Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

ndubyat

macrumors newbie
Original poster
Jan 28, 2012
5
0
I've identified that my wife's iPhone 6s swaps between two IP addresses on our home network (Router: Netgear C3000, ISP: Comcast). All IP addresses connected to my router show that they start with "192...", but this alternative IP it connects with is "130..." and it matches the source IP causing the DoS attacks in my router log. I've confirmed on her iPhone that the Wifi MAC Address always stays the same. She has an Apple watch connected to her iPhone as well, but this problem had occurred prior to that being around.

This issue appears to be the source of our internet dropping out almost daily lately. Any advice on how to resolve this issue?
 

daflake

macrumors 6502a
Apr 8, 2008
920
4,329
I've identified that my wife's iPhone 6s swaps between two IP addresses on our home network (Router: Netgear C3000, ISP: Comcast). All IP addresses connected to my router show that they start with "192...", but this alternative IP it connects with is "130..." and it matches the source IP causing the DoS attacks in my router log. I've confirmed on her iPhone that the Wifi MAC Address always stays the same. She has an Apple watch connected to her iPhone as well, but this problem had occurred prior to that being around.

This issue appears to be the source of our internet dropping out almost daily lately. Any advice on how to resolve this issue?


Have you tried resetting the network settings on the phone? I would start there, it sounds like something is hung up.
 

jetsam

macrumors 6502a
Jul 28, 2015
984
775
I've identified that my wife's iPhone 6s swaps between two IP addresses on our home network (Router: Netgear C3000, ISP: Comcast). All IP addresses connected to my router show that they start with "192...", but this alternative IP it connects with is "130..." and it matches the source IP causing the DoS attacks in my router log. I've confirmed on her iPhone that the Wifi MAC Address always stays the same. She has an Apple watch connected to her iPhone as well, but this problem had occurred prior to that being around.

This issue appears to be the source of our internet dropping out almost daily lately. Any advice on how to resolve this issue?
Am I misunderstanding? You're saying your wife's iPhone 6S gets a 130.x.x.x IP address, and that very same IP address has launched a DoS attack on you? Have you done a traceroute on that 130.x.x.x address?
 

ndubyat

macrumors newbie
Original poster
Jan 28, 2012
5
0
Am I misunderstanding? You're saying your wife's iPhone 6S gets a 130.x.x.x IP address, and that very same IP address has launched a DoS attack on you? Have you done a traceroute on that 130.x.x.x address?

I have reset the network settings on the iPhone this AM, watching the logs to see if that rogue IP shows again. Hopefully this solves it!

To clarify, the 130.x.x.x, when shown in the list of attached devices, is the iPhone I know from it's MAC. I've seen this same iPhone's MAC with a 192.x.x.x IP address as well though. It's the only device that seems to change IP addresses like this. I'm learning more about network lingo just from investigating this issue and I have searched all of the IPs involved, but I'm not totally sure what to interpret from it.
 

ndubyat

macrumors newbie
Original poster
Jan 28, 2012
5
0
Is your network secured with a WPA2-PSK [AES] password?

Yes, absolutely.

So since this AM I noticed my iPhone MAC associated to the 130.x.x.x IP now as well. After a little app tinkering, it actually appears the DoS logs start when the Snapchat app is used from either phone.

Should there be a way for me to specifically target block the IP address and not the MAC address?
 

jetsam

macrumors 6502a
Jul 28, 2015
984
775
Your router shouldn't be able to hand out addresses in the 130.x.x.x range, as those are routable. Could the 130.x.x.x addresses actually be destinations? Have you done a traceroute to see who owns the address?
 

ndubyat

macrumors newbie
Original poster
Jan 28, 2012
5
0
Your router shouldn't be able to hand out addresses in the 130.x.x.x range, as those are routable. Could the 130.x.x.x addresses actually be destinations? Have you done a traceroute to see who owns the address?

I'm not sure how to run the traceroute in diagnostics correctly, but I have searched for the IP on various searchers online. The location is shown with an ISP as AT&T which is definitely odd - both of our iPhones are on Verizon. The 130.x.x.x is always shown as the source, with a port of 0 for the DoS attack. The targets vary by a few different IPs, but those appear to be located elsewhere around the world.

I did find a setting on my router that had "Disable Port Scan and DoS Protection" checked, and I have since unchecked, but I am seeing the DoS attacks still in the log. No internet drop outs today yet *knock on wood*.

Thoughts?
 

jetsam

macrumors 6502a
Jul 28, 2015
984
775
Thoughts?
I'm pretty sure this is not a problem with your iPhone. It is either a problem with your router or your Comcast service.
You might get better results if you post to a Netgear or Comcast forum.
 

TonyC28

macrumors 68030
Aug 15, 2009
2,882
7,249
USA
I am experiencing a similarish issue. I'm getting DoS attacks on my wifi network and according to the Netgear genie they are coming from our iPad. On the devices list the IP address for the supposed problem device says it is our iPad however that IP address does not match what shows on the iPad. DoS attacks are coming from 65.x.... which Netgear says is the iPad but the iPad says its IP address is 192.x....

I know very little if anything at all about this stuff but I'm hoping there is a solution if this even is a problem.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.