Arris TG1682G F/W: 9.1.103BP BootCode: 4.2.0.45 H/W Version: 11
It seemed like my cable modem (info on the subject line), was flashed with a firmware that was vulnerable since all the traffic are directed to the 5GHz bypassing the firewall.
2019-04-22 04:12:16.00 [DOS]UDP Packet - Source:192.168.254.254,882 Destination:192.168.254.253,60556
2019-04-22 04:12:20.00 [UNPRIV TCP packet: ]TCP Packet - Source:60.15.34.250,35071 Destination:68.5.5.234,4489
2019-04-22 04:12:23.00 [DOS]UDP Packet - Source:192.168.254.254,937 Destination:192.168.254.253,111
2019-04-22 04:12:29.00 [DOS]UDP Packet - Source:192.168.254.254,611 Destination:192.168.254.253,111
2019-04-22 04:12:34.00 [UNPRIV TCP packet: ]TCP Packet - Source:212.8.249.218,56588 Destination:68.5.5.234,9027
2019-04-22 04:12:35.00 [DOS]UDP Packet - Source:192.168.254.254,656 Destination:192.168.254.253,60556
2019-04-22 04:12:41.00 [DOS]UDP Packet - Source:192.168.254.254,712 Destination:192.168.254.253,60556
2019-04-22 04:12:46.00 [DOS]UDP Packet - Source:192.168.254.254,756 Destination:192.168.254.253,60556
2019-04-22 04:12:53.00 [UNPRIV TCP packet: ]TCP Packet - Source:89.248.168.51,37452 Destination:68.5.5.234,5683
2019-04-22 04:12:53.00 [DOS]UDP Packet - Source:192.168.254.254,818 Destination:192.168.254.253,60556
2019-04-22 04:12:58.00 [DOS]UDP Packet - Source:192.168.254.254,861 Destination:192.168.254.253,111
2019-04-22 04:13:05.00 [DOS]UDP Packet - Source:192.168.254.254,928 Destination:192.168.254.253,60556
2019-04-22 04:13:08.00 [UNPRIV TCP packet: ]TCP Packet - Source:212.8.249.218,56588 Destination:68.5.5.234,8814
2019-04-22 04:13:11.00 [DOS]UDP Packet - Source:192.168.254.254,602 Destination:192.168.254.253,60556
2019-04-22 04:13:16.00 [DOS]UDP Packet - Source:192.168.254.254,645 Destination:192.168.254.253,111
2019-04-22 04:13:22.00 [DOS]UDP Packet - Source:192.168.254.254,713 Destination:192.168.254.253,111
2019-04-22 04:13:29.00 [DOS]UDP Packet - Source:192.168.254.254,756 Destination:192.168.254.253,60556
2019-04-22 04:13:29.00 [UNPRIV TCP packet: ]TCP Packet - Source:212.8.249.218,56588 Destination:68.5.5.234,4583
2019-04-22 04:13:30.00 [UNPRIV TCP packet: ]TCP Packet - Source:212.8.249.218,56588 Destination:68.5.5.234,7476
2019-04-22 04:13:35.00 [DOS]UDP Packet - Source:192.168.254.254,818 Destination:192.168.254.253,60556
2019-04-22 04:13:40.00 [DOS]UDP Packet - Source:192.168.254.254,860 Destination:192.168.254.253,60556
2019-04-22 04:13:41.00 [UNPRIV TCP packet: ]TCP Packet - Source:202.29.57.103,32767 Destination:68.5.5.234,8545
2019-04-22 04:13:47.00 [DOS]UDP Packet - Source:192.168.254.254,926 Destination:192.168.254.253,60556
2019-04-22 04:13:53.00 [DOS]UDP Packet - Source:192.168.254.254,602 Destination:192.168.254.253,60556
2019-04-22 04:13:58.00 [DOS]UDP Packet - Source:192.168.254.254,646 Destination:192.168.254.253,60556
2019-04-22 04:14:05.00 [DOS]UDP Packet - Source:192.168.254.254,712 Destination:192.168.254.253,60556
2019-04-22 04:14:10.00 [DOS]UDP Packet - Source:192.168.254.254,754 Destination:192.168.254.253,60556
2019-04-22 04:14:12.00 [UNPRIV TCP packet: ]TCP Packet - Source:212.8.249.218,56588 Destination:68.5.5.234,7088
2019-04-22 04:14:16.00 [DOS]UDP Packet - Source:192.168.254.254,818 Destination:192.168.254.253,60556
2019-04-22 04:14:19.00 [UNPRIV TCP packet: ]TCP Packet - Source:212.8.249.218,56588 Destination:68.5.5.234,6550
The router/cable modem was rebooted but I noticed a reset as the firmware was updated back to the current version.
Thank you.
./nukem