Serious Internet Speed Issues

[fieryaleeco]

Hello,

 

About 3-4 days ago, my internet speeds dropped significantly. Normally I get around 600KB/s down, and 100KB/s up. Don't laugh. At the moment though, I am suffering from constant internet drop outs and nothing more than 50KB/s up or down. I've called my ISP multiple times and nothing they have been able to do has helped at all. We have found some static on the phone line so it very well may be that some part of the line is broken. I have someone from Telstra (who own basically all the comms infrastructure in Australia) coming to check out the issue. If the problem is within my premises, (ADSL filter/incorrect setup etc.) then I'll get charged for the callout fee. If it is outside, they fix it and wear the costs.

 

Yesterday, I was going through my Netgear DGN2200's log and found a bunch of what the modem thinks are Denial of Service attacks. I have looked on a few other threads in different places, and the general consensus is that Netgear's software is a bit overprotective. Even so, the fact that my internet speed is being destroyed at the same time as I am receiving hundreds of DoS warnings can't be a coincidence. Some of the IP addresses I have looked up belong to two separate Chinese Mobile Companies, Facebook, Yahoo, Microsoft, an internet provider in NZ, and Apple, among others. A large amount of the times in the log are either when everyone is asleep, or out (work/school etc.)

 

My question is whether these possible "DoS" attacks could be the cause of my woes. If it turns out they are the problem, I need to work out why I started getting them 4 days ago, and how to stop receiving these random requests.

 

What are people's thoughts on this, and does anyone have any possible explanations/fixes for this situation?

 

Modem Log:

https://pastebin.com/0vdE1D3w

DGN2200 Log.txt

[lcasdev]

I really don't have experience with modems at all, but the pings going over the connection is probably phones sending pings to servers or messaging apps like facebook or so. 

[beersykins]

That's kind of odd it looks like the return traffic from a remote web service.  The 'source' being TCP 443 would be sites you browsed against in most situations.

 

I assume the router believes the session already terminated yet the host web server is likely sending RST/ACK or similar to close the connection or respond with additional data.  Since the router closed the session prematurely it looks like an 'attack' since the packet isn't related to an existing session.

 

Any firmware updates or similar lately?  I'd try factory resetting it if you're familiar how to put in the DSL credentials in the admin page, or swap out devices.