Weird issues, botnet, signs of insanity?

[Admiral Naismith]

Hopefully this is the right sub.

 

RT-N66U router, latest firmware from what I can tell (3.0.0.380_3831)

Devices connected: several iphones, computers, a printer, a WD NAS, a 'Firestick', and a PS4. All of which are accounted for and work fine.

Typical usage is basic web browsing, streaming (YT, Amazon, etc.) usually not HD, occasional gaming. Usually 3 people doing these during the day. 

I live in a well populated region of the NE U.S.. Time Warner. Pay for ~24 down ~2 up. All using 2.4 ghz wifi with the WD NAS connected via Ethernet. This is the only device connected via ethernet.
Using WPA2-Personal. Router reboots every 24 hours.

Here's where the issues begin. (most of these have been going on for several months now)

-First, internet will randomly drop out for a few seconds. Completely disconnected from the internet (not from the router). Speeds fluctuate regardless of usage/time of day. Nothing in the router's logs that correlate to the times this happens. I do not think this is an issue with wifi in terms of signal strength. None of this was not happening a year ago (i.e. good reliable internet).

edit- I would like to add this happens seemingly randomly several times throughout the day. Sometimes back-to-back, sometimes a few hours in between.

-If I go to check connected devices, a couple pf devices like "Texas Instruments" (with android figure) will be there, but quickly disappear after 3 seconds. They never reappear until I close and check the router a while later. No clue what these devices could be or why they 'disappear'. These change name every few months. These devices do not correspond to anything I am aware of. Often times these devices will show up as connected via ethernet (again, only the NAS is).

-The WD NAS was connecting to the internet for no known reason I know of. I used IP lookups to find out where it was connecting. WD, some amazon related IPs, and one time an IP related to a multi-national company that deals with aviation logistics located in central EU. I don't even have the slightest clue about this one.
After this, I prevented the 'WD Cloud' from connecting to the internet using parental controls. Couldn't figure out how to do it any other way. From what I can tell it's behaving normally now.

-ISP has sent emails a week or so ago saying there is possible botnet activity. Internet usage has not changed nor has anyone made any suspicious downloads. All computers have had scans with the latest version of malware bytes.

I've changed both the router's pass and the wifi pass. Both are solid passwords. Had no effect on any of these issues.

I can't be sure, but I swear speedtest isn't accurate. When no-one is using the internet here and during non-peak times, my speeds are very inconsistent, sometimes crawl (ex. having trouble streaming at 460p, very annoying to play twitch shooters with latency that fluctuates heavily from 35-60ms even in servers hosted in my own city), but speed test will always show a consistent <20ms ~22down ~1.7up. Ping tests to any website like google will be an easy 40ms+ on a good day. Based off of download speeds and things like net_graph, I'd say I'm actually getting 9Mbps down and 1 Mbps up, not the speeds speedtest claims.

Ping tests to google I just ran with router:
145ms
39ms
42ms
91ms
42ms
Speed with speedtest? 16ms with 22 down 1.8 up

 

Ping tests to facebook:

331ms

361ms

320ms

329ms

310ms

 

Ping tests to Youtube:

54ms

212ms

52ms

48ms

271ms

Speed test says 11ms.

This sh*t happens on all computers I tested with. It's a conspiracy man...

I don't really know what's going on and would like some ideas about what to do with any of this. Maybe it's all normal stuff and I'm going crazy...

As is probably painfully clear, I don't know much about networking. If I'm missing relevant info I'll correct that asap.

 

 

 

 

[Verrierr]

WPA2 is apparently quite crackable if someone puts some effort into it so switching to MAC as a security measure is the first thing that comes to my mind.

[FliesLikeABrick]

Start by switching your WPA2 password and see if the issue goes away for at least a day or two.  Choose a sufficiently strong new passphrase.

 

WPA2 is only known to be crackable if you have a weak password or use TKIP instead of AES.  

 

If you think the issue is on your network connection to your ISP, or something in your house - do troubleshooting like pings by pinging the default gateway of your ISP (that your router is using), rather than random sites.  So many sites are served from many datacenters/locations.  This, coupled with not knowing (or caring) where you are located, means your ping times to them will vary too much for that to be helpful troubleshooting info.

 

Set up a continuous ping to the default gateway that your router is using, it should show up in a status page.  Look to see if that breaks when the Internet "breaks".  Also install winMTR (or mtr if you're on linux/mac/bsd).  That will provide a continuous ping and traceroute, which helps show where damage is occcurring.

 

I recommend watching this talk on how to use/read traceroute/mtr correctly, 99% of people (even many network engineers) get it wrong:

 

If the ping time or packet loss to your router's default gateway (your ISP's first device that your router is sending traffic to) doesn't change, but your ping time/latency to other destinations does -- that can be an indicator that it is a problem on your ISP's side.  If the ping times to your router or your ISP change too, that helps indicate that it is a problem on your network or between you and your ISP, respectively.  Note that if you max out your Internet connection, that usually will cause higher latency to anything beyond your router.

 

I really do encourage anyone reading this to learn how to use ping/traceroute/mtr/winmtr correctly - it can help shed a good amount of light on how the Internet works, why intermediate routers in traceroutes don't respond or respond slow, what this means (or more importantly, what it doesn't mean), etc.