Was wondering if anyone came across a similar issue. I have a cable modem hooked up to a wireless router, and serve the connection out to multiple machines. This has worked great for about 3 months.
Recently, I noticed that it would drop the connection about once a day. I would reset the modem (physically unplug/replug back in) and all would be fine. It started happening about 3-4 times a day, now it is happening all the time.
I have WEP security on the wireless, and can access my LAN just fine, just can't connect on any computer out to the internet until I reset my modem.
Both machines are using wireless NICs, any ideas in how to troubleshoot/fix the problem? It is kinda frustrating to have to reset about every half hour.
Could it be a problem with Time Warner? My wireless Linksys router? I don't think it has to do with the computers, because both are experiencing the same problem.
Cable modems in particular will commonly use DHCP to assign you with an IP address. This is leased for a set period of time (usually a couple of hours) when it is automatically renewed by your cable modem. If it fails to renew the IP, your connection drops. A possibility is that a software firewall or other security application is getting in the way and blocking this renewal. Check your logs for blocking of ports 67 or 68 or blocking of IPs 255.255.255.255 or maybe in the
10.x.x.x range (do a trace route to
formatting link
and see the IP of the first hop). Your ISPs DHCP server might be being blocked as well (ask your ISP for the IP).
Another possibility is that you are being targeted by a DoS attack. A DoS attack can disrupt your cable modem and/or your router. Check your routers log.
A third possibility is some problem with the signal your ISP is providing you. You could have them make a physical and local inspection on the cables that lead to your modem.
With my cable ISP, the lease time is one week. The IP is virtually static and I've also got a consistent host name, so even if the IP changes, I can still use the host name to get the new address.
The funny thing with cable is that even though the lease time could be as short as I mentioned, it usually gets the same IP as before. So it is possible to keep the same IP for months even though it is being dynamically regenerated.
Cable networks can often have static IPs too (I´m not sure how DHCP works in that scenario, if at all). So I guess it is up to the ISP to define how this going to be done.
I guess my post suggested all cable networks work the same way but this is far from the truth.
Normally, there's no reasonwhy the address should change, provided it's renewed before the lease expires. With my ISP, an address change occurs only when there's a change of hardware or cable network. There are some ADSL providers, who force frequent changes.
If you have a static address, there's no need for DHCP. However, there's one method of assigning resevered address, according to MAC address, using DHCP.
It is possible for malware to cause the behavior you experienced but more as a side effect rather than its purpose. This is specially so if there are multiple infections that could be conflicting with each other.
Malware have different objectives ranging from spying on your surfing habits to logging your passwords to using your machine as a Zombie to attack others. Your machine must be working properly for this, there is nothing to be gained by crippling your machine or it´s connectivity to the internet (critical if it wants to attack others, spread and communicate with the hacker).
The first step you have done, disinfect your machine. It is advisable that you take additional action to avoid future attacks. The "Exploit ActiveX Trojan" suggests you navigated to a malicious website. Can your security solution deal with this, for example?
Overall, have you proper security applications in place? A software firewall and an automatically updated anti-virus are a *minimum* these days. Have you secured your wireless connection? WEP is extremely weak to solely protect you. There are techniques to hack into WEP within seconds.
Really? WOW, I have WEP installed (128) but didn't know it was that insecure. I have updated virus and adware checkers now running, but trying to figure out how to install a firewall at the router level. I have a Linksys, is there software that I can install as a firewall on the router, or do I need to install the firewall on each machine (which could be a pain).
I see in the logs on the router that there are incoming access on ports in the 1000's. These seemed to be from the same IP, so that could be my problem as well. I even see one coming into port 80. How do I block these on the router? I don't see anything in the router config to tie down ports.
Thanks. I am kinda new at this and really appreciate all your help! Take it easy.
By the way, I have Mcafee internet suite with the firewall if I need to install that on each machine, I was just hoping there was something that I could buy that would allow me to have the firewall on the router instead of installing to each machine.
128 bits? Ok, make that a couple of minutes :-) There are many different architectures and ways to secure a LAN. I never heard of routers running software firewalls (specially cheap home routers) but I have heard of gateway server PCs (such as IPCop or m0n0wall). A gateway PC server could provide you with greater ease of maintenance and configuration such as the one you envision.
But let´s take a step back for a second. Your router is your first line of defense (blocks outside connections from getting in), your anti-virus/anti-spyware is your second (prevents malware from installing) and software firewalling is third (prevents malware from communicating to the outside). There are additional layers in between and beyond those too, but let´s keep it simple for now. It seams to me that your second line of defense failed so you might want to check for better solutions in that area before adding a third layer (how about blocking or filtering ActiveX, Javascript and Java for example?). And let´s not forget securing that wireless entry.
Inbound connections are *automatically* blocked by your router (unless you have forwarded ports or put a PC in the DMZ). Don´t worry about those, your router is taking care of them. A trojan will most likely use common ports (such as 80) to disguise its communications. There is no way a router can tell the difference between your browser accessing a webpage from a trojan connecting to a hacker through port 80.
Going back to your previous problems of dropped connections, I saw this article that starts just like you did.
formatting link
the problem was related to the wireless feature. Your problem appears to be in that area so I would suggest you look into that and then on how to harden your security (both wireless and overall).
Look into newsgroups that discuss wireless and security specifically. Over here it is kinda off-topic (apologies to all for my extended rambling) and I´m sure there are more knowledgable users over there about these subjects.
I don't think a firewall with code embedded in firmware is called a 'software' firewall. That would be considered a 'dedicated' hardware firewall by most and could reside in a router. Software firewalls are programs you run on an ordinary OS to perform the same/similar function as the dedicated hardware box version.
What is the current recommendation on wireless security for a simple home network? I'm looking to upgrade my existing cards (one of which is still WEP-40, which is why I need to upgrade), and am willing to upgrade the entire network if the new stuff is a) significantly better than WEP-128; and b) probably going to be "secure enough" for a while.
Anything coming up that might be worth waiting for?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.