they did tell me there have been no reported problems in our area.
This has been happening over the last month. Not sure what's going on.
09-08-2010 09:46 PM
09-09-2010 08:16 AM - edited 09-09-2010 08:20 AM
Thank you. I've learned a lot from reading your information, and have lots more to learn. If it's a firmware bug then I assume that even if there was an upgrade from version 2 which is what my Wcg200 uses that I would have to get it from my service provider, and from what I have read, and since they don't support Linksys there's nothing I can do.I can understand why it's setup that way, I know there are security issues when it comes to fireware distribution.
The problem seems to getting better and better the last few days. It just started all the sudden over the last month, up until then there were no problems at all that I noticed.
Is there any settings in the router that I could change that might help?
Thanks again, I appreciate the information.
09-28-2010 03:34 AM
I just wanted to update and say I believe my problem has been solved and comment about what I believe it was incase it might help others in the future.
I tried everything to stop the syn flood attacks, and I had scanned my computer with everything you could imagine to check it for viruses/spyware and such and never found anything.
Finally, yesterday I tried Iobit's 360 security freeware and scanned my computer, it found a "Trojan Virus", and according to the description this virus was known for causing syn floods and other things, the program removed the trojan virus and it appears the syn floods have stopped altogether. I don't know why the other programs weren't finding this particular virus, perhaps it's new, but it appears that was my entire problem.
I know this isn't always the case with syn floods, but like I said this appears to have been my whole problem.
Just thought I would give anyone following this thread a update.
Thanks for the help and information.
01-23-2013 12:32 AM
i know this topic is old but i was wonding if anyone can help me out
it started recently and only happens when i surf the web does it start up.
these ip are from my 3 cp i have on the network and this jump from cp to cp on who is using the web i had the cable guy come out here and replace everthing but it didnt solve the problem i aslo have wireless network not sure if it active hacker dont know. whatever it is its coming from all 3 of my pc and i fully reinstalled all of them. not sure if i have virus or anything. target ip source ip
|LAN-side UDP Flood||1||Wed Jan 23 07:57:26 2013||22.214.171.124:5355||192.168.0.5:49512|
|TCP- or UDP-based Port Scan||1||Wed Jan 23 07:58:50 2013||126.96.36.199:1346||188.8.131.52:53|
|SYN Flood||15||Wed Jan 23 08:00:15 2013||184.108.40.206:80||192.168.0.4:2713|
|TCP- or UDP-based Port Scan||4||Wed Jan 23 08:21:29 2013||220.127.116.11:1660||18.104.22.168:53|
|SYN Flood||25||Wed Jan 23 08:24:00 2013||22.214.171.124:80||192.168.0.3:55981|
01-23-2013 02:21 PM
This could be because of a virus of some sort. You might want to try using different anti-virus software to scan each computer in the network. As what James T. Kirk said, he was able to resolve the issue by using lobit’s 360. If you are using windows operating system, you can try Microsoft Security Essentials.
Though we are not sure that this is cause by a virus, doing this troubleshooting step might help solve the issue as it helped resolved James’ issue before.
Another explanation is posted by Expert gv in this thread:
"O.K. That's why it is always better to post logs in the beginning: Go to the Status page of your router and check the IP numbers of your DNS servers. You'll find 126.96.36.199 there.
What you see is not a port scan but simply DNS responses from your ISP. If this is really an attack someone must be able to spoof the DNS server IP address to send DNS packets. Although not absolutely impossible it's very unlikely to happen. If your ISP has problems with spoofing of their DNS server IP addresses they would have serious security issues.
Thus, more likely in this case is a firmware bug of the router. The router incorrectly identifies some DNS traffic as port scan and eventually decides to block the ISP DNS server. In that case you should still be able to ping IP addresses in the internet but not host names because DNS does not work anymore. For example, on a computer "ping 188.8.131.52" should still work but "ping www.google.com" won't."
01-23-2013 06:18 PM
thx for the reply i did have mircosoft security and i aslo dl the other anti virus and no threats dect. im still clueless on why it only start up when i open web browser maybe poor signal from brighthouse
01-24-2013 11:51 AM - edited 01-24-2013 11:52 AM
Is it with only one specific browser? How about using a different antivirus software just to make sure. And also consider using different browsers to further test it. And what is the device that you are using?
01-25-2013 02:01 AM - edited 01-25-2013 02:02 AM
Hi, it would be best if you will be able to follow techmein02’s instruction just for isolation. By the way, what is the brand and model number of your router? There’s also a possibility that there could be a problem of the firmware so you may need to upgrade the firmware if there’s a new update available.