Port Scan knocking me offline.

"And I know the port scans are coming from cox because I've tracked the IP labeled as the source back to your NOC.  I suppose "

Why would Cox's NOC be running a port scan on every customer? Seems like a big jump from service interruption to port scan. Show your data?

Sure, I'll post it up tonight when I get home.

As for the "why" question, I didn't say they did it to every customer, and I know it's the port scans doing it because the other day I watched on my playstation and every time it got knocked off of PSN I checked the firewall log and there was a port scan entry matching the time I just got knocked off.  I checked it about 4 times just that night and every time it correlated with a log entry and source IP was always the same and target IP was always my modem/router combo.

I also can't answer why they would do it, ISP's do lots of strange things.

Kevin949 said:
 I checked it about 4 times just that night and every time it correlated with a log entry and source IP was always the same and target IP was always my modem/router combo.

Yea, would be interested in that source IP. And all the logs. Just be sure to remove anything private like MAC address and the last digit of your public IP, etc.

This is an example of one from earlier today that kicked me off.  And when I said I traced the IP, I did a Who Is lookup is all.  Sorry, not tryin to sound all smarmy or anything I was just...frustrated earlier.

The IP address is one of Cox's DNS server addresses. It would be normal to use that. I believe that is listed as one of the West Coast area DNS servers.

You might try updating your DNS servers in your internet configuration to be 68.105.28.13 and 68.105.29.13. That may solve the issue. I had issues with 68.105.28.11 and 68.105.29.11 awhile back and changed them and it seems to have solved any issues. I don't want to get into the gory details of why I was having problems because I don't have time right now, but in short it's accurate to say that the IP address coming in IS a legitimate hit from Cox's own DNS servers. Why it would be causing you problems is beyond me. Change your DNS configuration to use the two I mentioned and it may clear up any issues. Just note what's there before you change them so you can change back if it doesn't work. If you have any software or hardware set up to block incoming requests on that DNS address it could be the cause the problem. But...it seems unlikely that the normal port scan to keep Cox DNS alive for your connection is causing the drop issue, it's probably another issue.

I should also note, if you want to "opt-out" of their enhanced error page (getting re-directed to a page with links and ads when you type an errant address) use the dns servers I mentioned: 68.105.28.13, 68.105.29.13

Short answer: Change to static DNS 8.8.8.8 and 8.8.4.4 on each device or get a stand alone modem/router.

Long answer: Looks like your firewall is picking up late responses from your DNS 68.105.28.11 (cdns1.cox.net) as port scans 53 (DNS) for traffic. Hard to say if the router is not delaying the DNS quick enough (if you have DNS relay) or if the DNS servers themselves are acting screwey. I would try Google alt DNS above, Is it the router model DDW365? Not sure if possible, but see page 30 of manual. Looks like you can set the WAN connection type to static, and then just use everything you were using with DHCP, just change the DNS to above. This will only work for a short period of time, but enough to tell you if thats the problem.

The issues I had were with barefruit.co.uk making unwanted connections. This only happens with lower dns numbers than 68.105.28.13 and 68.105.29.13. This is Cox's redirect to the ad page when you can't find a page. I suspect somewhere along the way that nonsense is interfering with your connection. The solution is to use the servers above. They are rock solid for most anyone. Use Open DNS if you like the end result will be pretty much the same.

I'll have to check into that more, but last time I looked I wasn't able to change those settings.  At least not independent of everything else but I didn't mess around too much with it yet.  I did have my devices setup for OpenDNS already (been a user of them for years) but I changed them back to "auto" last night to see if this alleviates the issue (I don't think it will, if memory serves I had this issue before changing to opendns as well which is why I changed it over before).

No, I have the DDW366.  

smtips - I too would have to believe it's another issue somewhere, but I just simply made the correlation between the two events and figured with that information then it must either be cox or cox's equipment.  I'm wondering now if there's a warranty on this Ubee or if i can take it back and just get a straight modem and use my own router.  I miss my netgear router (which died just recently, sadly).

Kevin949 said:
 I did have my devices setup for OpenDNS already (been a user of them for years)

Was the IP of thew device as "target" in the firewall logs using OpenDNS? Is that maybe your game system? If so, what kind? Because it looks to be using DHCP DNS. Atleast trying to at the time of the log.

Health Edge said:

Kevin949 said:
 I did have my devices setup for OpenDNS already (been a user of them for years)

Was the IP of thew device as "target" in the firewall logs using OpenDNS? Is that maybe your game system? If so, what kind? Because it looks to be using DHCP DNS. Atleast trying to at the time of the log.

No, the IP of the target is always the Ubee (which is using DHCP DNS because I didn't see that it could be changed, and yes I do know what I'm looking for generally, I've actually worked in IT for about 15 years now).  I put the first three octets there earlier, if it was a local device it would be a 192 address.

Gaming device having the most trouble is my PS3 but my PS4 gets kicked off now and then as well.  As stated, I'm sure it affects my other devices but I'm not usually running applications on those that require a constant connection but rather just use a check-in style connection, or they buffer.

When I get off work today I'll go into the Ubee and see if I'm able to manually set the DNS to something else from the device instead of on my individual pieces of hardware.

If your doing heavy gaming I highly suggest getting a stand along router. If I can help get that one to work well, let me know.

Health Edge said:

If your doing heavy gaming I highly suggest getting a stand along router. If I can help get that one to work well, let me know.

Kevin949 said:
Yes i'm a heavy gamer BUT my game systems will get kicked out of PSN just sitting there at the main screen

The connection to PSN does eventually time out and have to be reconnected, and if there are DNS issues at the time, the error will occur. 

My main point is it's outbound activity, not a port scan inbound from Cox. So it's either something not related to your problem at all, or its related to the gateway or it's configuration. The problem is gateways are somewhat difficult to configure since they are designed to work system default. So even if the problem isn't the gateway, it will be easier to trouble shoot what ever the problem actually is.

If there's a timeout then I'm not sure how long it is because people their consoles on all night with no disconnects.  And besides, the "me getting kicked" issue isn't limited to just PSN it's just the most prevalent to me and most transparent of when the issue occurs.  Also, the timing would be random.  I could be on for hours and then suddenly get kicked off 3 times in a matter of minutes, or it could be 20 mins then 5 minutes.  Sometimes not at all.

Anyway, I got my settings set to a static IP (yes I know this won't work as a permanent solution) and I got my DNS settings in the router set to opendns.  No we will see how this works out!  So if the problem does go away is it safe to assume then that the issue is with Cox and not the equipment?

Kevin949 said:
If there's a timeout then I'm not sure how long it is because people their consoles on all night with no disconnects.

I think you misunderstood me. I didn't mean with a working connection a PS3/PS4 will timeout, I meant that a connection with a issue can cause the PS3/PS4 to time out even if it's not "doing" anything. The connection to PSN itself is a constant thing and the console and the network perform sync checks every once in a while. 

Anyway, how do you have the game consoles configured? Static DNS like the rest of the computers? Its a matter of isolating a issue with the Ubee gateway between handling DNS requests and the DNS service itself. The log seems to show the game console requesting activity on port 53 which is for DNS to a Cox DNS IP.