Avatar of A C
 asked on

Can someone explain why is this happening? Am I getting hacked

So this is my residential router is a netgear gateway C3700-100NAS with Spectrum Internet. Usually I have no problems. But every so often, intermittently and not very predictable, I would notice my Internet slow down to a crawl, and even pinging or www.yahoo.com will time out or have insane times.

I checked my netgear gateway C3700-100NAS logs and saw this.... Apparently in the span of less than a minute or so there were hundreds of entries for Source of "" and Target/Destination of "". Neither of these IPs have anything to do with my residential IP address nor would/should any device on my network be sending nor receiving anything to or from any of these IP addresses.

Based on a simple lookup it appears that is Location is Washington D.C. (Northwest Washington), District of Columbia US - ISP is Cogent Communications and that is Location is Columbus, Ohio US - ISP is DoD Network Information Center.

Can anyone have any idea what is going on?

RoutersNetworking* NetgearSecurity

Avatar of undefined
Last Comment

8/22/2022 - Mon
Jason Carson

According to those logs that is a 'denial of service' attack. The good news is you probably haven't been hacked, but whoever is doing it is flooding your router with so many packets that it denies you, or severely limits, your Internet access.

To give you an analogy, your Internet access could be thought of as a highway. And each packet is a car. The attacker is flooding the highway with packets and it brings traffic to a stall.

One way to get around it may be to simply reboot your modem so it receives a new IP.

Okay thanks. But one of the problem is I'm with TWC /Spectrum and they statically assign public IP addresses so I'm stuck with the one I have gotten. The only time that I ever gotten a new IP was when my previous router died and when I got a replacement router I had to call them in with the MAC/ CM MAC info and that is after they registered the new Router on their end (also the same C3700 netgear model) I noticed when going to whatismyipaddress that I gotten a new public IP address. It doesn't happen all the time but when it does happen it slows me down to a crawl and usually a reboot stops it, but not because it changed to a different IP address (its static)

The other thing I thought was strange is that assuming the IP address are legit and not spoofed or anything, apparently based on whatever public records available it appears to be coming from a government network going to another government network

All of them are Source of "" and Target/Destination of ""

☠ MASQ ☠

Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes

@MASQ, if the source and destination are both public IP addresses that related to mine and not  under my control (as indicated in the logs) how would I know which, if any, computer or device on my home ISP might have been inadvertently compromised? There doesn't seem to be a way for me to find out from these netgear logs.
☠ MASQ ☠

The "Old-School" solution would be to shutdown your network connected devices, temporarily disable the WiFi in the router or wired connection to access points and then restart the router followed by a wired connection to the least likely machine to have an infection.  Check the Router logs through that machine and see if you've any change in behaviour.
Jason Carson

You can download and install the free version of Malwarebytes. Then use it to scan your computers.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

It might be time consuming but MASQ's advice is right on. Disconnect everything and see if the DDoS attacks (or whatever exactly the traffic is doing) stops. Then add each device back one at a time watching the logs. Also, scan all your devices using Malwarebytes, et. al. as mentioned already. Remember, malware can hide in even the most innocuous network connected devices! Good luck and let us know what you find, if anything.

Take your logs, email them to the abuse@cogent as reflected in the arin.net registration record for the
They will address the issue while suggestion provided is helpful, in the example it seems the originating system us broadcasting/multicasting to your providers class C segment

Your Netgear identifies the type of attack it sees, ..........

You could cite your issue to Spectrum. Unless you have a static IP address from them, they can get rid of your DHCP lease, which would at least help you get a new IP address. This requires your calling them.

Do you have anything on your network that you intended to be accessible from the outside? If so, you may want to take a look into that. Also check your router for anything strange, like maybe leaving remote administration on by mistake. At least review the things you have control over.

Note: This is not getting you out of following the advice MASQ provided, or looking into what arnold provided.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck

I'm still getting hit and it appears that its getting stranger. See screenshot

The IP addresses don't even make sense now...

apparently SOURCE is which says it is a DoD IP address that I can't ping when I try... and DESTINATION is going to, which isn't a valid IP address at all and has no information when I try to look up online. My actual ISP public IP is 76.x.x.x, with TWC, Spectrum etc. I don't have ANY devices on my network that would need or be communicating with either or and yet somehow in the span of less than a minute I could get hundreds of logged attempts of something from trying to get to It definitely slows my internet to a crawl when it happens, and I have no idea why it is even happening at all.


As your rourer log indicate it is an attack.
The only way to prevent a nock at the for, is to report the potential intruder to those who provide access, their ISP.

Reach out to your ISP and see whether they can intervene or assist potentially it might be affecting other customers, if not potentially compromising some to ...  That they will be seeing complaints about attacks originating from their network.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question