UPC "Drop-outs" of late, going insane

ED E

Hey all,

Time this gets its own thread. Got a little bit of feedback that this isnt just me, hoping for more.

Setup:
EPC3925 (Replaced on wednesday last, problem persists)
WNDR3800
Handfull of client devices, switches, and two wifi APs

.2.6 = Machine I'm currently on, not that it matters.
Logs added. All that I have(it only keeps a short segment).
IPs of third parties have been removed for privacy, as has mine.
Some of the junk as been removed("..").

Tonight its died twice. First time 32Mb down to .5Mb, next time speed tests failed to connect.

Lots of DOS listings there, but they arent always actually DOS attacks from what I've read. My networking isnt strong enough to be sure.

Seems to happen a lot while I'm on YT(first time tonight I was skyping) but hard to tell if thats just that I notice it more for heavy load applications. Been happening for probably 2 months now btw.


Going to start logging these "drop-outs" here and when I have more info I'll get in touch with the UPC reps.

If anyone is having similar issues please pipe up, or if you have any suggestions as to the cause.

Thanks,
ED E

[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:64036, Friday, December 21,2012 00:31:38
[UPnP set event: add_nat_rule] from source 192.168.2.6, Friday, December 21,2012 00:31:38
[COLOR="Lime"][Internet connected] IP address: 46.7.75.XX, Friday, December 21,2012 00:31:08
[Internet connected] IP address: 192.168.100.10, Friday, December 21,2012 00:28:37[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Friday, December 21,2012 00:23:34
[COLOR="Red"][DoS Attack: ACK Scan] from source: 87.248.210.253, port 80, Friday, December 21,2012 00:18:52[/COLOR]
[DHCP IP: 192.168.2.2] to MAC address 00:90:a9:23:3c:77, Friday, December 21,2012 00:17:59
[COLOR="red"][DoS Attack: ACK Scan] from source: 87.248.210.253, port 80, Friday, December 21,2012 00:17:54[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Friday, December 21,2012 00:17:45
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Friday, December 21,2012 00:17:38
[COLOR="red"][DoS Attack: ACK Scan] from source: 87.248.210.253, port 80, Friday, December 21,2012 00:15:24[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Friday, December 21,2012 00:14:59
[COLOR="red"][DoS Attack: ACK Scan] from source: 87.248.210.253, port 80, Friday, December 21,2012 00:14:09[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Friday, December 21,2012 00:13:41
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.8:62638, Friday, December 21,2012 00:13:03
[UPnP set event: add_nat_rule] from source 192.168.2.8, Friday, December 21,2012 00:13:02
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:60983, Friday, December 21,2012 00:12:40
[UPnP set event: del_nat_rule] from source 192.168.2.8, Friday, December 21,2012 00:12:40
[UPnP set event: add_nat_rule] from source 192.168.2.6, Friday, December 21,2012 00:12:40
[COLOR="red"][DoS Attack: ACK Scan] from source: 87.248.210.253, port 80, Friday, December 21,2012 00:12:28[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.8:54008, Friday, December 21,2012 00:11:41
[UPnP set event: add_nat_rule] from source 192.168.2.8, Friday, December 21,2012 00:11:41
[DHCP IP: 192.168.2.10] to MAC address 00:1f:3a:82:6f:22, Friday, December 21,2012 00:11:20
[DHCP IP: 192.168.2.8] to MAC address 00:1d:09:c5:5f:0d, Friday, December 21,2012 00:11:08
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Friday, December 21,2012 00:10:52
[UPnP set event: del_nat_rule] from source 192.168.2.8, Friday, December 21,2012 00:07:44
[COLOR="red"][DoS Attack: RST Scan] from source: 190.207.141.121, port 55106, Friday, December 21,2012 00:05:19[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Friday, December 21,2012 00:03:44
[COLOR="red"][DoS Attack: RST Scan] from source: 190.207.141.121, port 53908, Friday, December 21,2012 00:00:23[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:53:52
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:53:51
[COLOR="red"][DoS Attack: RST Scan] from source: 69.247.52.71, port 56555, Thursday, December 20,2012 23:52:47[/COLOR]
[DHCP IP: 192.168.2.4] to MAC address 00:24:d2:d1:6c:a9, Thursday, December 20,2012 23:52:08
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:49:41
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:48:51
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:48:51
[COLOR="red"][DoS Attack: RST Scan] from source: 70.36.142.191, port 62812, Thursday, December 20,2012 23:48:27[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:46:53
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:45:29
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:44:46
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:44:11
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:41:51
[COLOR="red"][DoS Attack: RST Scan] from source: 70.80.143.190, port 50109, Thursday, December 20,2012 23:41:48[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:41:43
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:40:42
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:40:32
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:38:50
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:38:49
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:38:02
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:37:54
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:37:35
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:37:35
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:36:44
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:36:09
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:35:50
[COLOR="red"][DoS Attack: RST Scan] from source: 70.80.143.190, port 49792, Thursday, December 20,2012 23:35:11[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:33:53
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:33:50
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:33:49
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:33:49
[COLOR="red"][DoS Attack: RST Scan] from source: 93.80.219.59, port 16264, Thursday, December 20,2012 23:33:48[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:31:52
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:31:26
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:31:18
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:30:31
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:29:38
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:29:36
[COLOR="red"][DoS Attack: RST Scan] from source: 93.80.219.59, port 12627, Thursday, December 20,2012 23:28:56[/COLOR]
[DHCP IP: 192.168.2.6] to MAC address 00:19:d1:81:09:69, Thursday, December 20,2012 23:28:52
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:28:03
[COLOR="red"][DoS Attack: RST Scan] from source: 93.80.219.59, port 15991, Thursday, December 20,2012 23:26:47[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:26:41
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:25:19
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:25:13
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:24:25
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:23:29
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:23:28
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:23:27
[COLOR="red"][DoS Attack: RST Scan] from source: 75.131.5.145, port 61538, Thursday, December 20,2012 23:22:35[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:21:54
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:21:31
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:21:05
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:21:02
[COLOR="red"][DoS Attack: RST Scan] from source: 75.131.5.145, port 60779, Thursday, December 20,2012 23:20:59[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:20:55
..
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.8:55450, Thursday, December 20,2012 23:18:46
[UPnP set event: add_nat_rule] from source 192.168.2.8, Thursday, December 20,2012 23:18:45
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:18:45
[COLOR="red"][DoS Attack: ACK Scan] from source: 157.56.126.173, port 443, Thursday, December 20,2012 23:18:24[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:51662, Thursday, December 20,2012 23:18:19
[UPnP set event: add_nat_rule] from source 192.168.2.6, Thursday, December 20,2012 23:18:19
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:18:12
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:18:11
[COLOR="lime"][Internet connected] IP address: 46.7.75.XX, Thursday, December 20,2012 23:18:05
[UPnP set event: del_nat_rule] from source 192.168.2.6, Thursday, December 20,2012 23:17:37
[Internet connected] IP address: 192.168.100.10, Thursday, December 20,2012 23:17:19[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:16:25
..
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:13:47
[COLOR="red"][DoS Attack: RST Scan] from source: 212.93.105.38, port 57477, Thursday, December 20,2012 23:13:44[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:13:07
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:13:04
[COLOR="red"][DoS Attack: ACK Scan] from source: 74.66.84.101, port 65141, Thursday, December 20,2012 23:12:45[/COLOR]
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:12:42
..
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:08:40
[COLOR="red"][DoS Attack: RST Scan] from source: 71.34.234.144, port 10185, Thursday, December 20,2012 23:08:36[/COLOR]
[UPnP set event: del_nat_rule] from source 192.168.2.6, Thursday, December 20,2012 23:08:09
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:6885, Thursday, December 20,2012 23:08:06
..
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:6885, Thursday, December 20,2012 23:06:46
[DHCP IP: 192.168.2.3] to MAC address d0:66:7b:65:ea:4e, Thursday, December 20,2012 23:06:44
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:6885, Thursday, December 20,2012 23:06:36
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:6885, Thursday, December 20,2012 23:06:32
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:6885, Thursday, December 20,2012 23:06:26
[DHCP IP: 192.168.2.3] to MAC address d0:66:7b:65:ea:4e, Thursday, December 20,2012 23:06:20
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:27641, Thursday, December 20,2012 23:06:12
..
[LAN access from remote] from III.II.III.II:IIII to 192.168.2.6:6885, Thursday, December 20,2012 22:58:51

LOG END (Wish I could enable longer logging but......)

Cork981

Looks like your modem could be accepting or triggering to many tcp or udp connections as in a torrent application or a multithreaded downloader just as free download manager.
Try disabling IP flood detection on your router an see does this make a difference.

ED E

Could the EPC be flood detecting even while bridging?

jay93

IP address URL="http://www.ip-adress.com/host/"]?[/URL: 87.248.210.253 Copy [Whois] [Reverse IP] IP country code: GB IP address country: United Kingdom IP address state: London, City of IP address city: London IP address latitude: 51.5142 IP address longitude: -0.0931 ISP of this IP URL="http://www.ip-adress.com/isp"]?[/URL: Limelight Networks

jay93

That's a track from one IP that seems to be DOS attacking you although you did say you didn't believe it to be an attack seems strange though.

jay93

IP address URL="http://www.ip-adress.com/host/"]?[/URL: 190.207.141.121 Copy [Whois] [Reverse IP] IP country code: VE IP address country: Venezuela IP address state: Vargas IP address city: Maiquetía IP address latitude: 10.6000 IP address longitude: -66.9500 ISP of this IP URL="http://www.ip-adress.com/isp"]?[/URL: CANTV Servicios

jay93

The whole Venezula thing seems to be the strangest something bad going on here seems dodgy to me.

IP address [?]: 212.93.105.38 Copy [Whois] [Reverse IP]
IP country code: LV
IP address country: ip address flag Latvia

IP address [?]: 71.34.234.144 Copy [Whois] [Reverse IP]
IP country code: US
IP address country: ip address flag United States
IP address state: Oregon

IP address [?]: 157.56.126.173 Copy [Whois] [Reverse IP]
IP country code: US
IP address country: ip address flag United States
IP address state: n/a
IP address city: n/a
IP address latitude: 38.0000
IP address longitude: -97.0000
ISP of this IP [?]: Microsoft Corp
Organization: Microsoft Corp

that one seems strange attack from Microsoft?

IP address [?]: 93.80.219.59 Copy [Whois] [Reverse IP]
IP country code: RU
IP address country: ip address flag Russian Federation
IP address state: Moscow City

IP address [?]: 69.247.52.71 Copy [Whois] [Reverse IP]
IP country code: US
IP address country: ip address flag United States
IP address state: Florida
IP address city: Naples
IP address latitude: 26.1420
IP address longitude: -81.7948
ISP of this IP [?]: Comcast Cable

IP address [?]: 75.131.5.145 Copy [Whois] [Reverse IP]
IP country code: US
IP address country: ip address flag United States
IP address state: Georgia
IP address city: Covington
IP postcode: 30016
IP address latitude: 33.5120
IP address longitude: -83.9496
ISP of this IP [?]: Charter Communications
Organization: Charter Communications

jay93

I hope you find out what the problem is soon sounds very frustrating did a couple of tracks on the IPs from your log,

Try disable ip flood detection if it is enabled on your modem

If it's going down like that and saying dos attack seems very likely that maybe something is attempting to attack your connection have never seen anything like this before.

ED E

Thanks for your input, EPC is very locked down in bridge mod naturally, so if its on I can't configure it.

Gonna do a kasp rescue disk scan tonight to scan for malware/rootkits that av could have missed.

Logs clean last night.

I don't game online a lot, no consoles, so I'm trying to.figure out why I could be attacked.

Always on stuff that dials out:
Teamviewer
Hamachi
Dropbox
Filezilla
No-ip

Thanks again for your effort.

Clover

Been having alot of drop outs also, where the EPC3925 drops it's connection for a few seconds and then gets it back(reboots itself). Also have trouble with the connection dropping it's speed all the way down to under 1meg down 1meg up.

Had the modem replaced last week and I still have the same problem and also had an upc tech out today , but all is showing as ok to them, even the drops in the connection are not showing up on there end.

Had ip flood detection off but have now turned it on as my log was empty, you getting the log info from going : administration / reporting / view log?.

UCD AFC

Hi there, I think I am having the same problem. Also EPC3925 - when I am playing online on the Xbox I will not disconnect from Xbox Live but will lose connection to the host on Minecraft and disconnect from games on Fifa as well as losing connection to the party chat - all reconnecting within 10 seconds (back into the party chat) - but very frustrating as disrupts gaming lose progress etc. Just checked and my Disable IP Flood Detection box is not checked. Very grateful if anyone has any suggestions - have tried a million different settings on the xbox it can't be the problem at this stage.

ED E

UCD AFC wrote: »

Hi there, I think I am having the same problem. Also EPC3925 - when I am playing online on the Xbox I will not disconnect from Xbox Live but will lose connection to the host on Minecraft and disconnect from games on Fifa as well as losing connection to the party chat - all reconnecting within 10 seconds (back into the party chat) - but very frustrating as disrupts gaming lose progress etc. Just checked and my Disable IP Flood Detection box is not checked. Very grateful if anyone has any suggestions - have tried a million different settings on the xbox it can't be the problem at this stage.

That's not a fault per say, its just the general design of the epc not managing simultaneous connections very well. Its a POS. Try not using chat, playing solo online and see if it helps.

ED E

Clover wrote: »

Been having alot of drop outs also, where the EPC3925 drops it's connection for a few seconds and then gets it back(reboots itself). Also have trouble with the connection dropping it's speed all the way down to under 1meg down 1meg up.

Had the modem replaced last week and I still have the same problem and also had an upc tech out today , but all is showing as ok to them, even the drops in the connection are not showing up on there end.

Had ip flood detection off but have now turned it on as my log was empty, you getting the log info from going : administration / reporting / view log?.

Ok, these are the exact same symptoms as me.

We also had it replaced to no avail.

Difference though is ours is bridged, but we can now eliminate that as a factor.

My logging comes from my WNDR3800.

If anybody thinks it would be of use I could make verbose logs with wireshark.

ED E

Just rebooted itself again not 2 minutes ago. Logs are clean.

Cork981

Are you running any p2p apps? Such as torrents or spotify ? Try to get your IP address renewed I don't have upc but believe they dont refresh your ip that often.
And yes ip flood detection would still be operating on the outer gateway unless you disabled the firewall.
But it's still strange to see them remote ip addresses in the logs.

Change you wifi password disconnect all other devices close your web browser and do run netstat -a and have a look what connections show up.

ED E

Just in the door and back to this.


There is some torrent activity, also relic P2P updates now and again. Thing is, it happens even when there hasnt been any kind of P2P in 24+hrs. So its unlikely to be related.

And yes ip flood detection would still be operating on the outer gateway unless you disabled the firewall.

This seems counter-intuitive to me. The whole idea of bridging is move the load, and the control to your router, which has its own firewall.

[DoS Attack: RST Scan] from source: 67.42.47.227, port 16221, Monday, December 24,2012 16:54:53
[UPnP set event: del_nat_rule] from source 192.168.2.6, Monday, December 24,2012 16:54:33

Just a few minutes ago.


Will try and get it renewed, they change very rarely.

ED E

Back into normal mode to have a look around, though I may as well log fw version and stats in the thread:

Model:	 Cisco EPC3925
Vendor:	 Cisco
Hardware Revision:	 1.0
Serial Number:	
MAC Address:	
Bootloader Revision:	 2.3.0_R1
Current Software Revision:	 epc3925-ESIP-12-v302r125561-120727c_upc
Firmware Name:	 epc3925-ESIP-12-v302r125561-120727c_upc.bin
Firmware Build Time:	 Jul 27 21:06:28 2012
Cable Modem Status:	Operational
Wireless Network:	Disable

 		
Cable Modem State	 	 
DOCSIS Downstream Scanning:	Completed
DOCSIS Ranging:	Completed
DOCSIS DHCP:	Completed
DOCSIS TFTP:	Completed
DOCSIS Data Reg Complete:	Completed
DOCSIS Privacy:	Enabled

 		
Downstream Channels	 	 
 	Power Level:	Signal to Noise Ratio:
Channel 1:	 3.5 dBmV	39.9 dB
Channel 2:	 3.5 dBmV	41.0 dB
Channel 3:	 3.5 dBmV	41.2 dB
Channel 4:	 3.2 dBmV	39.1 dB
Channel 5:	 2.4 dBmV	39.9 dB
Channel 6:	 2.6 dBmV	40.4 dB
Channel 7:	 2.3 dBmV	40.0 dB
Channel 8:	 2.0 dBmV	39.8 dB

 		
Upstream Channels	 	 
 	Power Level:
Channel 1:	48.7 dBmV
Channel 2:	 0.0 dBmV
Channel 3:	 0.0 dBmV
Channel 4:	 0.0 dBmV

Changing mode caused a reboot too, which returned me to normal speeds. For now...

I got the router last week:

Default settings when I switched back from bridge.

ED E

UCD AFC

Hi there, not up to speed on what you've done so far (excuse the pun) - have you had any success in fixing the problem? Thanks

ED E

UCD AFC wrote: »

Hi there, not up to speed on what you've done so far (excuse the pun) - have you had any success in fixing the problem? Thanks

1 Random reboot of its own accord that I witnessed, other than that its been running ok. That said, I wasnt in the house for the last three days so I wouldnt have seen any down time, and usage would have been low.

UCD AFC

Thanks - did you change anything to get it back to normal behavior or was it of it's own accord?

ED E

I'm not so sure we're out of the woods yet, but no, nothings been changed really.

ED E

Reared its ugly head again tonight. Logs are "clean" again.


New FW available for the WNDR3800:

WNDR3800 V1.0.0.44 firmware release:
Note:
Before you upgrade, NETGEAR recommends that you write down your Internet settings and also your wireless settings if you changed them. After the upgrade you can use NETGEAR Genie to detect and set up your Internet connection, or you can manually enter the settings.

Bug fix:
1. Fix the issue that when android devices in sleep mode might cause router connection issue.
2. Fix the issue that router don't support Up to 300Mbps wireless mode for Korea region.
3. Fix the issue that router can't support 3TB USB disk well in DLNA function and ReadySHARE FTP protocol.

Known issues & bugs
1. Time Machine function limitation:
--Time Machine function limitation: Only support "GUID Partition Table" and "Master Boot Record" in partition table format.
We don't support "Apple Partition Map" this format.
Workaround: When you choose the partition scheme of your USB disk, please don't select "Apple Partition Map" this format.
--For Non-journal system, support Time Machine backup size up to 750 GB.
--For Journal system+ MBR partition table, support Time Machine backup size up to 750 GB.
--For Journal system+ GUID partition table, support Time Machine backup size up to 500 GB.
-- We suggest customer to use the new USB disk to do Time Machine backup. If customer uses the USB disk which already include the old Time Machine backup file, WNDR3800 might need spend time
to scan/valid the old backup file is ok to be used or not and customer need to wait for couple minutes or even a hours.

2. Traffic meter - Traffic volume control is not accurate due to sampling rate. It may exceed the limit.
Workaround: Set a proper number in "Mbytes before the monthly limit is reached" in the traffic control.

Nothing relevant but just in case things were to change I'm logging it here.

For good measure:

ED E

[admin login] from source 192.168.2.6, Thursday, January 03,2013 18:22:41
[admin login] from source 192.168.2.3, Thursday, January 03,2013 18:20:17
[admin login failure] from source 192.168.2.3, Thursday, January 03,2013 18:20:12
[DoS Attack: RST Scan] from source: 82.74.247.58, port 50527, Thursday, January 03,2013 18:19:09
[DoS Attack: RST Scan] from source: 71.56.79.91, port 49163, Thursday, January 03,2013 18:18:18
[DoS Attack: RST Scan] from source: 66.230.85.160, port 49229, Thursday, January 03,2013 18:14:12
[DoS Attack: RST Scan] from source: 82.74.247.58, port 49456, Thursday, January 03,2013 18:14:11
[DoS Attack: RST Scan] from source: 212.93.100.62, port 45803, Thursday, January 03,2013 18:11:28
[admin login] from source 192.168.2.3, Thursday, January 03,2013 18:07:19
[Time synchronized with NTP server] Thursday, January 03,2013 18:07:03
[Initialized, firmware version: V1.0.0.44] Thursday, January 03,2013 18:06:35

ED E

http://www.dslreports.com/forum/r26477232-Cisco-3925-web-traffic-slows-to-a-crawl~start=20

Thats related. His case seems to be a NAT issue. Dont think there's much I can do about that with locked down FW though.

Alun

ED E wrote: »

http://www.dslreports.com/forum/r26477232-Cisco-3925-web-traffic-slows-to-a-crawl~start=20

Thats related. His case seems to be a NAT issue. Dont think there's much I can do about that with locked down FW though.

That's a "real Cisco" 3900 series router running IOS, nothing like what we have

ED E

Alun wrote: »

That's a "real Cisco" 3900 series router running IOS, nothing like what we have

I was assuming that UPC/CISCO just reskinned the normal FW for the EPC/DPC? Would they actually rewrite everything?

Alun

ED E wrote: »

I was assuming that UPC/CISCO just reskinned the normal FW for the EPC/DPC? Would they actually rewrite everything?

Full blown enterprise level Cisco routers are different animals altogether, and run a completely different operating system (IOS) to both the consumer level Cisco (ex Linksys) stuff, and the consumer level cable (ex Scientific Atlanta) stuff.

A Cisco 3925 is not the same as a Cisco EPC3925 ... this is a Cisco 3925

http://www.router-switch.com/cisco3925-k9-p-291.html

As you can see, just a bit bigger, and a tad more expensive.

ED E

On track now. Thanks.


Update:

Logs now being sent to my email hourly, will filter them and then scan for restarts.

ED E

.66Mb this morning again.

Logging emails duplicate some content so some lines may be here twice.

[DoS Attack: RST Scan] from source: 69.165.209.9, port 15709, Sunday, January 06,2013 11:43:15

[DoS Attack: RST Scan] from source: 24.69.58.217, port 60487, Sunday, January 06,2013 10:56:03

[DoS Attack: RST Scan] from source: 68.105.7.165, port 64323, Sunday, January 06,2013 10:54:51

[DoS Attack: RST Scan] from source: 24.69.58.217, port 60212, Sunday, January 06,2013 10:49:28

[DoS Attack: ACK Scan] from source: 24.1.5.75, port 62874, Sunday, January 06,2013 10:49:17

[DoS Attack: RST Scan] from source: 24.69.58.217, port 60487, Sunday, January 06,2013 10:56:03

[DoS Attack: RST Scan] from source: 68.105.7.165, port 64323, Sunday, January 06,2013 10:54:51

[DoS Attack: RST Scan] from source: 24.69.58.217, port 60212, Sunday, January 06,2013 10:49:28

[DoS Attack: ACK Scan] from source: 24.1.5.75, port 62874, Sunday, January 06,2013 10:49:17

[DoS Attack: ACK Scan] from source: 61.42.85.214, port 150, Sunday, January 06,2013 09:39:22

[DoS Attack: RST Scan] from source: 69.165.209.9, port 15709, Sunday, January 06,2013 09:48:41

[DoS Attack: ACK Scan] from source: 61.42.85.214, port 150, Sunday, January 06,2013 09:39:22

[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 07:57:42

[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 07:54:45

[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 07:57:42

[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 06:53:58

[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 05:57:09

[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 05:57:09

[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 05:38:34

[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 03:53:34

[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 03:38:37

[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 03:53:34

[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 03:38:37

[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 02:46:20

[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 02:42:15

[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 02:38:21

[DoS Attack: RST Scan] from source: 110.168.19.213, port 19024, Sunday, January 06,2013 01:44:01
[DoS Attack: RST Scan] from source: 110.168.19.213, port 18642, Sunday, January 06,2013 01:42:18
[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 01:38:24

[DoS Attack: RST Scan] from source: 186.14.120.174, port 51827, Sunday, January 06,2013 01:25:13
[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 01:24:34

[DoS Attack: RST Scan] from source: 186.14.120.174, port 51764, Sunday, January 06,2013 01:18:13

[DoS Attack: RST Scan] from source: 66.230.80.186, port 57950, Sunday, January 06,2013 01:11:25
[DoS Attack: RST Scan] from source: 186.14.120.174, port 51188, Sunday, January 06,2013 01:06:20
[DoS Attack: RST Scan] from source: 66.230.80.186, port 56195, Sunday, January 06,2013 01:04:45
[DoS Attack: RST Scan] from source: 186.14.120.174, port 51178, Sunday, January 06,2013 01:04:31

[DoS Attack: RST Scan] from source: 94.242.214.225, port 27073, Sunday, January 06,2013 01:00:39

ED E

IP	:	94.242.214.225	     Neighborhood
Host	:	ip-static-94-242-214-225.as5577.net    
Country	:	Luxembourg   

 
    Address information
    Related IP adresses
IP address	Type	Host name	DNS state
94.242.192.2	 A 	as5577.net	
94.242.192.2	 MX 	mx.as5577.net	
195.26.4.3	 NS 	ns1.root.lu	
2a01:608::3	 NS 	ns1.root.lu	  ( 195.26.4.3 )
83.243.8.3	 NS 	ns2.root.lu	
195.26.4.3	 NS 	a.root.lu	
2a01:608::3	 NS 	a.root.lu	  ( 195.26.4.3 )
83.243.8.3	 NS 	b.root.lu	
2a01:608::4	 NS 	b.root.lu	  ( 83.243.8.3 )
195.24.72.3	 NS 	c.root.lu	

    IP owner info (Whois)
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=94.242.214.225?showDetails=true&showARIN=false&ext=netref2
#
 
NetRange:       94.0.0.0 - 94.255.255.255
CIDR:           94.0.0.0/8
OriginAS:       
NetName:        94-RIPE
NetHandle:      NET-94-0-0-0-1
Parent:         
NetType:        Allocated to RIPE NCC
Comment:        These addresses have been further assigned to users in
Comment:        the RIPE NCC region. Contact information can be found in
Comment:        the RIPE database at http://www.ripe.net/whois
RegDate:        2007-07-30
Updated:        2009-05-18
Ref:            http://whois.arin.net/rest/net/NET-94-0-0-0-1
 
OrgName:        RIPE Network Coordination Centre
OrgId:          RIPE
Address:        P.O. Box 10096
City:           Amsterdam
StateProv:      
PostalCode:     1001EB
Country:        NL
RegDate:        
Updated:        2011-09-24
Ref:            http://whois.arin.net/rest/org/RIPE
 
ReferralServer: whois://whois.ripe.net:43
 
OrgAbuseHandle: RNO29-ARIN
OrgAbuseName:   RIPE NCC Operations
OrgAbusePhone:  +31 20 535 4444 
OrgAbuseEmail:  hostmaster@ripe.net
OrgAbuseRef:    http://whois.arin.net/rest/poc/RNO29-ARIN
 
OrgTechHandle: RNO29-ARIN
OrgTechName:   RIPE NCC Operations
OrgTechPhone:  +31 20 535 4444 
OrgTechEmail:  hostmaster@ripe.net
OrgTechRef:    http://whois.arin.net/rest/poc/RNO29-ARIN
 
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
 

 
 
Deferred to specific whois server: whois.ripe.net...
 
 
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
 
% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.
 
% Information related to '94.242.192.0 - 94.242.223.255'
 
inetnum:        94.242.192.0 - 94.242.223.255
netname:        ROOT-NETWORK
descr:          root SA
country:        LU
admin-c:        AB99-RIPE
tech-c:         RE655-RIPE
status:         ASSIGNED PA
mnt-by:         ROOT-MNT
source:         RIPE # Filtered
 
role:           root eSolutions
address:        35, rue John F. Kennedy
address:        7327 Steinsel
address:        Luxembourg
phone:          +352 20.500
fax-no:         +352 20.500.500
abuse-mailbox:  abuse@as5577.net
remarks:
remarks:        +------------------------------------+
remarks:        | Operational Issues:                |
remarks:        |                     noc@as5577.net |
remarks:        +------------------------------------+
remarks:        | Abuse and Spam:                    |
remarks:        |                   abuse@as5577.net |
remarks:        +------------------------------------+
remarks:
admin-c:        RE655-RIPE
tech-c:         AB99-RIPE
nic-hdl:        RE655-RIPE
mnt-by:         ROOT-MNT
source:         RIPE # Filtered
 
person:         Andy BIERLAIR
address:        root SA
address:        35, rue John F. Kennedy
address:        7327 Steinsel
address:        Luxembourg
phone:          +352 20.500
fax-no:         +352 20.500.500
nic-hdl:        AB99-RIPE
mnt-by:         ROOT-MNT
remarks:
remarks:        +------------------------------------+
remarks:        | I did *NOT* spam your mailbox!     |
remarks:        | I will *NOT* reply to abuse mails! |
remarks:        |                                    |
remarks:        | Please contact abuse@as5577.net !  |
remarks:        +------------------------------------+
remarks:
source:         RIPE # Filtered
 
% Information related to '94.242.192.0/18AS5577'
 
route:          94.242.192.0/18
descr:          root SA
origin:         AS5577
mnt-by:         ROOT-MNT
source:         RIPE # Filtered
 
% This query was served by the RIPE Database Query Service version 1.47.5 (WHOIS1)

http://www.ripe.net/ - these guys.

Fizzix

Guess what.. I'm having the exact same problem as you right down to the last symptom. Just check my router logs for today:

Illegal TCP header 939 Mon Jan 07 00:15:48 2013 192.168.1.18:0 190.178.149.82:0


The IP Whois is RIPE..something fishy is going on.

ED E

Now that is suspicious.

Fizzix

So it seems this is a Dos attack, and its ongoing as we speak. I wonder who we pissed off.

Alun

RIPE is an internet registrar just like InterNIC, APNIC and ARIN that cover different regions, nothing suspicious about that at all.

Looks like you may have ended up with an IP address of someone that pissed off somebody, and they're attempting to DOS you.

Fizzix

How long is UPCs DHCP lease ?

ED E

Just did it again in the last ten minutes. Going to reboot now and then I'll check the logs.

ED E

[admin login] from source 192.168.2.3, Tuesday, January 08,2013 22:27:53
[LAN access from remote]
[UPnP set event: add_nat_rule] from source 192.168.2.6, Tuesday, January 08,2013 22:22:01
[LAN access from remote] 
[UPnP set event: add_nat_rule] from source 192.168.2.3, Tuesday, January 08,2013 22:21:46
[Internet connected] IP address: 46.7.xx.xx, Tuesday, January 08,2013 22:21:04
[Internet connected] IP address: 192.168.100.10, Tuesday, January 08,2013 22:19:48
[DoS Attack: RST Scan] from source: 108.162.203.29, port 80, Tuesday, January 08,2013 22:16:38
[LAN access from remote]
[DoS Attack: RST Scan] from source: 108.162.203.29, port 80, Tuesday, January 08,2013 22:07:58
[LAN access from remote]
[DHCP IP: 192.168.2.18] to MAC address 00:26:08:1a:63:80, Tuesday, January 08,2013 22:03:18
[DoS Attack: RST Scan] from source: 69.244.75.173, port 57853, Tuesday, January 08,2013 22:02:18
[LAN access from remote]
[DoS Attack: RST Scan] from source: 69.244.75.173, port 56987, Tuesday, January 08,2013 21:57:30
[DHCP IP: 192.168.2.7] to MAC address d0:66:7b:65:ea:4e, Tuesday, January 08,2013 21:56:20
[LAN access from remote] 
[DHCP IP: 192.168.2.4] to MAC address 6c:62:6d:7f:bb:55, Tuesday, January 08,2013 21:55:44
[DoS Attack: RST Scan] from source: 75.72.40.225, port 59783, Tuesday, January 08,2013 21:52:00
[DoS Attack: RST Scan] from source: 74.160.162.81, port 58380, Tuesday, January 08,2013 21:49:06
[LAN access from remote] 
[LAN access from remote]
[LAN access from remote]
[DHCP IP: 192.168.2.2] to MAC address 00:90:a9:23:3c:77, Tuesday, January 08,2013 21:48:04
[LAN access from remote] 
[LAN access from remote] 
[DoS Attack: RST Scan] from source: 75.72.40.225, port 57664, Tuesday, January 08,2013 21:44:04
[LAN access from remote] 
[DoS Attack: RST Scan] from source: 74.160.162.81, port 57941, Tuesday, January 08,2013 21:40:50
[DoS Attack: RST Scan] from source: 71.174.186.109, port 50989, Tuesday, January 08,2013 21:40:36
[LAN access from remote] 
[DoS Attack: RST Scan] from source: 80.233.23.106, port 31022, Tuesday, January 08,2013 21:37:03
[LAN access from remote] 
[LAN access from remote]
[DoS Attack: RST Scan] from source: 24.92.144.206, port 39111, Tuesday, January 08,2013 21:29:04
[DoS Attack: RST Scan] from source: 199.185.132.4, port 63121, Tuesday, January 08,2013 21:28:42
[DoS Attack: RST Scan] from source: 199.185.133.5, port 65317, Tuesday, January 08,2013 21:28:32
[LAN access from remote]
[DoS Attack: RST Scan] from source: 24.92.144.206, port 39111, Tuesday, January 08,2013 21:22:32
[DoS Attack: RST Scan] from source: 80.233.23.106, port 28710, Tuesday, January 08,2013 21:20:52
[UPnP set event: del_nat_rule] from source 192.168.2.6, Tuesday, January 08,2013 21:20:07
[LAN access from remote] 
[LAN access from remote]
[LAN access from remote] 

[LAN access from remote] 
[LAN access from remote] 
[LAN access from remote] 
[LAN access from remote] 
[DoS Attack: RST Scan] from source: 24.69.58.217, port 60726, Tuesday, January 08,2013 21:14:47
[LAN access from remote] 
[LAN access from remote] 

[LAN access from remote] 
[LAN access from remote] 
[DoS Attack: ACK Scan] from source: 87.69.142.248, port 1962, Tuesday, January 08,2013 21:13:52
[LAN access from remote] 
[LAN access from remote] 

[LAN access from remote] 
[LAN access from remote] 
[DoS Attack: RST Scan] from source: 24.69.58.217, port 62657, Tuesday, January 08,2013 21:12:57
[LAN access from remote] 
[LAN access from remote] 

[LAN access from remote] 

ED E

Dropped for 60 seconds just there :mad:

ED E

Died again.

DECEiFER

What are your SNR numbers like these days?

Have you tried connecting your computer directly to the EPC while in Bridge mode to see if that helps?

If you're going to nuke Spyware, I recommend (as I feel it's an under-rated app) Spybot S&D. It really does a great job. I never turn on real-time scanning. I run an on-demand scan every now and again to get rid of some nasty parasites. Hell, if you've ever been completely infected to the point where some parasites completely take over your machine (where you couldn't even get into Control Panel or into Default or Add/Remove Programs to uninstall anything in the OS), running Spybot S&D in Safe Mode saved many PCs I scanned completely (many friends back in the Windows XP days were often not careful about what they were downloading and after running Spyboy S&D their OSs were back to normal after one scan with no more popups and no more access restrictions).

ED E

Downstream Channels	 	 
 	Power Level:	Signal to Noise Ratio:
Channel 1:	 3.2 dBmV	39.9 dB
Channel 2:	 3.5 dBmV	40.5 dB
Channel 3:	 3.2 dBmV	39.9 dB
Channel 4:	 2.8 dBmV	39.9 dB
Channel 5:	 1.9 dBmV	40.9 dB
Channel 6:	 2.0 dBmV	41.4 dB
Channel 7:	 2.0 dBmV	41.4 dB
Channel 8:	 2.0 dBmV	40.2 dB

 		
Upstream Channels	 	 
 	Power Level:
Channel 1:	45.9 dBmV
Channel 2:	 0.0 dBmV
Channel 3:	 0.0 dBmV
Channel 4:	 0.0 dBmV

Kaspersky RD 10 does a similar job

DECEiFER

ED E wrote: »

Downstream Channels	 	 
 	Power Level:	Signal to Noise Ratio:
Channel 1:	 3.2 dBmV	39.9 dB
Channel 2:	 3.5 dBmV	40.5 dB
Channel 3:	 3.2 dBmV	39.9 dB
Channel 4:	 2.8 dBmV	39.9 dB
Channel 5:	 1.9 dBmV	40.9 dB
Channel 6:	 2.0 dBmV	41.4 dB
Channel 7:	 2.0 dBmV	41.4 dB
Channel 8:	 2.0 dBmV	40.2 dB

 		
Upstream Channels	 	 
 	Power Level:
Channel 1:	45.9 dBmV
Channel 2:	 0.0 dBmV
Channel 3:	 0.0 dBmV
Channel 4:	 0.0 dBmV

Kaspersky RD 10 does a similar job

Don't get me wrong. Do that, too. Give 'em both a lash!

Also, your stats are fine (which I know you know :P), better than mine, even, and I'm not facing issues anything like yours. I guess that's not the problem.


EDIT: Fyi, here's my stats. They're not terrible (better than before I did some re-cabling downstairs in late 2012) but clearly yours are better.

Downstream Channels	 	 
 	Power Level:	Signal to Noise Ratio:
Channel 1:	 -5.9 dBmV	39.5 dB
Channel 2:	 -5.7 dBmV	39.6 dB
Channel 3:	 -5.3 dBmV	39.8 dB
Channel 4:	 -5.9 dBmV	39.0 dB
Channel 5:	 -6.9 dBmV	38.7 dB
Channel 6:	 -5.6 dBmV	39.5 dB
Channel 7:	 -5.5 dBmV	39.6 dB
Channel 8:	 -6.6 dBmV	38.6 dB

 		
Upstream Channels	 	 
 	Power Level:
Channel 1:	49.2 dBmV
Channel 2:	 0.0 dBmV
Channel 3:	 0.0 dBmV
Channel 4:	 0.0 dBmV

ED E

MAC spoofed. New external IP leased. SIP and Strict NAT still in full effect.

Will report back when we've ran with this for a few days, or when it dies again.

Thanks for the suggestions DECEiFER.

DECEiFER

No problem! Best of luck with it...

Also, does this happen in Router mode? If you faux bridged your WNDR3800 to it like the good ol' days, would that help? I know if you were being DoS'd, it wouldn't matter one bit, so assuming that's not the issue and it's completely down to the EPC3925, it might be worth trying again over a decent period of time.

ED E

DECEiFER wrote: »

No problem! Best of luck with it...

Also, does this happen in Router mode? If you faux bridged your WNDR3800 to it like the good ol' days, would that help? I know if you were being DoS'd, it wouldn't matter one bit, so assuming that's not the issue and it's completely down to the EPC3925, it might be worth trying again over a decent period of time.

Thats next. For a while after the change though it was fine, so I'm leaning towards it being something else.

DECEiFER

ED E wrote: »

Thats next. For a while after the change though it was fine, so I'm leaning towards it being something else.

The firmware went through an update a while after we all started bridging our routers and wasn't that one of the things people like you with the drop-out problem were blaming primarily? But it doesn't stack up when you consider that I and others aren't experiencing issues, and you are. It's a bit bizarre. I hope UPC will nevertheless look into the firmware being a possibility, at least just to rule it out, and make an announcement on their "Talk" forum.

ED E

Saw somebody using the EPC on its own and having identical symptoms. Not sure which thread.


If its bridging related we wont get any help from UPC

DECEiFER

ED E wrote: »

Saw somebody using the EPC on its own and having identical symptoms. Not sure which thread.


If its bridging related we wont get any help from UPC

Coincidentally I'm reading that very thread right now! I saw your post on page 3 asking for an explanation as to why they won't support it.

I can understand them not supporting it as far as whatever router you're bridging it with but the EPC should always be supported. In-fact, by enabling the bridging option since late last year, it definitely should be supported. But the thing is, we all know that UPC's tech support aren't very knowledgeable (didn't someone say that UPC told them the the SNR figures pertained to WiFi?) and when they say that they won't support bridge mode, it could mean any number of things and they might not have one clue where to draw the line and where not to.

Fizzix

I'm having these issues again tonight speed keeps dropping right down and ping is not consistent.These are the sort off speed tests I'm getting 25mb line :

Last Result:
Download Speed: 1264 kbps (158 KB/sec transfer rate)
Upload Speed: 567 kbps (70.9 KB/sec transfer rate)
Latency: 23 ms
Thu Jan 10 2013 00:18:58 GMT+0000 (GMT Standard Time)

Last Result:
Download Speed: 886 kbps (110.8 KB/sec transfer rate)
Upload Speed: 883 kbps (110.4 KB/sec transfer rate)
Latency: 17 ms
Thu Jan 10 2013 00:22:18 GMT+0000 (GMT Standard Time)

Last Result:
Download Speed: 886 kbps (110.8 KB/sec transfer rate)
Upload Speed: 883 kbps (110.4 KB/sec transfer rate)
Latency: 17 ms
Thu Jan 10 2013 00:22:18 GMT+0000 (GMT Standard Time)

Really should be getting better speeds at this hour of the night.



www.speedtest.net/result/2425412368.png < best one yet cant link picture because of my postcount

DublinC

Ah, so I'm not the only one. I've had this issue on-going now for over a week or two, it's really beginning to piss me off. The connection will be fine after rebooting, but after a while it seems to degrade and go slow again. Considering I'm paying for ~125mb/s and it's dropping to 2mb/s and lower, it's a disgrace.