RT-AC68R Asus router drops/slows network connection multiple times per day (with logs)

ballgum · Oct 12, 2021

So, I'm trying to nail down this annoying problem i've been having with my router. Lately, it's been dropping wifi to all devices attached. In troubleshooting, I checked my ethernet connected computer and ran some tests on it during the problem and this is what came up. I thought it might just be wifi, but when it happens, my ethernet pc also start slowing/losing connection. When it happens, it usually occurs for about 5min or so. Then it comes back up like nothing occurred.

I apologize if this is the wrong way to post this! Is this ok, or its better if I use a service like pastebin?

I am on the firmware (i believe its the latest): 3.0.0.4.386_43129-g60defb2

RT-AC68R syslog taken right after the router login page came back up online (done from wired ethernet system):

Code:

Oct 11 22:12:24 kernel: DROP IN=vlan2 OUT= MAC=e0:3f:49:29:74:f8:00:01:5c:77:46:46:08:00:45:00:00:28 SRC=137.184.112.247 DST=
LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39317 PROTO=TCP SPT=32766 DPT=7400 SEQ=104951496 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Oct 11 22:12:24 kernel: DROP IN=vlan2 OUT= MAC=e0:3f:49:29:74:f8:00:01:5c:77:46:46:08:00:45:00:00:28 SRC=137.184.112.247 DST=
 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54212 PROTO=TCP SPT=32766 DPT=60091 SEQ=3854684874 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Oct 11 22:12:48 syslog: wlceventd_proc_event(527): eth1: Auth 6C:88:14:BF:17:3C, status: Successful (0), rssi:0
Oct 11 22:12:48 syslog: wlceventd_proc_event(527): eth1: Auth 6C:88:14:BF:17:3C, status: Successful (0), rssi:0
Oct 11 22:12:48 syslog: wlceventd_proc_event(527): eth1: Auth 6C:88:14:BF:17:3C, status: Successful (0), rssi:0
Oct 11 22:12:59 syslog: wlceventd_proc_event(527): eth1: Auth 6C:88:14:BF:17:3C, status: Successful (0), rssi:0
Oct 11 22:12:59 syslog: wlceventd_proc_event(527): eth1: Auth 6C:88:14:BF:17:3C, status: Successful (0), rssi:0
Oct 11 22:12:59 syslog: wlceventd_proc_event(527): eth1: Auth 6C:88:14:BF:17:3C, status: Successful (0), rssi:0
Oct 11 22:13:11 syslog: wlceventd_proc_event(527): eth1: Auth 6C:88:14:BF:17:3C, status: Successful (0), rssi:0
Oct 11 22:13:11 syslog: wlceventd_proc_event(527): eth1: Auth 6C:88:14:BF:17:3C, status: Successful (0), rssi:0
Oct 11 22:13:11 syslog: wlceventd_proc_event(527): eth1: Auth 6C:88:14:BF:17:3C, status: Successful (0), rssi:0
Oct 11 22:13:26 syslog: wlceventd_proc_event(527): eth1: Auth 6C:88:14:BF:17:3C, status: Successful (0), rssi:0
Oct 11 22:13:26 syslog: wlceventd_proc_event(527): eth1: Auth 6C:88:14:BF:17:3C, status: Successful (0), rssi:0
Oct 11 22:13:26 syslog: wlceventd_proc_event(527): eth1: Auth 6C:88:14:BF:17:3C, status: Successful (0), rssi:0
Oct 11 22:13:38 syslog: wlceventd_proc_event(527): eth1: Auth 6C:88:14:BF:17:3C, status: Successful (0), rssi:0
Oct 11 22:13:38 syslog: wlceventd_proc_event(527): eth1: Auth 6C:88:14:BF:17:3C, status: Successful (0), rssi:0
Oct 11 22:13:38 syslog: wlceventd_proc_event(527): eth1: Auth 6C:88:14:BF:17:3C, status: Successful (0), rssi:0
Oct 11 22:13:52 syslog: wlceventd_proc_event(527): eth1: Auth 6C:88:14:BF:17:3C, status: Successful (0), rssi:-72
Oct 11 22:13:52 syslog: wlceventd_proc_event(556): eth1: Assoc 6C:88:14:BF:17:3C, status: Successful (0), rssi:-72
Oct 11 22:13:55 syslog: wlceventd_proc_event(527): eth1: Auth 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:13:55 syslog: wlceventd_proc_event(527): eth1: Auth 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:13:55 syslog: wlceventd_proc_event(556): eth1: Assoc 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:13:55 syslog: wlceventd_proc_event(527): eth1: Auth 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:13:55 syslog: wlceventd_proc_event(527): eth1: Auth 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:13:55 syslog: wlceventd_proc_event(527): eth1: Auth 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:13:55 syslog: wlceventd_proc_event(527): eth1: Auth 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:13:56 syslog: wlceventd_proc_event(556): eth1: Assoc 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:13:57 syslog: wlceventd_proc_event(527): eth1: Auth 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:14:00 syslog: wlceventd_proc_event(527): eth1: Auth 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:14:00 syslog: wlceventd_proc_event(527): eth1: Auth 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:14:00 syslog: wlceventd_proc_event(527): eth1: Auth 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:14:00 syslog: wlceventd_proc_event(527): eth1: Auth 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:14:03 syslog: wlceventd_proc_event(556): eth1: Assoc 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:14:03 syslog: wlceventd_proc_event(527): eth1: Auth 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:14:03 syslog: wlceventd_proc_event(527): eth1: Auth 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:14:03 syslog: wlceventd_proc_event(527): eth1: Auth 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:14:03 syslog: wlceventd_proc_event(491): eth1: Deauth_ind 6C:88:14:BF:17:3C, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3), rssi:0
Oct 11 22:14:07 syslog: wlceventd_proc_event(527): eth1: Auth 1C:99:4C:55:D4:9D, status: Successful (0), rssi:-42
Oct 11 22:14:07 syslog: wlceventd_proc_event(556): eth1: Assoc 1C:99:4C:55:D4:9D, status: Successful (0), rssi:-42
Oct 11 22:14:17 syslog: wlceventd_proc_event(491): eth1: Deauth_ind 1C:99:4C:55:D4:9D, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3), rssi:-39
Oct 11 22:18:03 syslog: wlceventd_proc_event(527): eth1: Auth 1C:99:4C:55:D4:9D, status: Successful (0), rssi:0
Oct 11 22:18:05 syslog: wlceventd_proc_event(556): eth1: Assoc 1C:99:4C:55:D4:9D, status: Successful (0), rssi:-49
Oct 11 22:18:13 kernel: DROP IN=vlan2 OUT= MAC=e0:3f:49:29:74:f8:00:01:5c:77:46:46:08:00:45:00:00:28 SRC=137.184.112.247 DST=
 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12351 PROTO=TCP SPT=32766 DPT=15340 SEQ=3350388838 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Oct 11 22:18:13 kernel: DROP IN=vlan2 OUT= MAC=e0:3f:49:29:74:f8:00:01:5c:77:46:46:08:00:45:00:00:28 SRC=137.184.112.247 DST=
LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=11506 PROTO=TCP SPT=32766 DPT=16242 SEQ=1816066101 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Oct 11 22:18:13 kernel: DROP IN=vlan2 OUT= MAC=e0:3f:49:29:74:f8:00:01:5c:77:46:46:08:00:45:00:00:28 SRC=137.184.112.247 DST=
LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=27591 PROTO=TCP SPT=32766 DPT=28341 SEQ=456519367 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0

Ping tests I ran to router during the problem which shows a huge slow down during the problem (done on wired ethernet system):

https://pastebin.com/X1pUtpxg

Tracepath tests I ran to web during the problem which shows a huge slow down during the problem (done on wired ethernet system):

Code:

$ tracepath yahoo.com
 1?: [LOCALHOST]                      pmtu 1500
 1:  _gateway                                              0.369ms
 1:  _gateway                                              2.861ms
 2:  142-254-130-177.inf.spectrum.com                    1426.535ms
 2:  142-254-130-177.inf.spectrum.com                    7479.282ms
 3:  no reply
 4:  agg20.plantxmp02r.texas.rr.com                      2967.852ms
 4:  agg20.plantxmp02r.texas.rr.com                      4809.644ms
 4:  agg20.plantxmp02r.texas.rr.com                      8040.456ms
 5:  agg27.dllbtxlb02r.texas.rr.com                      1430.388ms
 5:  agg27.dllbtxlb02r.texas.rr.com                      1865.355ms
 6:  agg21.hstqtxl301r.texas.rr.com                      1413.913ms
 6:  agg21.hstqtxl301r.texas.rr.com                      3242.502ms
 7:  66.109.9.88                                         1429.974ms
 7:  66.109.9.88                                         1879.719ms
 8:  no reply
 8:  107.14.19.49                                        3228.773ms asymm  9
 8:  bu-ether12.dllstx976iw-bcr00.tbone.rr.com           7054.902ms asymm  9
 8:  bu-ether12.dllstx976iw-bcr00.tbone.rr.com           6497.444ms asymm  9
 9:  209-18-43-77.dfw10.tbone.rr.com                     6907.561ms
 9:  209-18-43-77.dfw10.tbone.rr.com                     11580.669ms
10:  unknown.yahoo.com                                   2863.883ms asymm  9
10:  xe-0-0-23.pat1.dax.yahoo.com                        7555.663ms asymm  9
10:  unknown.yahoo.com                                   7991.147ms asymm  9
11:  ae-5.pat1.che.yahoo.com                             2855.248ms
11:  ae-5.pat1.che.yahoo.com                             8903.732ms
11:  ae-5.pat2.che.yahoo.com                             9327.873ms
$

Any thoughts ideas as to why this might be happening?

It was suggested maybe it needs cleaning and the CPU is spiking? Is there a best way to clean it or take it apart?

I was thinking if there's a way to log the CPU activity , but I don't see that? I do have ssh access on the router, but don't see crontab?

Thank you

ballgum · Oct 16, 2021

Is this the best forum for this post? Or is there a better/more crowded forum that would be better for it? I don't think my problem is wireless only, it appears to effect wired as well. Thanks

ballgum · Oct 16, 2021

It just happened again... Is it possible i'm getting hit by some kind of DOS attack or some accidental rogue application?

When the problem occurs, I keep seeing this same identical IP and hundreds/thousands of the same log every second in my router syslog. Here is the complete log:

https://pastebin.com/rZtkJ26w

Sample log:

Code:

Oct 16 13:21:19 kernel: DROP IN=vlan2 OUT= MAC=e0:3f:49:29:74:f8:00:01:5c:77:46:46:08:00:45:00:00:28 SRC=137.184.112.241 DST=<my_ip_address> LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36711 PROTO=TCP SPT=32766 DPT=56371 SEQ=3547314401 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Oct 16 13:21:19 kernel: DROP IN=vlan2 OUT= MAC=e0:3f:49:29:74:f8:00:01:5c:77:46:46:08:00:45:00:00:28 SRC=137.184.112.241 DST=<my_ip_address> LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26650 PROTO=TCP SPT=32766 DPT=63036 SEQ=2041476499 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 16 13:21:19 kernel: DROP IN=vlan2 OUT= MAC=e0:3f:49:29:74:f8:00:01:5c:77:46:46:08:00:45:00:00:28 SRC=137.184.112.241 DST=<my_ip_address> LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57785 PROTO=TCP SPT=32766 DPT=58123 SEQ=2086004999 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 16 13:21:19 kernel: DROP IN=vlan2 OUT= MAC=e0:3f:49:29:74:f8:00:01:5c:77:46:46:08:00:45:00:00:28 SRC=137.184.112.241 DST=<my_ip_address> LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10113 PROTO=TCP SPT=32766 DPT=61030 SEQ=2026316370 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0

But it's all the same IP address from "digitalocean.com": 137.184.112.241

Thread starter	Title	Forum	Replies	Date
M	Asus RT-AC68U	ASUS AC Routers & Adapters (Wi-Fi 5)	4	Today at 12:46 AM
P	Asus 4g ac68u no wifi and lan detection	ASUS AC Routers & Adapters (Wi-Fi 5)	0	Apr 2, 2024
A	ASUS RT-AC86U	ASUS AC Routers & Adapters (Wi-Fi 5)	0	Mar 28, 2024
	Android Devices Won't Connect to ASUS RT-AC5300 5GHz Band	ASUS AC Routers & Adapters (Wi-Fi 5)	3	Mar 20, 2024
	Asus RT-AC56U Android Client gives: Error message: X509:parse_perm:error in cert::error:0480006C:PEM routines::no start	ASUS AC Routers & Adapters (Wi-Fi 5)	0	Mar 4, 2024
D	Asus DSL-AC68U can someone check my line stats	ASUS AC Routers & Adapters (Wi-Fi 5)	0	Mar 4, 2024
S	Asus gt ax1100	ASUS AC Routers & Adapters (Wi-Fi 5)	11	Feb 8, 2024
V	router asus rt-ac86u LIMIT	ASUS AC Routers & Adapters (Wi-Fi 5)	11	Jan 28, 2024
H	Asus RT- AC88U strange log	ASUS AC Routers & Adapters (Wi-Fi 5)	9	Jan 24, 2024
G	Asus AI Cloud	ASUS AC Routers & Adapters (Wi-Fi 5)	7	Jan 15, 2024

Search

Search

RT-AC68R Asus router drops/slows network connection multiple times per day (with logs)

ballgum

New Around Here

ballgum

New Around Here

ballgum

New Around Here

Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Members online