Skip to content
Skip to main content

  • Home

atlantavision's profile
atlantavision

New Member

 • 

1 Message

Tuesday, August 11th, 2015 8:00 AM

Constant Drops in Connection

We are having constant drops in connection to all internet websites and our software that is now hosted locally.  We have purchased a brand new gaming router to optizmize speed and wireless connections.  Please help asap. 

Question

 • 

Updated 

9 years ago

2.1K

3

0

0

mtsinc1

Visitor

 • 

5 Messages

9 years ago

I have been having a similar problem for quite a while now. When I have a connection, speed is good. But getting a connection open is horrible. Simple DNS lookups can take 5 seconds or longer. Or timeout entirely. The router fails to ping comcast.com half the time, much less anywhere more distant. It's like someone's playing Morse Code with the cable.

 

Both WiFi and LAN services are essentially useless and the only thing that allows me to get any work done is that I have a secondary ISP  which doesn't have that problem. It's only the Comcast link that's failing me.

0

0

kraze

Problem solver

 • 

305 Messages

9 years ago

I'd recommend both of you taking a look at this thread to see if that helps.

http://forums.businesshelp.comcast.com/t5/Connectivity/Connection-Troubleshooting-Tips/m-p/25861#U25861

 

If it doesn't make a post with the needed information and we can see what we can do to assist.

0

0

mtsinc1

Visitor

 • 

5 Messages

9 years ago

Turns out I was being DDOS'ed. I've experienced issues with the DNS Reflection attack before, but this time it was an NTP attack I'd never heard about. Since these things tend to come in statistical waves, I evidently missed seeing all the NTP packets or else didn't realize just how many of them were there. The Comcast tech came on premises and discovered the offence by unplugging the servers. Since his visit coincided with a major attack, we were able to nail it down fairly quickly.

 

Although this particular exploit was widely reported in January 2014, the current versions of RedHat/CentOS 6 and 7 are still working on an old version of NTPD that predates the exploit fix. There are some firewall rules that should control it: http://www.team-cymru.org/secure-ntp-template.html

 

What made this attack especially hard to spot was that it leaked over onto apparently unrelated equipment. The router itself was unable to locate or ping comcast.com and thus WiFi AND LAN services were both being choked.

 

I've turned off all NTP services. Still being massively bombarded from outside and the Cisco router's firewall isn't discriminating enough to block just NTP, but with any luck, now that there's nothing exploitable the incoming attacks will fade.

0

0