DDOS/DOS attack Peplink Soho solution?

Hey guys.

For those that would like to skip to the solution and advice I’ll divide this post into two sections. Backstory and Advice. Please skip the backstory if you want to get directly to help and advice

Backstory:
I’ve lived at my current address for about 8 years. My neighbour for the last 4. We’ve always been very polite and neighbourly. Hi and a smile. Most importantly I’ve never heard him and his wife. However, when the pandemic hit this guy lost his job and my assumption is that with our current economy things haven’t improved. During the first lockdown this guy started to drink. I’d seem him stumbling outside or clearly intoxicated. Eventually, he started crashing around his home late at night, shouting screaming etc etc. Politely I’d brought up the subject, not even in a direct way more so “I heard some strange noises” etc. He apologized profusely. But soon after, I’m talking within a few days, I started hearing something rubbing against the wall. It sounds exactly like someone rubbing their hands together. My initial thought was that the neighbour was doing painting and decorating, but this was followed by my connection dropping and reconnecting. Like someone turning a light switch on and off. My initial response was new LAN cables and a “new” router from my ISP. But this bought me a few days and this disconnect followed by an immediate reconnect resumed. The evidence that I this drop and reconnect was actually intentional came from my neighbours wife. He being drunk and his wife had a blow up where she specifically said “$*&%ing around with the neighbours internet.” His drunken response was along the lines of “Who does he think he is.” Just riddled with more expletives. None of which he said when we spoke face to face.

I took this info to my ISP and they identified the drops but said they don’t have the capabilities to stop it and that I would d need to ID the source ETC ETC. Long story short they can’t do much without certain criteria being met beforehand. I plan to get this too them but obviously my first priority is stopping this attack.

Advice:
My ISP suggested that I can put my router into router mode and use an external router. My research initially took me to VPN routers but eventually led me here. To be honest, router security beyond a long password that I change periodically, isn’t something I am familliar with. However I am eager to learn. My hope is that using a router which is more secure is my first step and that Surf Soho/peplink community can assist. I had no idea that routers were this vulnerable.

Please help.

Anybody?

Advice is desperately needed here. Please help.

Perhaps you can clarify some things, so you are able to confirm how the neighbor is causing the dropouts.

  • Can the neighbor physically access your internet? Do you share a wall with your neighbor? I.e., Apt/Condo/Duplex? Or is the neighbor trespassing on to your property? Can the neighbor unplug your cabling? FYI, I personally moved the termination points into my garage for cable and telephone (DSL) so everything was buried outside (paranoia).

  • What do the Peplink logs show at the time you are having problems? Does it show a disconnect and reconnect on your WAN? Or anything else?

  • I don’t personally know if the Surf Soho tells you whether or not there is a DDOS attack, but perhaps others can comment. However, the neighbor would have to have your IP address for this to happen. You probably have a dynamically assigned IP address from your provider, which can be changed. Sometimes just turning off your modem for hours will do it. In any case, you can probably call up your provider and ask them to change it.

  • What happens when you disable Wi-Fi and just use hardwiring during one of these incidents? There are various ways that Wi-Fi can be attacked (even just turning on equipment like wireless phones or microwaves). Your first step is to change your SSID’s password to something very hard to crack over the airwaves which would be lengthy and random (crack programs often need only minutes, maybe hours for cracking). You can also look at the devices logged into the Surf Soho Wi-Fi and make sure all of them are yours.

In any case, once you figure out whether something physical is happening, whether DDOS is happening, and whether your Wi-Fi is being attacked somehow, people on this forum will be able to further assist.

Hey Mark 9

I have been checking the forum hourly for the last 3 days so firstly, I’d like to say thank you for taking the time to respond here.

  • The person doing the attack has no access to my property and or the cable box. I live in the UK and we do share a wall but other than that the cable are all managed externally.
  • I don’t own a pepwave/surf soho. The internet brought me here because peplink routers are said to be secure.
  • I don’t use wifi when gaming. I use lan only. This is what the attack looks like in real time.

https://imgur.com/AwabF8c/embed?ref=https%3A%2F

I get knocked offline and back on again. The above is an offscreen recording. I can’t “physically” disconnect and reconnect the lan cable at that speed, I only capture one instance in the vid but it happens repeatedly. Multiple times per minute and sometimes multiple times within 10 seconds. The only avenue I have identified as a fix, and as recommended by my isp, is to put my ISP router into “modem mode” and use an external/third party router.

Again I appreciate you taking the time to reply.

It’s possible you have a faulty ethernet cable–have you tried replacing the one you’re using?

1 Like

You should try running ping constantly during your gaming session from your gaming pc. Presuming you have Windows, bring up the cmd window and issue “ping google.com -n 1000”. Or maybe 10000. When the problem occurs, do pings get longer or get dropped?

If you have problems with pings getting slow or getting dropped, you might want to try starting a ping session on another PC at the same time to see if the results mirror the pings on the gaming pc. And it may be worth disabling WiFi on the router during your gaming session just to make sure that nothing is happening with via WiFi which you aren’t aware of (your neighbor). In the router, you should have a single option to disable WiFi, or options to disable it separately for 2.4Ghz WiFi and for 5Ghz Wifi.

If the pings don’t show slow downs or drops, then you may have to consider other options than the network. For instance, is something in your PC affecting your gaming? Or ??

I think you need to take a deep breathe and walk away from your computer. Your neighbor is likely not doing anything. Get local tech support assistance from someone local to you. Good luck.

1 Like

Hello Mystery
I’m new here and not quite sure how to quote just yet. I appreciate the response and I get the scepticism. But I’m not here to challenge your deductions and point of view. In truth, I’m hoping to join the community you’re a part of by purchasing a peplink router. My main concern is having someone guide me through the devices and how to best enhance my router security with this brand and router. Respectfully.

Hey again Mark. Thanks again for your input here. I game via console and the attacks happen specifically on that device. I/We switched to a VPN subscription after our neighbours wife called him out for messing with our “the neighbours” internet. And while that might protect my traffic the idea that someone is messing with it is why I’m looking here for enhanced security.

Hi rmrcu10
It took me a while to get my ISP to recognize what was going on. They pretty much read a script and refer to guided/pre set responses when you complain of a fault. The sent me a new router and new cables (in addition, I also purchased new lan cables myself) which bought me a few days of being dos/drop free but then it started again relentlessly. I have been with the same ISP for well over a decade across a number of addresses and what you see in the link is totally against the norm. Due to the leagalise here, they can’t act unless legal action is initiated. So putting my router into router mode and using an external and more secure router is my first port of call.

If you want a peplink then contact your LOCAL peplink reseller is my advice. A peplink router is unlikely to solve the issues that you are facing in of itself.

1 Like

That’s disappointing.

I’ve read from numerous sources that pepwave surf soho/balance offer decent security. While I don’t think that one device can stop what’s happening, considering my ISP router is as vulnerable as it is. I was hoping that a pepwave purchase coupled with this community could walk me through/help me configure the security option and as a result enhance it.

For example, my ISP router doesn’t offer the option to hide or change my ip. Soho does. Or so I’ve been told.

Changing your IP (I assume you mean by using fusioncloud) is not any protection in itself. An IP is an IP.

The key is having a firewall/router that allows you to do two key things:

  1. block everything, then allow only what needs to be open to specific internal devices. I cannot stress how important this philosophy is. We manage over 2,000 pepwave routers at client businesses and have NEVER had a breech. (and yes, I know that statement invites the universe to say “hold my beer while I teach this guy a lesson”).
  2. have decent general security protecting ITSELF…
    A soho can do that, as can many other low cost routers. One advantage to any peplink router is the cloud management. If you are away and realize “hmm. I cannot access my security camera system at home” you can securely access the management of the peplink router, adjust rules to allow the access you need. With many other routers you need to be inside the network to manage it.

this might give a few ideas

appropriately titled too

Hi Stego and Jmpfas. I appreciate you taking the time to respond here.

The link you’ve provided is one source that led me here. I’ve never considered buying a third party device because I didn’t realize how flawed the standard router provided by my isp, until it was too late.

Which of the devices has the better security built in. Soho or Balance?

The firmware on both with regards to core security is the same. They defer in feature sets and capabilities

If your neighbor is a hacker and is purposefully jamming or interfering with your WIFI there isn’t much you can do other than turning off wifi and hard wiring everything.

In general, following the router security guidelines on the site I linked above will greatly improve your security posture, unless you’re unfortunate enough to live next door to a above average hacker

Hello Hazey,

The truth is out there somewhere. To reveal hidden secrets of unstable internet connection you need to take the following steps:

  1. Download free network monitoring program: www.pingplotter.com
  2. Run the program, target www.google.com
  3. Program will start tracing the route from your computer to google
  4. Once your internet connection drops it will be visible on program graphs
  5. Upload screenshot of the results here and we will assist you on interpreting it

Regards,
Laurynas

1 Like

Currently the Soho or Balance have the same security; they are running the same firmware version. However, my understanding is that the Soho is reaching End of Life and won’t be part of new major releases, just fixes to current versions.

Additionally the Soho only supports 130Mbps if my memory servers. So look to the Balance 20X if you want to purchase a Peplink product.

If I were in your shoes, I would want to figure out what exactly is happening before I bought anything. That is why you are getting advice from various people to try different things, particularly pings for example.

And I wouldn’t run gaming through a VPN. It is just going to slow down your response time. The only exception is when your ISP is dropping packets since unless there is a minor miracle that the WAN routing though the VPN server to the gaming site is somehow shorter and fewer hops, which is quite unlikely. In the case of dropped packets, Peplink’s SpeedFusion can use Forward Error Correction to recover low levels of packets lost by your ISP without triggering timeouts and TCP/IP retransmissions which really slows response time down dramatically. The only commercial VPN that I am aware of with FEC is Speedify.

Oh, and if you do pings from your gaming computer (please do), don’t use a VPN. You want to see what the ISP ping results are. You don’t want the pings going through the VPN tunnel. I really like pingplotter. It will show you dropped packets and where slowness occurs during the hops along the way. I would advise you to not only target google.com, but your gaming site IP address.

Hey guys.

I really appreciate the advice here. My apologies as it’s been some time since I’ve been able to post due to well… Life. The “attack” persists and I have downloaded the free pings application. In truth, I don’t know what I am looking at because I have never seen net traffic broken down this way.

I added my internet address and it came back with 16 HOPs and in short I don’t know what I’m looking at but I’m certain with your guidance I’ll at the very least be able to force my ISP to take action.

I really appreciate you guys. I recognize that “An attack on my internet seems” seems like a strange opening gambit but with your assistance I’m willing to take the steps to verify what exactly is happening and more importantly, how.

Great to see you tackling this and taking advantage of what I believe is an awesome Peplink community who will be glad to lend their experience interpreting your PingPlotter results.

“Data sharing is built into PingPlotter. You can post a screenshot and data file to share.pingplotter.com — from there you can share the link and whoever receives it can see your screenshot and download the file for further inspection.”
Getting Help with PingPlotter Results

It will also be interesting to have you conduct a “ping google.com” command when you are not using your VPN and when you are using the VPN. As suggested previously, use of the VPN is probably slowing down your gaming, and might even be the cause of some of your issues. FYI, a VPN won’t protect you against whatever is causing your slowdown (except if you are experiencing dropped packets and use a VPN with Forward Error Correction). VPN’s can protect you from people seeing your packets and inspecting them, but that isn’t what is causing your slowdown. And it is possible your packets are already encrypted with HTTPS, so are protected against prying eyes.

I have a question about surf soho and balance: Does it have an option to turn off wifi broadcast and just use the LAN connections?

Thanks.

@Hazey_J : Yes, certainly.