I wouldn't swap anything until Roku patches a new vulnerability with streaming-media devices (Chromecast, Google Home, Roku, Sonos, thermostats). One of its many potentially malicious acts is to provide a denial-of-service with Roku.
The vulnerability is called DNS Rebinding and it exploits the "implicit trust" between all devices on your personal network. For example, if you want to control your Sonos with an Android smartphone, Sonos will implicitly trust the smartphone as long as it has an IP address from your home router, which would be a private IP address.
Basically, a malicious ad loads on a web page. No big whoop because your safe-surfing habits prevent you from clicking it. However, when the ad loads, it makes a DNS request of a [malicious] website.
The way DNS works is if the Cox DNS can't resolve a URL, the DNS process will find the "authoritative" server hosing the domain of said URL. It's a legit name-resolution process and we use it every day (forums.cox.com = 184.106.13.9).
Although it's legit, the [malicious] authoritative DNS server will eventually point the ad to a random private IP address and if your router uses that range of addresses, every device on your network will implicitly trust the ad. The ad could then connect to other devices on your network with malicious intent or start shot-gunning known factory-default usernames and passwords at your router. Change those defaults!
Anyway, Roku is pretty good at pushing its updates; however, they may have yet to fix this vulnerability. Change the defaults on your rooter, if required...disable its UPnP, if required...and keep an eye on updates.
If you still get DoS after Roku patches their devices, you should review your logs to troubleshoot the disconnects.
