Shop holiday gifts while you still can - Everyone gets our best deals on any smartphone!
Get superfast AT&T Fiber internet

New Member


3 Messages

Monday, June 15th, 2020 7:34 PM

Router periodically turning off every 2 hours

I just got AT&T fiber installed two days ago and have been experiencing some inconsistent router connection issues ever since I attempted an IP Passthrough from my Arris BGW210-700 to my Nighthawk R7000P router. Everything works well until the 2 hour mark comes up and the router would disconnect and connect again. I'd get a log like this every time from my Nighthawk router (this is my most recent one):


[DoS attack: FIN Scan] attack packets in last 20 sec from ip [X], Monday, Jun 15,2020 12:11:37

[DHCP IP: (X)] to MAC address X, Monday, Jun 15,2020 12:11:35

[Time synchronized with NTP server] Monday, Jun 15,2020 12:11:28

[Internet connected] IP address: X, Monday, Jun 15,2020 12:11:23

[Internet disconnected] Monday, Jun 15,2020 12:11:22


The BGW210-700 connection is always up and running - there's no issue with that. It's just my Nighthawk router that's periodically dropping the connection. 

I understand that there's no "true bridge mode" and tried researching alternative methods but to no avail (e.g. making sure there's a different subnet). I'm assuming there's a double NAT issue at play here?

Any suggestions are appreciated - Thank you!

Community Support


225.8K Messages

3 years ago

Hi @Elly3141, 


Hope you having a good day. 


Just by looking at the log you provided, we believe someone is running a port scan and crafting a DoS packet to your network. Without knowing what devices you have connected to the network and since you stated the connection on the BGW210 is up without any issues, we suggest harden your network connection by checking the Netgear configuration, there should be options for you to block the port scan.  You may find helpful information from the Netgear support site. 


I attached this link for you to verify the IP Passthrough setting from the BGW210. 


Hope this help, please let us know if you have additional questions. 




WallaceW, AT&T Community Specialist. 

ACE - Guru


9.9K Messages

3 years ago

Without seeing the full log, including the IP addresses, it's hard to tell what's happening.  Netgear is notorious for false positives in their logs and any real attack that would affect your connection requires a huge ton of these in a short period of time. 


So if you can post a longer log there might be enough info in there to make a better determination.  There's no need to blank the IPs out because one is from the "attacking" system and any other ones would be your internal IPs (like 192.168.1.whatever).  So no harm in posting those because they're not routable addresses.

Not finding what you're looking for?