Ask
Reply
Solution
19-04-2022 09:49 PM - edited 19-04-2022 09:51 PM
Hi all ,
I have a Vox 3 router on FTTC service. For the last few weeks ive noted glitches when using streaming apps on my tv such as BBC iplayer, itv catchup etc etc.
I'd be watching a programme and suddenly it would stop, appear to be buffeering, then blank. It would usually pickup again maybe 10-15 seconds later.
It had the mark of a dropped connection. Eventually i decided to investigate and logging into the router, i noted that the line had been up for quite a long time and there was no evidence of droppage.
In the log though there are multiple ongoing entries of connection attempts apparently blocked by the firewall.
example IPs include ;
101.78.3.247
92.63.197.94
192.241.211.141
141.98.11.32
167.248.133.130
and others. When i look up these IPs they seem to be everywhere..
So whats going on? could a device on my network soliciting these requests? why? how?
My current plan is to power off the router and hope to pick up a new IP and see what happens next.
The dialogue that comes with these blocked requests is as in this example.
[1324390.688056] DROP wan in: IN=pppoe-wan OUT= MAC= src=167.248.133.130 DST=90.243.79.154 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=45186 PROTO=TCP SPT=28457 DPT=623 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
any ideas?
I am certain these incoming requests are what is causing streaming to glitch
PS
interspersed with these incoming attempts are several lines of..
20-04-2022 10:49 PM - edited 20-04-2022 10:51 PM
@dooper wrote:If i do whois lookups on some of these IPs then the next question i ask is why are potential port scans being launched from seeming legitimate organization's?
As above, some applications and websites do legitimately use port scanners.
@dooper wrote:If this is a widespread issue, why does vodafone seek to block them at their end rather than allowing them to flow on its network and then leaving it to customers routers to block?
Because it's like the game 'whac a mole,' you might as well ask VF to block the whole internet across their network. That is why you have a firewall to prevent attacks.
@dooper wrote:Going back to my streaming hiccups on iplayer and similar, the smart tv is the only item that is hard wired to the router because i thought it would ensure consistent throughput. There is very little demand on bandwidth other than when streaming but then in the past ive streamed on an ADSL line with no issues
In the log im not seeing any DSL downtime and there is a very good synch capacity.
That's a positive at least, so the line is more than likely fine. Would you mind doing a speedtest on Ookla?
20-04-2022 11:36 PM
The above is the result of running Skynet for just a couple of hours (and those are only the top 10 IPs that have attempted to probe the network here. Am I worried? Not in the slightest, these probes are all things that even the most basic firewall should catch!
Think of the firewall on your router as the bouncer outside a club where no one can get in without an invitation, and only you can issue those invitations. I could take the analogy further, but I hope you get the drift.
21-04-2022 12:01 AM
You could also try posting the DSL stats, so we can see if there is anything untoward in there.
Current Rate | 79998 kbps | 20000 kbps |
Maximum Rate | 82146 kbps | 27372 kbps |
Signal-to-Noise Ratio | 4.3 dB | 10.4 dB |
Attenuation | DS1 9.1 dB, DS2 22.0 dB, DS3 34.4 dB | US0 2.0 dB, US1 15.1 dB, US2 24.5 dB |
Power | 12.8 dBm | 4.3 dBm |
CRC Errors in last 3553 minute(s) | 0 | 574 |
K (number of bytes in DMT frame) | 0 | 0 |
R (number of bytes in RS code word) | 8 | 0 |
S (RS code word size in DMT frame) | 0.0680 | 0.3819 |
D (interleaver depth) | 8 | 1 |
Delay | 0 ms | 0 ms |
Super Frames | 0 | 34895389 |
Super Frame Errors | 0 | 574 |
RS Words | 3904217792 | 2233154974 |
RS Correctable Errors | 71812 | 0 |
RS Uncorrectable Errors | 0 | 0 |
HEC Errors | 0 | 0 |
OCD Errors | 0 | 0 |
LCD Errors | 0 | 0 |
Total Cells | 2732482064 | 0 |
Data Cells | 288935793 | 0 |
Bit Errors | 0 | 0 |
Total ES | 0 | 431 |
Total SES | 0 | 8 |
Total UAS | 27 | 27 |
21-04-2022 05:03 PM
.@dooper we all get strange attempts to connect. As long as they don't pass your firewall it's not a problem.
Should you ever feel inclined (or bored) you can look them up, like this;
https://www.abuseipdb.com/check/192.241.211.141
Where you can get reports like this;
This IP address has been reported a total of 384 times from 97 distinct sources. 192.241.211.141 was first reported on November 18th 2021, and the most recent report was 6 hours ago.
20-04-2022 11:22 PM
@dooper wrote:If this is a widespread issue, why does vodafone seek to block them at their end rather than allowing them to flow on its network and then leaving it to customers routers to block?
Vodafone have no idea if packets destined for your IP are legitimate or not. Can you imagine the outcry if they started blocking anything they thought might be suspicious. They would (rightly) be accused of acting like "The Great Firewall of China".
20-04-2022 10:24 AM - edited 20-04-2022 10:28 AM
When you are referring to the blocks in your log, those are dropped connections by port scanners. Your firewall is doing a good job by ignoring them and shouldn’t be affecting your streaming. Port scanners look for open ports to probe and exploit. If you’re worried about this type of thing, switch off UPnP as that’ll create port forwarding rules automatically, leaving holes in your firewall but may cause issues with devices that need port forwarding.
Try going onto ‘Expert Mode’ and see your DSL status. How many drops are you having?