Home Internet by Comcast (Netgear as a BB router) unbearably choppy

[130s]

Moved from https://github.com/130s/30y-130s_life/issues/43 for the only info that can be publicized.

TODO

• [ ] Try different bb router than the one of Netgear

Issue recap The last couple of weeks I've been experiencing choppy Internet connection:

• ping google.com drops 10 to 40% packets, almost every few hours.
• Rebooting broadband router seems to fix temporarily.
• ping to other local hosts is very good, mostly 100%.

Attempted but didn't work

• Using google's DNS instead of the cable company's.
• Removing extra Powerline (i.e. there's still one Powerline network).

[130s]

Is it possible that DoS attack affects our Internet connection? Looking at the log from out BB router, I just found a few possible correlations b/w DoS (at this moment this is only an assumption):

DoS occurred	Action taken
Tue Dec 05 12:54:57 2017	12:54? (Router reboot
Tue Dec 05 15:50:32 2017	16:10? (DHCP renewal
Tue Dec 05 16:20:50 2017	16:29 (DHCP renewal
	16:36 (Router reboot

DHCP renewal doesn't seem to be as effective as someone in this thread said. In the same thread multiple persons says, surprisingly, that disabling DoS protection feature seems to work.

Scared, I'll disable it and see how it goes.

[130s]

DHCP renewal doesn't seem to be as effective as someone in this thread said. In the same thread multiple persons says, surprisingly, that disabling DoS protection feature seems to work.

Scared, I'll disable it and see how it goes.

Doesn't seem to work. I've still lost 20 - 40% packets over the last few hours. No DoS attack was recorded during then in the log page though, which may only be because the protection was disabled.

I enabled it back again. Now I'm almost at a loss. One last hope is the firmware update https://github.com/130s/30y-130s_life/issues/294

[130s]

Yesterday 3 or 4 times of bb router were needed to avoid 20 to 50% packet loss.

[130s]

Yesterday 3 or 4 times of bb router were needed to avoid packet loss.

[130s]

Yesterday 3 or 4 times of bb router were needed to avoid packet loss.

Today I switched DNS to 8.8.8.8 and 8.8.4.4.

[130s]

Still had to reboot once although otherwise it's been better I feel.

[130s]

The last one week (after coming back to town) it's been ok (i.e. packet loss < 2%). So closing for now.

[130s]

Today I started having this issue again. Already rebooted BB router 3 times when I saw 50% packet loss.

[130s]

I found this morning that:

• Android cell phone not finding internet via wifi saying no internet. Rebooting OS didn't help.
• On OSX ping has been failing for the last 11,000 packages (approx. 3 hrs).

Rebooting modem twice, once via web I/F, another by hardware button (as I tried first from Xfinity member webpage but I was told "incompatible modem") didn't help.

10 mins later, though, Internet backed up.

I noticed on BB router's web i/f:

• Firmware was upgraded to V2.02.17 (ref. https://github.com/130s/30y-130s_life/issues/294)
• log. Assuming outage started sometime in 4am, I notices DHCP allocation kept happening at an unusual rate compared to before, although I'm not sure if that affected.

  Description Count   Last Occurrence     Target  Source
  [admin login] from source 192.168.0.13      1   Fri Jan 19 07:13:16 2018    0.0.0.0:0   192.168.0.13:0
  [DHCP IP: 192.168.0.26] to MAC address 40:4e:36:24:80:f4    1   Fri Jan 19 07:09:25 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.16] to MAC address 84:68:3e:07:f2:3f    1   Fri Jan 19 07:08:35 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.26] to MAC address 40:4e:36:24:80:f4    1   Fri Jan 19 07:05:36 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.26] to MAC address 40:4e:36:24:80:f4    1   Fri Jan 19 07:03:37 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.26] to MAC address 40:4e:36:24:80:f4    1   Fri Jan 19 07:03:12 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 07:03:06 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 06:52:17 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 06:41:26 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 06:30:36 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.26] to MAC address 40:4e:36:24:80:f4    1   Fri Jan 19 06:29:43 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 06:19:46 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 06:08:56 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 05:58:05 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 05:47:15 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.26] to MAC address 40:4e:36:24:80:f4    1   Fri Jan 19 05:38:00 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 05:36:25 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 05:25:34 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 05:14:45 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 05:03:55 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 04:53:04 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 04:42:15 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 04:31:25 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.24] to MAC address a4:77:33:a8:9c:56    1   Fri Jan 19 04:22:03 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 04:15:13 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.27] to MAC address d0:c1:93:00:e8:01    1   Fri Jan 19 04:04:50 2018        0.0.0.0:0   0.0.0.0:0
  [DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 53 1   Fri Jan 19 03:39:53 2018        ip.addr.our.wan:34115   8.8.8.8:53
  [DoS attack: TCP- or UDP-based Port Scan] from 8.8.4.4, port 53 1   Fri Jan 19 03:20:31 2018        ip.addr.our.wan:45475   8.8.4.4:53
  [DHCP IP: 192.168.0.26] to MAC address 40:4e:36:24:80:f4     1  Fri Jan 19 03:10:24 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.11] to MAC address 80:d2:1d:15:62:73     1  Fri Jan 19 03:04:29 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.24] to MAC address a4:77:33:a8:9c:56     1  Fri Jan 19 02:43:52 2018        0.0.0.0:0   0.0.0.0:0
  [DoS attack: TCP- or UDP-based Port Scan] from 8.8.4.4, port 53 1   Fri Jan 19 02:42:25 2018        ip.addr.our.wan:37487   8.8.4.4:53
  [DHCP IP: 192.168.0.26] to MAC address 40:4e:36:24:80:f4     1  Fri Jan 19 02:33:12 2018        0.0.0.0:0   0.0.0.0:0
  [DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 53 1   Fri Jan 19 02:25:33 2018        ip.addr.our.wan:36313   8.8.8.8:53
  [DHCP IP: 192.168.0.26] to MAC address 40:4e:36:24:80:f4     1  Fri Jan 19 02:20:46 2018        0.0.0.0:0   0.0.0.0:0
  [DHCP IP: 192.168.0.16] to MAC address 84:68:3e:07:f2:3f     1  Fri Jan 19 02:06:00 2018        0.0.0.0:0   0.0.0.0:0
  [DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 53 1   Fri Jan 19 01:22:47 2018        ip.addr.our.wan:56772   8.8.8.8:53
  [DHCP IP: 192.168.0.19] to MAC address 54:27:58:d0:1d:39     1  Fri Jan 19 01:11:44 2018        0.0.0.0:0   0.0.0.0:0
  [DoS attack: TCP- or UDP-based Port Scan] from 8.8.4.4, port 53 1   Fri Jan 19 01:05:07 2018        ip.addr.our.wan:18067   8.8.4.4:53
  [DoS attack: TCP- or UDP-based Port Scan] from 8.8.4.4, port 53 1   Fri Jan 19 00:53:57 2018        ip.addr.our.wan:60028   8.8.4.4:53
  [DoS attack: TCP- or UDP-based Port Scan] from 8.8.4.4, port 53 1   Fri Jan 19 00:40:05 2018        ip.addr.our.wan:39295   8.8.4.4:53
  [DoS attack: TCP- or UDP-based Port Scan] from 8.8.4.4, port 53 1   Fri Jan 19 00:34:04 2018        ip.addr.our.wan:26746   8.8.4.4:53
  [DHCP IP: 192.168.0.29] to MAC address 10:7b:44:d6:5f:35     1  Fri Jan 19 00:30:17 2018        0.0.0.0:0   0.0.0.0:0
  [DoS attack: TCP- or UDP-based Port Scan] from 8.8.4.4, port 53 1   Fri Jan 19 00:29:01 2018        ip.addr.our.wan:50572   8.8.4.4:53
  [DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 53 1   Fri Jan 19 00:26:30 2018        ip.addr.our.wan:39222   8.8.8.8:53
  [DoS attack: TCP- or UDP-based Port Scan] from 8.8.4.4, port 53 1   Thu Jan 18 23:49:14 2018        ip.addr.our.wan:54269   8.8.4.4:53
  [admin login] from source 192.168.0.15    1    Thu Jan 18 23:49:13 2018 0.0.0.0:0   192.168.0.15:0
  [DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 53    1    Thu Jan 18 23:40:23 2018    ip.addr.our.wan:55946   8.8.8.8:53
  [DoS attack: TCP- or UDP-based Port Scan] from 8.8.4.4, port 53    1    Thu Jan 18 23:09:50 2018    ip.addr.our.wan:45104   8.8.4.4:53
  [DoS attack: TCP- or UDP-based Port Scan] from 8.8.4.4, port 53    1    Thu Jan 18 23:05:50 2018    ip.addr.our.wan:29077   8.8.4.4:53
  [DoS attack: TCP- or UDP-based Port Scan] from 8.8.8.8, port 53    1    Thu Jan 18 23:03:25 2018    ip.addr.our.wan:61987   8.8.8.8:53

[130s]

Today I just experienced:

• ping almost 100% ok.
• websites are not going through.

Rebooted bb rounter didn't immediately solve but after several minutes we all started getting the connection.

[130s]

Strange thing happened. Looks like similar to https://github.com/130s/hut_10sqft/issues/238#issuecomment-359226755

• ping from multiple hosts were passing fine.
• ssh, http didn't go through from any device.

After restarting bb router it looks fixed.

[130s]

Had to reboot bb router 3 or 4 times in a few hours where ping lost 50% packets since Feb 7th 1am.

[130s]

Had to reboot bb router twice in the last 1.5 hours where ping lost 30 - 50% packets.

Update: Had to reboot twice more in the next 5 hours.

[130s]

Had to reboot bb router twice 3 or 4 times only in the morning.

[130s]

Our current Internet plan with Comcast:

• Plan is called something like HSD 55, with which the speed is up to 55 Mbps. I'd say sub par for home office.
• there's a upper limit of data amount 1TB, which looks like we've never exceeded.

I talked over the phone and asked questions tech support (who was really professional as opposed to my expectation):

• Q. Internet service has been intermittent. Any solution on Comcast's end?
• A. Looks like no on their end. By restarting the modem and the connection was successfully re-established (at that time I was by conincidence having no connection). Contact the manufacturer of the router.
  • Restarting solves an issue sounds to them that there's an issue with the equipment i.e. router.
  • Also asked if they provide rental router but they don't. The manufacturer might.
• Q. Is it possible to split payment methods for Internet and TV?
• A. For the service for home it's probably impossible or unreasonable.
  • Having Business Internet account is the way to go. They are not sure if having business Internet AND cable TV service separately at the same home location is possible. Contact them again when their business department is open (8-6 Mountain time).

[130s]

Contact NETGEAR Support
Thanks! We’re ready to help you with this product:
Product Model:  C3700
Serial Number:  (CUT)
Purchase Date:  Nov 20, 2015
Suggested Answers from our Knowledge base:

    How do I perform a factory reset on my NETGEAR router?
    Router Initial Setup FAQ
    What is the difference between 2.4 GHz and 5 GHz wireless frequencies?
    Resolving poor 5GHz wireless range/signal from my NETGEAR router
    What’s the latest firmware version of my NETGEAR cable modem or modem router?
    How to update firmware on your NETGEAR product
    How do I change the wireless channel on my NETGEAR router?
    No internet connection detected - ISP contact details
    NETGEAR Open Source Code for Programmers (GPL)
    Will my USB drive work with ReadySHARE

Show more answers related to my question
[Collapse]
I cannot find an answer to my problem, I would like to contact NETGEAR support.
Based on your serial number and purchase date, NETGEAR can offer you the following support options:
Complimentary
[Ask our community](https://community.netgear.com/t5/English/ct-p/English?utm_source=contactus&utm_medium=website-internal&utm_campaign=contactus_postsales_C3700(
Search our knowledge base
Paid Premium Support

Your complimentary 90 day technical support expired on Feb 18, 2016.

Purchase GearHead Premium Support to extend the support coverage of your product.
Or purchase by calling 1-888-939-9092 (within US & Canada, Intl. customers see link below) - Please have your credit card ready when calling.
Learn more about Gearhead

Your product hardware warranty expired on Nov 19, 2016.

[130s]

Had to restart bb router 4 times in the last 2.5 hrs.

[130s]

Comcast has been down since 1207am and lots of neighbors have complained on nextdoor.com. Seems like it just got back since I now see one of the laptop just connected to vpn I can see from outside.

[130s]

After the recent cable outage of Comcast, it's been fairly stable. This tells me that the issue might have lied on Comcast's side, not the BB router, as opposed to what the tech support who sounded to me reliable said https://github.com/130s/hut_10sqft/issues/238#issuecomment-366484361.

--- google.com ping statistics ---                   
89393 packets transmitted, 88775 received, 0% packet loss, time 149636485ms
rtt min/avg/max/mdev = 8.110/21.633/547.258/30.535 ms

[130s]

For the last few days, specifically from May 4th, Internet has been bad (30 - 50% packet loss on ping). I had to restart my BB router 10 times for total to temporarily fix the issue.

Looks like some neighbors have had the issue.

[130s]

Netgear website doesn't show a way to directly contact their customer support for this type of issue. I'll call the following number during weekdays to see if they agree with the situation and send me a rental equipment.

Paid Premium Support

Your complimentary 90 day technical support expired on Feb 18, 2016.

Purchase GearHead Premium Support to extend the support coverage of your product.
Or purchase by calling 1-888-939-9092 (within US & Canada, Intl. customers see link below) - Please have your credit card ready when calling.
Learn more about Gearhead

Your product hardware warranty expired on Nov 19, 2016.

Their troubleshoot page for Internet connection issue.

[130s]

Today Comcast has been awfully intermittent. ping has been dropping 10-30% of packets all day. Restarting the router temporarily fixes the issue but the issue comes back in less than an hour. .

[130s]

Today I had to reboot bb router 4 times so far withing 10 hrs range.

[130s]

Throughout today ping kept losing 10 to 40% packets constantly on multiple computers at my home (Linux, OSX) in Sacramento, CA.. I had to reboot the router 5+ times and right after the reboot the network recovers.

[130s]

Too premature assumption, but I found on Ubuntu Trusty host that ping didn't lose many packets when Firefox was not running. Then it starts losing a lot after FF started.

Now I'm running a set of experiments with FF running.

1) Just started FF without loading any tabs except for the one a focus was on before the FF was closed the last time.

[130s]

1) Just started FF without loading any tabs except for the one a focus was on before the FF was closed the last time.

This seemed fine.

$ ping google.com
:
--- google.com ping statistics ---
1347 packets transmitted, 1347 received, 0% packet loss, time 1347919ms
rtt min/avg/max/mdev = 13.166/15.355/77.144/2.800 ms

2) Opened a Gmail tab. Also opened a github.com tab for this ticket.

[130s]

2. Opened a Gmail tab. Also opened a github.com tab for this ticket.

$ ping google.com
:
2817 packets transmitted, 2815 received, 0% packet loss, time 3212268ms
rtt min/avg/max/mdev = 9.184/16.406/335.104/12.189 ms

3) Opened the 2nd Gmail tab along with the 1st Gmail tab.

[130s]

3. Opened the 2nd Gmail tab along with the 1st Gmail tab.

$ ping google.com
:
4321 packets transmitted, 4318 received, 0% packet loss, time 4325879ms
rtt min/avg/max/mdev = 10.920/20.887/369.756/29.983 ms

4) Open Google Photos.

[130s]

4. Open Google Photos.

$ ping google.com
:
6879 packets transmitted, 6879 received, 0% packet loss, time 6887432ms
rtt min/avg/max/mdev = 10.026/15.545/77.297/2.632 ms

5) Open Google Calendar.

[130s]

5. Open Google Calendar (accidentally opened https://gitlab.com/groups/ORGORG/-/boards/boardID?scope=all&utf8=%E2%9C%93&state=opened as well)

$ ping google.com
:
11700 packets transmitted, 11693 received, 0% packet loss, time 11714929ms
rtt min/avg/max/mdev = 9.732/26.818/669.047/50.134 ms

6) Opened https://ORGORG.sharepoint.com

[130s]

6. Opened https://ORGORG.sharepoint.com

$ ping google.com
:
4798 packets transmitted, 4791 received, 0% packet loss, time 4803552ms
rtt min/avg/max/mdev = 10.635/44.135/390.668/67.730 ms

7) Open drive.google.com

[130s]

7. Open drive.google.com

$ ping google.com
:
4825 packets transmitted, 4825 received, 0% packet loss, time 4830454ms
rtt min/avg/max/mdev = 9.685/16.542/233.818/11.688 ms

Conclusion of a day: Firefox (by itself) might have not affected network stability (glad to come up with this result).

[130s]

Moved to https://github.com/130s/30y-130s_life/issues/534#issuecomment-560052809. It's been stable for a month btw.