6 Messages
Connectivity Drops due to "DoS Attack: ACK scan"
I am hoping someone can help. My Xfinity internet intermittently completely drops out, on both ethernet connections and Wifi, on avg, about 2-3 times per hour. However it will sometimes go a few hours without it happening at all. When it is stable, it works great (great down/up speeds, ping time, no latency, no packet loss). But when it drops, it completely drops. I am typically alerted due to either being on a zoom call and it losing connection or my nest game will send an alert that it lost connection. Once connection is lost, it reconnects almost immediately.
I have done all of the following troubleshooting. I am using a Netgear Nighthawk CAX80 Modem/Router with my main computer directly wired to the modem.
1) Replaced Modem with a new modem
2) Replaced all ethernet cables
3) Replaced access points (2)
4) Tried on multiple computers
5) Replaced cable that goes from Xfinity box on side of my house to the Modem
6) Ensured modem firmware was up to date
I have run a network stability monitor to track stability over time and it identified the spikes with the internet outages. I have reviewed the Modem logs and I have identified a pattern where the modem logs a "(DOS attack) ACK scan" every time an outage occurs (see screenshot below for correlation), with the inbound IP address changing fairly frequently (not coming from the same IP every time). I have researched that specific log entry and the consensus is, if it were a typical DOS attack, it wouldnt say "scan" and it would be ongoing, not just once every 30 minutes. In addition, all the Nighthawk forums say they are more than likely "false positives" where the modem identifies certain activity as a DOS, when it really is normal activity from certain websites or services.
I am completely out of ideas on how to resolve, any other thoughts or direction would be greatly appreciated. Thanks
user_bqimni
6 Messages
5 days ago
Also, I looked up the IP addresses that are triggering the "DOS attack" and they are coming from Microsoft, Apple and Amazon...which leads me to believe it might be normal traffic that is somehow triggering this.
0
0
RB_MD
Contributor
•
20 Messages
5 days ago
Have you tried (temporarily?) turning off DOS protection in the router's WAN settings?
1
0
user_bqimni
6 Messages
5 days ago
Cable Diagnostic
Status: Good
Action: Your setup looks fine. If you are still experience an internet issue, the Netgear Cable Knowledge Base can provide additional troubleshooting info.
Internet Access: Good
Downstream Status: Good
Downstream Power Level: Good
Downstream SNR: Good
Upstream Status: Good
Upstream Power Level: Good
Current time: Sat Mar 29 09:00:14 2025
Startup Procedure
Acquire Downstream Channel: 633 MHz Locked
Connectivity State: OK Operational
Boot State: OK Operational
Security: Enabled BPI+
Downstream Bonded Channels
Channel LockedStatus Modulation ChannelID Frequency Power SNR Correctables Uncorrectables
1 Locked 256 QAM 44 633000000 Hz 3.8 dBmV 43.6 dB 31652 21438
2 Locked 256 QAM 13 447000000 Hz 2.4 dBmV 44.1 dB 156484 81036
3 Locked 256 QAM 14 453000000 Hz 2.7 dBmV 44.3 dB 149464 77173
4 Locked 256 QAM 15 459000000 Hz 2.7 dBmV 44.2 dB 26315 24247
5 Locked 256 QAM 16 465000000 Hz 2.5 dBmV 44.2 dB 118484 59779
6 Locked 256 QAM 17 471000000 Hz 2.6 dBmV 44.2 dB 137857 68397
7 Locked 256 QAM 18 477000000 Hz 3 dBmV 44.3 dB 23004 26414
8 Locked 256 QAM 19 483000000 Hz 2.8 dBmV 44.2 dB 95427 47202
9 Locked 256 QAM 20 489000000 Hz 2.6 dBmV 42.4 dB 143699 69906
10 Locked 256 QAM 21 495000000 Hz 2.9 dBmV 43.3 dB 26343 27645
11 Locked 256 QAM 22 501000000 Hz 3.1 dBmV 43.5 dB 74228 36064
12 Locked 256 QAM 23 507000000 Hz 3.1 dBmV 44.3 dB 123159 60284
13 Locked 256 QAM 24 513000000 Hz 3 dBmV 44.1 dB 21856 28163
14 Locked 256 QAM 25 519000000 Hz 3 dBmV 44.2 dB 53168 28292
15 Locked 256 QAM 26 525000000 Hz 3.1 dBmV 44.2 dB 115963 54521
16 Locked 256 QAM 27 531000000 Hz 3.4 dBmV 44.3 dB 20371 30229
17 Locked 256 QAM 28 537000000 Hz 3 dBmV 44.1 dB 44660 24731
18 Locked 256 QAM 29 543000000 Hz 2.8 dBmV 44 dB 102511 49273
19 Locked 256 QAM 30 549000000 Hz 3 dBmV 44 dB 21450 33431
20 Locked 256 QAM 31 555000000 Hz 3.2 dBmV 43.8 dB 31245 19114
21 Locked 256 QAM 32 561000000 Hz 3.2 dBmV 37.5 dB 111695 49469
22 Locked 256 QAM 33 567000000 Hz 3.3 dBmV 42.7 dB 21194 32170
23 Locked 256 QAM 34 573000000 Hz 3.7 dBmV 43.7 dB 21380 15821
24 Locked 256 QAM 35 579000000 Hz 3.6 dBmV 44 dB 65180 35476
25 Locked 256 QAM 36 585000000 Hz 3.8 dBmV 44.2 dB 17499 32356
26 Locked 256 QAM 37 591000000 Hz 3.9 dBmV 43.1 dB 16525 14687
27 Locked 256 QAM 38 597000000 Hz 3.9 dBmV 43 dB 50139 28697
28 Locked 256 QAM 39 603000000 Hz 3.8 dBmV 43.8 dB 17863 31323
29 Locked 256 QAM 40 609000000 Hz 3.9 dBmV 43.8 dB 14280 14009
30 Locked 256 QAM 41 615000000 Hz 3.5 dBmV 44 dB 41092 25871
31 Locked 256 QAM 42 621000000 Hz 3.8 dBmV 44 dB 16672 28831
32 Locked 256 QAM 43 627000000 Hz 4.1 dBmV 44.1 dB 11521 12755
Upstream Bonded Channels
Channel LockedStatus ChannelType ChannelID SymbolRate Frequency Power
1 Locked ATDMA 20 5120 Ksym/sec 35600000 Hz 40.0 dBmV
2 Locked ATDMA 18 5120 Ksym/sec 22800000 Hz 40.3 dBmV
3 Locked ATDMA 19 5120 Ksym/sec 29200000 Hz 39.8 dBmV
4 Locked ATDMA 17 5120 Ksym/sec 16400000 Hz 40.3 dBmV
5 Not Locked Unknown 0 0 0 0.0
6 Not Locked Unknown 0 0 0 0.0
7 Not Locked Unknown 0 0 0 0.0
8 Not Locked Unknown 0 0 0 0.0
Downstream OFDM Channels
Channel LockedStatus ProfileID ChannelID Frequency Power SNR/MER ActiveSubcarrier Unerror Correctable Uncorrectable
1 Locked 0 ,1 ,2 ,3 193 722000000 Hz 5.08 dBmV 43.9 dB 328 ~ 3767 2622306594 632358127 467554
2 Locked 0 ,1 ,2 ,3 194 957000000 Hz 5.58 dBmV 43.6 dB 148 ~ 3947 2678112195 452753168 145379
Upstream OFDMA Channels
Channel LockedStatus ProfileID ChannelID Frequency Power
1 Not Locked 0 0 0 Hz 0 dBmV
2 Not Locked 0 0 0 Hz 0 dBmV
0
0
user_bqimni
6 Messages
5 days ago
Below is the Cable Diagnostic info with Mac addresses removed:
Event Log
Time Priority Description
Sat Mar 29 08:53:22 2025 Notice CM-STATUS message sent. Event Type Code: 16; Chan ID: 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 1.;
Sat Mar 29 08:02:52 2025 Notice CM-STATUS message sent. Event Type Code: 24; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID:
Sat Mar 29 07:58:37 2025 Warning Dynamic Range Window violation
Sat Mar 29 07:58:37 2025 Warning RNG-RSP CCAP Commanded Power Exceeds Value Corresponding to the Top of the DRW;CM-MAC=
Sat Mar 29 07:58:03 2025 Notice CM-STATUS message sent. Event Type Code: 16; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 2 3.;CM-MAC=
Sat Mar 29 07:56:43 2025 Notice CM-STATUS message sent. Event Type Code: 16; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 3.;CM-MAC=
Sat Mar 29 07:45:17 2025 Notice CM-STATUS message sent. Event Type Code: 24; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 2 3.;CM-MAC=
Sat Mar 29 07:42:47 2025 Notice CM-STATUS message sent. Event Type Code: 16; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 2 3.;CM-MAC=
Sat Mar 29 04:55:11 2025 Notice CM-STATUS message sent. Event Type Code: 24; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 3.;CM-MAC=
Sat Mar 29 04:50:28 2025 Notice CM-STATUS message sent. Event Type Code: 16; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 3.;CM-MAC=
Sat Mar 29 04:37:45 2025 Notice CM-STATUS message sent. Event Type Code: 24; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 3.;CM-MAC=
Sat Mar 29 04:36:22 2025 Warning Dynamic Range Window violation
Sat Mar 29 04:36:22 2025 Warning RNG-RSP CCAP Commanded Power Exceeds Value Corresponding to the Top of the DRW;CM-MAC=;CMTS-MAC=
Sat Mar 29 04:36:06 2025 Critical Started Unicast Maintenance Ranging - No Response received - T3 time-out;CM-MAC=;CMTS-MAC=
Sat Mar 29 04:36:05 2025 Notice CM-STATUS message sent. Event Type Code: 16; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 3.;CM-MAC=5;CMTS-MAC=
Sat Mar 29 04:36:03 2025 Critical Started Unicast Maintenance Ranging - No Response received - T3 time-out;CM-MAC=;CMTS-MAC=
Sat Mar 29 03:37:26 2025 Notice CM-STATUS message sent. Event Type Code: 24; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 3.;CM-MAC=;CMTS-MAC=
Sat Mar 29 03:36:22 2025 Warning Dynamic Range Window violation
Sat Mar 29 03:36:22 2025 Warning RNG-RSP CCAP Commanded Power Exceeds Value Corresponding to the Top of the DRW;CM-MAC=;CMTS-MAC=
Sat Mar 29 03:36:15 2025 Notice CM-STATUS message sent. Event Type Code: 16; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 3.;CM-MAC=CMTS-MAC=
Sat Mar 29 03:36:06 2025 Critical Started Unicast Maintenance Ranging - No Response received - T3 time-out;CM-MAC=-MAC=
Sat Mar 29 03:34:37 2025 Notice CM-STATUS message sent. Event Type Code: 24; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 3.;CM-MAC=
Sat Mar 29 03:33:26 2025 Notice CM-STATUS message sent. Event Type Code: 16; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 3.;CM-MAC=
Sat Mar 29 03:33:20 2025 Notice CM-STATUS message sent. Event Type Code: 16; Chan ID: 193; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 3.;CM-MAC=
Sat Mar 29 03:31:25 2025 Notice CM-STATUS message sent. Event Type Code: 24; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 3.;CM-MAC=
Sat Mar 29 03:28:24 2025 Notice CM-STATUS message sent. Event Type Code: 16; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 3.;CM-MAC=
Sat Mar 29 03:28:21 2025 Critical Started Unicast Maintenance Ranging - No Response received - T3 time-out;CM-MAC=54:07:7d:c6:8d:78;CMTS-MAC=
Sat Mar 29 03:27:18 2025 Critical UCD invalid or channel unusable;CM-MAC=;CMTS-MAC=;CM-QOS=1.1;CM-VER=3.1;
Sat Mar 29 03:27:18 2025 Notice DS profile assignment change. DS Chan ID: 33; Previous Profile: ; New Profile: 1 2 3.;CM-MAC=;CMTS-MAC=
Sat Mar 29 03:07:18 2025 Notice CM-STATUS message sent. Event Type Code: 1; Chan ID: 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: N/A.;CM-MAC=;CMTS-MAC=
Sat Mar 29 03:07:13 2025 Warning MDD message timeout;CM-MAC=;CMTS-MAC=;CM-QOS=1.1;CM-VER=3.1;
Sat Mar 29 01:18:05 2025 Notice CM-STATUS message sent. Event Type Code: 24; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 1 2 3.;CM-MAC=;CMTS-MAC=
Sat Mar 29 01:12:47 2025 Warning Dynamic Range Window violation
Sat Mar 29 01:12:47 2025 Warning RNG-RSP CCAP Commanded Power Exceeds Value Corresponding to the Top of the DRW;CM-MAC=;CMTS-MAC=
Sat Mar 29 01:12:45 2025 Warning Dynamic Range Window violation
Sat Mar 29 01:12:45 2025 Warning RNG-RSP CCAP Commanded Power Exceeds Value Corresponding to the Top of the DRW;CM-MAC=;CMTS-MAC=
Sat Mar 29 01:12:45 2025 Warning Dynamic Range Window violation
Sat Mar 29 01:12:45 2025 Warning RNG-RSP CCAP Commanded Power Exceeds Value Corresponding to the Top of the DRW;CM-MAC=8;CMTS-MAC=
Sat Mar 29 01:12:34 2025 Notice CM-STATUS message sent. Event Type Code: 16; Chan ID: 193 194; DSID: N/A; MAC Addr: N/A; OFDM/OFDMA Profile ID: 2 3.;CM-MAC=;CMTS-MAC=
0
0
XfinityDena
Official Employee
•
3.1K Messages
3 days ago
@user_bqimni Thank you for reaching out. Have you had a technician to your home? You stated you replaced the coax cable from your home to the box, and I was wondering if that was personally completed by you or a professional?
2
0