0
first time poster. I'm visiting my family for a couple weeks and I'm trying to diagnose and fix a strange network problem where a specific computer appears to be causing house-wide DSL outage when it is woken each day by its user. The exact time of wake varies each day, but predictably the network goes down at the modem-ISP level when the computer wakes. Sometimes the network goes down several times during the first hour after wake (morning, PST).
We have about 18 wifi devices in total, a dedicated modem and dedicated router, no wired LAN devices, and even a direct connect through the modem and reboot of the modem does not fix the issue when it arises. After waiting 5-10 minutes, the modem, and then the router, each pick up a connection again. Both the modem and router were replaced well after the problems began, but this did not resolve the issue.
I haven't performed any packet sniffing because the connections are over wifi and I can't install stuff on the user's desktop, but my wild guess is that the Windows 10 desktop that appears to be causing this has been infected with something malicious that acts up when the computer is woken up, and the ISP automatically disconnects us to stop the observed outbound network behavior. The desktop user tells me that while the desktop has updated antivirus, the base Windows 10 OS has never been updated. Ever. facepalm
To take remedial action on the user's desktop, I will need indisputable evidence that the problem is localized to their computer (due to the personality I'm dealing with). Is there some way I can test or inspect this without mucking with their system? Or maybe I'm missing something, and it's some weird network setting or interaction between windows 10 and our DSL/wifi configuration? Anyone know of malware like this or have suggestions of things to try?
I'm generally an experienced tech and software developer on all major operating systems and standard home network configurations - feel free to geek speak. Thanks!
PS I have an R8000 netgear coming that will run Tomato. But I doubt this will fix the issue; it will only mitigate my security worries about budget router firmwares.
Notable WiFi devices include: SurfacePro Win 10, Laptop Win 10 x2, Desktop Win 10, Laptop Linux x3, Android SmartPhone x4, Chromecast, FireStick x2, Smart TV x2, Nintendo Switch x2
GGibson
Posted 2020-01-15T22:55:41.467
Reputation: 1
You have a lot in this question, but i observe that it is one device causing this issue. On this device run a TCP/IP Reset to remove any statically set addresses: Open cmd.exe with Run as Administrator Then: netsh int ip reset c:\resetlog.txt Then: ipconfig /flushdns Then: restart the computer For this computer, make the changes, then shut it down for the evening. Start it up the next morning and see if the issue remains. – John – 2020-01-15T23:17:09.040
@GGibson, been in that boat before. It's really tricky without access to that computer. You could try something like PiHole and change the DNS resolution on the router to it. Provided that his/her computer uses default DHCP and DNS it would give you a way to monitor traffic with something like WireShark. – 4ndy – 2020-01-15T23:56:07.903
"I will need indisputable evidence that the problem is localized to their computer" -- Instead of waiting for this to happen each morning, have you tested arbitrary wakes during the day and night? It would not prove causation, but can you establish that every time this PC wakes up (regardless of the time of day) the ADSL connection is dropped? – sawdust – 2020-01-15T23:58:53.447
@sawdust Great question. I have indeed observed the same phenomenon when they have woken the computer at other points during the day. It's not 100% perfectly correlated because sometimes there is no issue, but it's rare there is no issue. – GGibson – 2020-01-16T00:21:15.247
@4ndy Nice suggestion; I'll look into that! – GGibson – 2020-01-16T00:22:58.137