Recent content by ScottW

  1. S

    A device with multiple clients?

    Several threads about this... Nobody knows the exact answer, but I can tell you that the message is misleading. What it really means is "This device's MAC address has been associated with more than one IP address." For example, it can be forced to happen by (1) Letting a device get an IP...
  2. S

    [Release] Skynet - Router Firewall & Security Enhancements

    Not sure you noticed, and didn't see anyone else mention in replies.... Skynet has a cron job that removes all those "blocked" notices every hour, replacing them with a single line. So at most, there is "one hour's worth" of those messages at any given time, and they get cleaned out of syslog...
  3. S

    [Release] Skynet - Router Firewall & Security Enhancements

    At least for me (in US, using Comcast DNS), global.chinadaily.com.cn resolves to 153.185.145.162. That IP is hosted in the US, according to iplocation.net info.
  4. S

    2 clients are connecting to RT-AC87U through this device

    I've had it persist through reboots, too (I commented on that earlier somewhere in this thread). When looking for the cause on a specific MAC, I did find the two IP's -- the current active one, and the originally assigned one -- recorded in a file, "/jffs/nc/nt_center.db". Not sure if that is...
  5. S

    2 clients are connecting to RT-AC87U through this device

    I've seen it persist long beyond my 24 hour dhcp lease time (i.e., it has shown up for days). And the "old" lease isn't displayed in the router's DHCP lease list. But it is certainly plausible -- and this could even differ between firmware versions I suppose -- that part of the cause is...
  6. S

    Renaming Device doesn't save?

    I can't duplicate this, but my first guess would be a browser scripting problem. What browser are you using? Check the browser console for errors, or try a different browser?
  7. S

    WAN ATTACKS ?

    As mentioned earlier, using a non-standard port will greatly reduce the "noise" as the bulk of attacks will come at 22. It may be days or even weeks between "hits" at an alternate port, but the ones that do find it will be the "most dedicated" at breaking through. If you're using a complex...
  8. S

    WAN ATTACKS ?

    With "Allow SSH access from WAN" set to NO, it doesn't matter what the port number is.... The port simply isn't exposed to the WAN, and packets to that port are dropped. If you revert that setting to YES again, then using a port other than 22 will greatly reduce -- but not eliminate -- the...
  9. S

    WAN ATTACKS ?

    That should do it. Different firmware versions refer to it differently (i.e., Mine calls it "Enable SSH" and gives NO, LAN, and LAN+WAN options). If yours calls it "Allow SSH access from WAN", then setting that to NO should block any access from WAN and eliminate the messages.
  10. S

    WAN ATTACKS ?

    Those messages (dropbear) are from SSH login attempts, not Web access attempts. So the "Enable Web Access from WAN" setting mentioned above will NOT affect them (though I definitely concur that Web Access from WAN should be disabled). Under Administration, System, look for the "Enable SSH"...
  11. S

    Trouble shooting to rule out router

    Yes, part of the call center "script" -- designed to confuse the customer by pointing fingers everywhere except the ISP themselves. :-)
  12. S

    Trouble shooting to rule out router

    If DS power is >15, there is a plant/amp WAY out of adjustment and signal is likely distorted, and that's leading to the T3's (your modem probably isn't understanding the cmts responses because they are over-amplified and distorted). Your ISP is the only one that can fix it! Adding an...
  13. S

    Trouble shooting to rule out router

    Coincidence. The router has no control over signal levels or negotiation with the CMTS.
  14. S

    Trouble shooting to rule out router

    T3 timeouts are entirely related to negotiation between the modem and the CMTS. They cannot be caused by a separate router downstream from the modem. Usually they're the result of bad signal levels or interference (signal loss or noise injection), or very rarely a bad modem. On-site (your...
  15. S

    Diversion - the Router Ad-Blocker

    That bypasses the browser's own cache. But I don't think it bypasses the OS cache? On windows, I usually run "ipconfig /flushdns" at command prompt to get rid of the OS's dns resolver cache. ** EDIT ** Ok, searched but couldn't find a definitive answer on this so I did some tests. This is on...
Top