• March 28, 2024, 02:38:41 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DIR-635 Crashing  (Read 17821 times)

Gathor

  • Level 1 Member
  • *
  • Posts: 7
DIR-635 Crashing
« on: August 31, 2011, 02:40:28 PM »

I have a problem with my router. From time to time it "crashes", meaning I have to reset it (or power off/on)  to get it to work again.

The strange part is that all connection I got up before it "crash" continue to work, but I can't open new connection.  Eg. online games works, but I can't open a web page or restart the game. Also the admin/login page for the router will not load.


I think the problem has something to do with number of active internet sessions.  Before it crash I can see all my normal connection, but I got many 100 connection of the type shown below. I don't understand what they are and what dose the minus signs (-) state mean. It don't seen to be a valid state. 

If I open active internet sessions within 1-2 min of the router reset I don't see the strange connections, but after some minutes they get back.


I hope anyone here can help me with what is wrong or the problem with my router.


Product : DIR-635
Hardware Version: B1
Firmware Version: 2.32EU


Code: [Select]
Local                        NAT                         Internet              Protocol   State  Dir   Pri   Time Out
192.168.0.199:54102   84.215.xxx.xxx:54102   75.156.2.179:46052     UDP   -      In   128   300
192.168.0.199:54102   84.215.xxx.xxx:54102   46.44.21.35:31178      UDP   -      In   128   299
192.168.0.199:54102   84.215.xxx.xxx:54102   122.32.147.135:49031   UDP   -      In   128   299
192.168.0.199:54102   84.215.xxx.xxx:54102   31.181.27.237:62666    UDP   -      In   128   299
192.168.0.199:54102   84.215.xxx.xxx:54102   89.42.191.24:30432     UDP   -      In   128   298
192.168.0.199:54102   84.215.xxx.xxx:54102   27.133.68.239:47081    UDP   -      In   128   297
192.168.0.199:54102   84.215.xxx.xxx:54102   46.44.42.118:47896     UDP   -      In   128   297
192.168.0.199:54102   84.215.xxx.xxx:54102   88.162.128.106:51413   UDP   -      In   128   296
192.168.0.199:54102   84.215.xxx.xxx:54102   213.98.186.182:25322   UDP   -      In   128   292
192.168.0.199:54102   84.215.xxx.xxx:54102   110.76.95.149:50980    UDP   -      In   128   291
192.168.0.199:54102   84.215.xxx.xxx:54102   69.117.53.74:45987     UDP   -      In   128   291
192.168.0.199:54102   84.215.xxx.xxx:54102   81.203.123.199:7250    UDP   -      In   128   291
192.168.0.199:54102   84.215.xxx.xxx:54102   117.196.64.186:1024    UDP   -      In   128   289
192.168.0.199:54102   84.215.xxx.xxx:54102   109.173.137.253:17180  UDP   -      In   128   289
192.168.0.199:54102   84.215.xxx.xxx:54102   91.37.79.201:54355     UDP   -      In   128   289
192.168.0.199:54102   84.215.xxx.xxx:54102   200.107.55.32:29825    UDP   -      In   128   289
192.168.0.199:54102   84.215.xxx.xxx:54102   89.178.198.229:30411   UDP   -      In   128   287
192.168.0.199:54102   84.215.xxx.xxx:54102   65.102.38.42:9536      UDP   -      In   128   286
192.168.0.199:54102   84.215.xxx.xxx:54102   83.76.182.46:42176     UDP   -      In   128   285

(I have masked my IP with XXX.XXX)

Quote
State
State for sessions that use the TCP protocol.
-NO: None -- This entry is used as a placeholder for a future connection that may occur.
-SS: SYN Sent -- One of the systems is attempting to start a connection.
-EST: Established -- the connection is passing data.
-FW: FIN Wait -- The client system has requested that the connection be stopped.
-CW: Close Wait -- the server system has requested that the connection be stopped.
-TW: Time Wait -- Waiting for a short time while a connection that was in FIN Wait is fully closed.
-LA: Last ACK -- Waiting for a short time while a connection that was in Close Wait is fully closed.
-CL: Closed -- The connection is no longer active but the session is being tracked in case there are any retransmitted packets still pending.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-635 Crashing
« Reply #1 on: September 01, 2011, 07:36:01 AM »

Would interesting to know what the routers logs are lisiting when this happens.

Can try these:
What ISP Service do you have? Cable or DSL?
What ISP Modem do you have? Stand Alone or built in router?
What ISP Modem make and model do you have?
If this modem has a built in router, it's best to bridge the modem. Having 2 routers on the same line can cause connection problems.

Ensure DNS IP addresses are being filled in under Setup/Internet/Manual?
Turn off QoS options.
Turn off Advanced DNS Services if you have this option.
Turn on DNS Relay under Setup/Networking.
Setup DHCP reserved IP addresses for all devices on the router.
Ensure devices are set to auto obtain an IP address.
Set Firewall settings to Endpoint Independent for TCP and UDP.

What wireless modes are you using?
Try single mode G or mixed G and N?
What security mode are you using? WEP, WPA or WPA2? Preferred is WPA-Personal. WPA2/Auto TPIK and AES.
What wireless devices do you have connected?
Any cordless house phones?
Any other WiFi routers in the area?

Turn off all anti virus and firewall programs on PC while testing.
Turn off all devices accept for one wired PC while testing.

Check cable between Modem and Router, swap out to be sure. Cat6 or 5e recommended.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Gathor

  • Level 1 Member
  • *
  • Posts: 7
Re: DIR-635 Crashing
« Reply #2 on: September 01, 2011, 11:44:43 AM »

First I don't understand the reason for much of the stuff you are tell me to test. It seem to me that they are more relevant if one are having problem with getting internet connection.

Also the router can sometimes work for many days before it crash and sometimes it crash many times in a day.  I'm not sure when the problem started, but for the last year it have become more and more frequent.


Quote
Would interesting to know what the routers logs are lisiting when this happens.
Well since I can't load the log when it crash I'm not sure what is in it.

Here are the log from the start up.
Code: [Select]
[INFO] Thu Sep 01 09:49:09 2011 Firmware upgrade server wrpd.dlink.com.tw is at IP address 210.242.32.129
[INFO] Thu Sep 01 09:49:09 2011 Requesting time from 61.67.210.241
[INFO] Thu Sep 01 09:49:09 2011 Time server ntp1.dlink.com is at IP address 61.67.210.241
[INFO] Thu Sep 01 09:49:09 2011 Blocked incoming UDP packet from 114.36.20.143:16001 to 84.215.xxx.xxx:54102
[INFO] Thu Sep 01 09:49:08 2011 Blocked incoming UDP packet from 91.188.38.205:10583 to 84.215.xxx.xxx:54102
[INFO] Thu Sep 01 09:49:08 2011 Blocked incoming UDP packet from 95.174.56.42:63312 to 84.215.xxx.xxx:54102
[INFO] Thu Sep 01 09:49:08 2011 Blocked outgoing TCP packet from 192.168.0.199:49395 to 46.19.23.51:3389 as RST:ACK received but there is no active connection
[INFO] Thu Sep 01 09:49:07 2011 Blocked incoming UDP packet from 119.73.58.68:21755 to 84.215.xxx.xxx:54102
[INFO] Thu Sep 01 09:49:06 2011 Blocked incoming UDP packet from 122.227.40.90:9031 to 84.215.xxx.xxx:54102
[INFO] Thu Sep 01 09:49:05 2011 Blocked incoming UDP packet from 178.207.16.87:16880 to 84.215.xxx.xxx:54102
[INFO] Thu Sep 01 09:49:05 2011 Blocked outgoing TCP packet from 192.168.0.199:49414 to 94.100.29.71:7615 as PSH:ACK received but there is no active connection
[INFO] Thu Sep 01 09:49:05 2011 Blocked incoming UDP packet from 95.159.146.161:6881 to 84.215.xxx.xxx:54102
[INFO] Thu Sep 01 09:49:05 2011 WAN interface speed measurement completed. Upstream speed is 5622 kbps
[WARN] Thu Sep 01 09:48:51 2011 A network computer (Quad68) was assigned the IP address of 192.168.0.199.
[INFO] Thu Sep 01 09:48:49 2011 SecureNet: Wireless system with MAC address 0015AF6E1DED secured and linked
[INFO] Thu Sep 01 09:48:49 2011 SecureNet: Wireless system with MAC address 0015AF6E1DED associated
[INFO] Thu Sep 01 09:48:49 2011 Above message repeated 1 times
[INFO] Thu Sep 01 09:48:48 2011 Wireless link is up
[INFO] Thu Sep 01 09:48:45 2011 Starting DHCP server
[INFO] Thu Sep 01 09:48:39 2011 Estimating speed of WAN interface
[INFO] Thu Sep 01 09:48:38 2011 Obtained IP Address using DHCP. IP address is 84.215.xxx.xxx
[INFO] Thu Sep 01 09:48:37 2011 Bringing up WAN using DHCP
[INFO] Thu Sep 01 09:48:37 2011 WAN interface cable has been connected
[INFO] Thu Sep 01 09:48:36 2011 LAN interface is up
[INFO] Thu Sep 01 09:48:36 2011 LAN Ethernet Carrier Detected
[INFO] Thu Sep 01 09:48:35 2011 Device initialized
[WARN] Thu Sep 01 09:48:35 2011 Wireless schedule init
[INFO] Thu Sep 01 09:48:35 2011 No Internet access policy is in effect. Unrestricted Internet access allowed to everyone

Notice the block lines

[INFO]   Thu Sep 01 09:49:05 2011   Blocked incoming UDP packet from 95.159.146.161:6881 to 84.215.xxx.xxx:54102

I also get a lot of messages like this ;
Code: [Select]
[INFO] Thu Sep 01 17:43:02 2011 Blocked incoming ICMP error message (ICMP type 3) from 61.106.80.4 to 84.215.xxx.xxx as there is no UDP session active between 84.215.xxx.xxx:54102 and 192.168.200.104:27510
[INFO] Thu Sep 01 17:42:40 2011 Blocked incoming ICMP error message (ICMP type 3) from 173.19.158.38 to 84.215.xxx.xxx as there is no UDP session active between 84.215.xxx.xxx:54102 and 192.168.1.101:30856
[INFO] Thu Sep 01 17:28:33 2011 Blocked incoming ICMP error message (ICMP type 3) from 122.29.134.165 to 84.215.xxx.xxx as there is no UDP session active between 84.215.xxx.xxx:54102 and 192.168.11.3:61893
[INFO] Thu Sep 01 17:28:20 2011 Blocked incoming ICMP error message (ICMP type 3) from 92.244.101.186 to 84.215.xxx.xxx as there is no UDP session active between 84.215.xxx.xxx:54102 and 192.168.1.3:13814
[INFO] Thu Sep 01 17:27:46 2011 Blocked incoming ICMP error message (ICMP type 3) from 112.71.28.105 to 84.215.xxx.xxx as there is no UDP session active between 84.215.xxx.xxx:54102 and 192.168.11.3:23101
[INFO] Thu Sep 01 17:13:49 2011 Blocked incoming ICMP error message (ICMP type 3) from 79.116.40.105 to 84.215.xxx.xxx as there is no UDP session active between 84.215.xxx.xxx:54102 and 192.168.1.5:31539
[INFO] Thu Sep 01 17:12:52 2011 Blocked incoming ICMP error message (ICMP type 3) from 76.103.147.59 to 84.215.xxx.xxx as there is no UDP session active between 84.215.xxx.xxx:54102 and 192.168.1.100:41194

I have used http://ip-address-lookup-v4.com to check the ip address and it seem to be from other users all around the world. Hackers ? 

but what is it with port 54102 ?

Quote
Can try these:
What ISP Service do you have? Cable or DSL?
What ISP Modem do you have? Stand Alone or built in router?
What ISP Modem make and model do you have?
If this modem has a built in router, it's best to bridge the modem. Having 2 routers on the same line can cause connection problems.

I got a SURFboard cable modem  Model SB5101E.
Think it got a router at least it got DHCP Server Enabled .
Code: [Select]
The SURFboard cable modem can be used as a gateway to the Internet by a maximum of 32 users on a Local Area Network (LAN). When the Cable Modem is disconnected from the Internet, users on the LAN can be dynamically assigned IP Addresses by the Cable Modem DHCP Server. These addresses are assigned from an address pool which begins with 192.168.100.11 and ends with 192.168.100.42. Statically assigned IP addresses for other devices on the LAN should be chosen from outside of this range.

Quote
Ensure DNS IP addresses are being filled in under Setup/Internet/Manual?
Yes it is.

Quote
Turn off QoS options.
Turn off Advanced DNS Services if you have this option.
Turn on DNS Relay under Setup/Networking.
My default values.

Quote
Setup DHCP reserved IP addresses for all devices on the router.
Why ?   I got some with reserved and some with dynamic.

Quote
Ensure devices are set to auto obtain an IP address.
they are

Quote
Set Firewall settings to Endpoint Independent for TCP and UDP.
Don't that lower security.  I use Address Restricted on UDP and Port And Address Restricted on TCP.

Quote
What wireless modes are you using?
Try single mode G or mixed G and N?
What security mode are you using? WEP, WPA or WPA2? Preferred is WPA-Personal. WPA2/Auto TPIK and AES.
I use Mixed G and N, WPA


Quote
What wireless devices do you have connected?
Any cordless house phones?
Any other WiFi routers in the area?
PC and Printer.  I think the router crash faster the more devices I got online. Can be up to 7, but normally just 1 wireless (and one cable).   Normally I see like 10-15 other routers, but I the only one that uses channel 9


Quote
Turn off all anti virus and firewall programs on PC while testing.
Turn off all devices accept for one wired PC while testing.
Check cable between Modem and Router, swap out to be sure. Cat6 or 5e recommended.
Can try, but would think this would be more relevant if I did have connection problem.

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-635 Crashing
« Reply #3 on: September 01, 2011, 01:53:50 PM »

The reason for asking for such information and have you do some of these things is to help identify possible causes and help you narrow down what might be the root cause of the problem. We ask that you at least try the suggestions mentioned and see if this might help out.

You can get the log after you reset the router and see the history of the time frame of around when the router supposidly crashes. Are the BLOCKED entries around the time frame when the router crashes? Usually entries like this is normal and the router is doing its job in reporting what it's going. This is correct behavior.

Setting reserved IP addresses on the router for all devices instead of using mixed or reserving on the device, makes it easier for trouble shooting each device, you'll always know that each device will get the same IP address that never changes for it, and in using DHCP addresses, should they happen to change, if you had set up any filter rules, will be broke if the address changes. Reservations make sure they don't. This is preferred in general use.

Does the crash happen if you test out only one PC with all others turned off? Is there any log entries on the ISP modem that might indicate a problem here as well during the time frame the router crashes?

Testing with just one device at a time will help you narrow down other possibilities as well. This is not to say the router is still not at fault. Just want to help you trouble shoot as best as possible.


These are the reason for asking questions and having you do the suggestions so that we can get the details as much as possible to fully understand so we can better help you. If were willing to help you out, you should be willing to accept the help too.

If your interested, someone can use teamviewer.com and remote in and check out your router settings.

Let us know. 
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Gathor

  • Level 1 Member
  • *
  • Posts: 7
Re: DIR-635 Crashing
« Reply #4 on: September 02, 2011, 03:05:28 PM »

The reason for asking for such information and have you do some of these things is to help identify possible causes and help you narrow down what might be the root cause of the problem. We ask that you at least try the suggestions mentioned and see if this might help out.

Sure I would try your suggestions, I just like (and need) to understand what are the reason for suggestion them.   Because I am normally not satisfied with a solution if I don't understand why it solved the problem. (It is just how I work  ;)

You can get the log after you reset the router and see the history of the time frame of around when the router supposidly crashes. Are the BLOCKED entries around the time frame when the router crashes? Usually entries like this is normal and the router is doing its job in reporting what it's going. This is correct behavior.
The log on my router are cleared every time I reboot and/or power off/on the router.


But in the log today I think I maybe found the reason for my problem. At least I hope so, but need to do some more stress testing of the router.

I found the source to all the connection on port 54102 and probably why so many are trying to connect.

Quote
[INFO] Fri Sep 02 20:57:33 2011 UPnP added entry 255.255.255.255 <-> 84.215.xxx.xxx:54102 <-> 192.168.0.199:54102 UDP timeout:0 'DNA (UDP)'
[INFO] Fri Sep 02 20:57:33 2011 UPnP added entry 255.255.255.255 <-> 84.215.xxx.xxx:54102 <-> 192.168.0.199:54102 TCP timeout:0 'DNA (TCP)'

When I did see DNA I did remember i Asus BitTorrent program I ones installed to download some file. I did think I had uninstalled it, but it turned out to be running in the background on my PC.

So I think it did create more internet session then the router could handle. At least now I don't see all the blocking in the log or all the "strange" connection in active internet sessions.  So I will see in the next days if this did solved my problem.


BTW how many connection can the router handle ?

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-635 Crashing
« Reply #5 on: September 06, 2011, 07:17:36 AM »

How many connections do you need for BitTorrent? You have to realize that some of these routers are not meant for large amounts of connections. SO you really should try to tune BT for what you really need. If your needing larger amounts of connections for BT or doing other things, might be best if there is an alternative router out there that will handle it. Generally these routers are great for some gaming and general Internet usage and surfing. Once you start getting into doing stuff that maybe beyond these routers capabilities, then you need to adjust accordingly or find something that does handle your needs better. Keep us posted on what happens.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Gathor

  • Level 1 Member
  • *
  • Posts: 7
Re: DIR-635 Crashing
« Reply #6 on: September 07, 2011, 02:25:31 PM »

How many connections do you need for BitTorrent? You have to realize that some of these routers are not meant for large amounts of connections. SO you really should try to tune BT for what you really need.
Normally I don't use BitTorrent. The program DNA is a BitTorrent program from ASUS that where automatically installed when I don't loaded some HW drivers from them.  It don't got a UI, but just runs in the background and just comes with default settings. I did not even know it where running on my PC and where the reason for the many 100 connections I described above. I did ones see more then 700 connections. I did remove the program so now I got more normal numbers of connections. Normally below 100, but from time to time some 100 when many users are online.


So to the sad part, this morning the router had crashed again. So it seem that I where wrong that it where the numbers of active internet sessions that where the reason  :'(


You have said I should be able to check the log-fil after a crash, but it is cleared and start always with the lines shown above
First line is this :
Code: [Select]
[INFO] Thu Sep 01 09:48:35 2011 No Internet access policy is in effect. Unrestricted Internet access allowed to everyone

I did find a free syslog server and have installed that. Seem to be working so I hope next time it crashes I can see the log.

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-635 Crashing
« Reply #7 on: September 07, 2011, 02:31:33 PM »

Ok, keep us posted and hope the log shows something. I would also test using one PC connected online and then start adding PCs one at a time and see if the router crashes at some point. How many PCs do you have connected to it again?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Gathor

  • Level 1 Member
  • *
  • Posts: 7
Re: DIR-635 Crashing
« Reply #8 on: September 10, 2011, 03:15:01 PM »

For the last days I have had from 4-6 PC online.  2 on cable and up to 4 on wireless.

I'm not sure when it did crash, but I did notice it today and restarted the router at : 2011-09-10 22:28:04


In the log I see it logs ok until :  2011-09-09 21:48:27   then it seem to stop until 2011-09-10 11:20:27. Then it comes a few lines until I power off/on the router. It can be that it where nothing to log between the two times, but I don't think so.  I think the router crashed around 2011-09-09 21:48:27.


The 2 lines I find strange are :
Code: [Select]
2011-09-09 21:25:36 System3.Info 192.168.0.1 Fri Sep 09 21:25:46 2011 SecureNet System Log: Dropped packet from 192.168.0.199 to 64.78.164.232 (IP protocol 6) as unable to create new session
2011-09-09 21:41:51 System3.Info 192.168.0.1 Fri Sep 09 21:42:00 2011 SecureNet System Log: Dropped packet from 192.168.0.199 to 10.80.26.3 (IP protocol 17) as unable to create new session


From googling the log msg I see I don't seem to be the only one with the problem, but don't seem to be a solution to the problem.




Code: [Select]
2011-09-09 20:33:19 System3.Info 192.168.0.1 Fri Sep 09 20:33:30 2011 SecureNet System Log: Blocked incoming TCP packet from 118.123.17.11:80 to 84.215.xxx.xxx:17739 as SYN:ACK received but there is no active connection
2011-09-09 20:44:00 System3.Info 192.168.0.1 Fri Sep 09 20:44:11 2011 SecureNet System Log: Blocked incoming UDP packet from 149.154.153.59:53 to 84.215.xxx.xxx:53
2011-09-09 20:48:09 System3.Info 192.168.0.1 Fri Sep 09 20:48:19 2011 SecureNet System Log: Blocked incoming TCP packet from 118.123.17.11:80 to 84.215.xxx.xxx:3983 as SYN:ACK received but there is no active connection
2011-09-09 20:48:11 System3.Info 192.168.0.1 Fri Sep 09 20:48:21 2011 SecureNet System Log: Blocked incoming UDP packet from 87.121.25.146:7331 to 84.215.xxx.xxx:54102
2011-09-09 20:52:25 System3.Info 192.168.0.1 Fri Sep 09 20:52:36 2011 SecureNet System Log: Blocked incoming UDP packet from 82.245.6.211:51413 to 84.215.xxx.xxx:54102
2011-09-09 20:58:23 System3.Info 192.168.0.1 Fri Sep 09 20:58:34 2011 SecureNet System Log: Blocked incoming TCP connection request from 203.86.5.58:40663 to 84.215.xxx.xxx:5900
2011-09-09 21:08:53 System3.Info 192.168.0.1 Fri Sep 09 21:09:03 2011 SecureNet System Log: Blocked incoming UDP packet from 87.121.25.146:7331 to 84.215.xxx.xxx:54102
2011-09-09 21:11:50 System3.Info 192.168.0.1 Fri Sep 09 21:12:00 2011 SecureNet System Log: Dropped packet from 192.168.0.199 to 10.80.26.3 (IP protocol 17) as unable to create new session
2011-09-09 21:11:51 System3.Info 192.168.0.1 Fri Sep 09 21:12:02 2011 SecureNet System Log: Dropped packet from 192.168.0.199 to 10.80.26.3 (IP protocol 17) as unable to create new session
2011-09-09 21:20:19 System3.Info 192.168.0.1 Fri Sep 09 21:20:29 2011 SecureNet System Log: Blocked incoming TCP connection request from 89.235.6.106:2924 to 84.215.xxx.xxx:443
2011-09-09 21:20:38 System3.Info 192.168.0.1 Fri Sep 09 21:20:48 2011 SecureNet System Log: Blocked incoming UDP packet from 61.247.125.209:54989 to 84.215.xxx.xxx:54102
2011-09-09 21:25:36 System3.Info 192.168.0.1 Fri Sep 09 21:25:46 2011 SecureNet System Log: Dropped packet from 192.168.0.199 to 64.78.164.232 (IP protocol 6) as unable to create new session
2011-09-09 21:28:23 System3.Info 192.168.0.1 Fri Sep 09 21:28:33 2011 SecureNet System Log: Blocked incoming UDP packet from 87.121.25.146:7331 to 84.215.xxx.xxx:54102
2011-09-09 21:41:51 System3.Info 192.168.0.1 Fri Sep 09 21:42:00 2011 SecureNet System Log: Dropped packet from 192.168.0.199 to 10.80.26.3 (IP protocol 17) as unable to create new session
2011-09-09 21:48:27 System3.Info 192.168.0.1 Fri Sep 09 21:48:37 2011 SecureNet System Log: Blocked incoming UDP packet from 87.121.25.146:7331 to 84.215.xxx.xxx:54102
2011-09-10 11:20:27 System3.Info 192.168.0.1 Sat Sep 10 11:20:26 2011 SecureNet System Log: Blocked incoming UDP packet from 113.73.247.34:47001 to 84.215.xxx.xxx:54102
2011-09-10 11:20:33 System3.Info 192.168.0.1 Sat Sep 10 11:20:32 2011 SecureNet System Log: Blocked incoming UDP packet from 113.73.247.34:47002 to 84.215.xxx.xxx:54102
2011-09-10 11:20:41 System3.Info 192.168.0.1 Sat Sep 10 11:20:40 2011 SecureNet System Log: Blocked incoming UDP packet from 49.48.123.124:21160 to 84.215.xxx.xxx:54102
2011-09-10 11:21:12 System3.Info 192.168.0.1 Sat Sep 10 11:20:46 2011 SecureNet System Log: Dropped packet from 169.254.226.31 to 169.254.255.255 (IP protocol 17) as unable to create new session
2011-09-10 11:21:12 System3.Info 192.168.0.1 Sat Sep 10 11:20:47 2011 SecureNet System Log: Dropped packet from 169.254.226.31 to 169.254.255.255 (IP protocol 17) as unable to create new session
2011-09-10 11:21:12 System3.Info 192.168.0.1 Sat Sep 10 11:20:48 2011 SecureNet System Log: Dropped packet from 169.254.226.31 to 169.254.255.255 (IP protocol 17) as unable to create new session
2011-09-10 11:21:12 System3.Info 192.168.0.1 Sat Sep 10 11:20:51 2011 SecureNet System Log: Blocked incoming UDP packet from 113.73.247.34:47013 to 84.215.xxx.xxx:54102
2011-09-10 11:21:17 System3.Info 192.168.0.1 Sat Sep 10 11:21:16 2011 SecureNet System Log: Blocked incoming UDP packet from 113.73.247.34:47021 to 84.215.xxx.xxx:54102
2011-09-10 11:21:23 System3.Info 192.168.0.1 Sat Sep 10 11:21:22 2011 SecureNet System Log: Blocked incoming UDP packet from 113.73.247.34:47022 to 84.215.xxx.xxx:54102
2011-09-10 11:21:47 System3.Info 192.168.0.1 Sat Sep 10 11:21:46 2011 SecureNet System Log: Dropped packet from 169.254.226.31 to 169.254.255.255 (IP protocol 17) as unable to create new session
2011-09-10 11:21:48 System3.Info 192.168.0.1 Sat Sep 10 11:21:47 2011 SecureNet System Log: Dropped packet from 169.254.226.31 to 169.254.255.255 (IP protocol 17) as unable to create new session
2011-09-10 11:21:49 System3.Info 192.168.0.1 Sat Sep 10 11:21:48 2011 SecureNet System Log: Dropped packet from 169.254.226.31 to 169.254.255.255 (IP protocol 17) as unable to create new session
2011-09-10 11:55:33 System3.Info 192.168.0.1 Sat Sep 10 11:55:32 2011 SecureNet System Log: Blocked incoming UDP packet from 113.73.247.34:48067 to 84.215.xxx.xxx:54102
2011-09-10 11:55:49 System3.Info 192.168.0.1 Sat Sep 10 11:55:48 2011 SecureNet System Log: Dropped packet from 169.254.226.31 to 169.254.255.255 (IP protocol 17) as unable to create new session
2011-09-10 11:55:58 System3.Info 192.168.0.1 Sat Sep 10 11:55:57 2011 SecureNet System Log: Blocked incoming UDP packet from 113.73.247.34:48071 to 84.215.xxx.xxx:54102
2011-09-10 13:25:53 System3.Info 192.168.0.1 Sat Sep 10 13:25:52 2011 SecureNet System Log: Blocked incoming UDP packet from 113.73.247.34:49210 to 84.215.xxx.xxx:54102
2011-09-10 22:28:04 System3.Warning 192.168.0.1 Fri Sep 02 22:19:17 2011 SecureNet System Log: Wireless schedule init
2011-09-10 22:28:04 System3.Info 192.168.0.1 Fri Sep 02 22:19:17 2011 SecureNet System Log: Device initialized
2011-09-10 22:28:04 System3.Info 192.168.0.1 Fri Sep 02 22:19:18 2011 SecureNet System Log: LAN Ethernet Carrier Detected
2011-09-10 22:28:04 System3.Info 192.168.0.1 Fri Sep 02 22:19:18 2011 SecureNet System Log: LAN interface is up
2011-09-10 22:28:04 System3.Info 192.168.0.1 Fri Sep 02 22:19:19 2011 SecureNet System Log: WAN interface cable has been connected
2011-09-10 22:28:04 System3.Info 192.168.0.1 Fri Sep 02 22:19:19 2011 SecureNet System Log: Bringing up WAN using DHCP
2011-09-10 22:28:05 System3.Info 192.168.0.1 Fri Sep 02 22:19:20 2011 SecureNet System Log: Obtained IP Address using DHCP. IP address is 84.215.xxx.xxx
2011-09-10 22:28:06 System3.Info 192.168.0.1 Fri Sep 02 22:19:21 2011 SecureNet System Log: Estimating speed of WAN interface
2011-09-10 22:28:12 System3.Info 192.168.0.1 Fri Sep 02 22:19:27 2011 SecureNet System Log: Starting DHCP server
2011-09-10 22:28:16 System3.Info 192.168.0.1 Fri Sep 02 22:19:30 2011 SecureNet System Log: Wireless link is up
Logged

Gathor

  • Level 1 Member
  • *
  • Posts: 7
Re: DIR-635 Crashing
« Reply #9 on: September 11, 2011, 08:25:02 AM »

Got a new crash today and some new lines in log. Seem the route crash more often with more PC's connected even if they are not used to anything else the being connected.


For one PC I did see this in the log. What dose it mean ?
Code: [Select]
2011-09-11 15:37:45 System3.Info 192.168.0.1 Sun Sep 11 15:37:36 2011 SecureNet System Log: SecureNet: Wireless system with MAC address 001DE0B9B3AD secured and linked
2011-09-11 15:37:57 System3.Info 192.168.0.1 Sun Sep 11 15:37:48 2011 SecureNet System Log: SecureNet: Wireless system with MAC address 001DE0B9B3AD disconnected for reason: Received Deauthentication

After the router had crashed I did now also find this line :
Code: [Select]
2011-09-11 16:23:15 System3.Info 192.168.0.1 Sun Sep 11 16:23:06 2011 SecureNet System Log: DNS relay ALG rejected packet from 192.168.0.199:62386 to 84.208.20.110:53But from another post on the forum that seem to be because the router could not create a new connection to the DNS server.  So basically it is the same as
Code: [Select]
2011-09-11 16:23:11 System3.Info 192.168.0.1 Sun Sep 11 16:23:02 2011 SecureNet System Log: Dropped packet from 192.168.0.199 to 99.192.218.26 (IP protocol 6) as unable to create new session
Every time I check the active session I get less the 100. So I don't think it can be to many connection. What else can be the reason for the router not wanting to create new session/connections ?

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-635 Crashing
« Reply #10 on: September 11, 2011, 11:42:12 AM »

Might be some interference. It looks like the PC at .199 ip address is the one your using to test and trying to connect?

If this is reporting a auth/de-auth means that the PC has gone off line, turned off or didn't connect to the routers wireless correctly.

The ALG on DNS relay, mm, never seen this however you could try and turn this feature off and test weather or not it's helps. Usually this feature is ON under the firewall settings. There are 4 application layer options on some routers and one of these is ALG.

I have DNS relay ON and Advanced DNS Services OFF?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Gathor

  • Level 1 Member
  • *
  • Posts: 7
Re: DIR-635 Crashing
« Reply #11 on: September 12, 2011, 01:38:30 AM »

Might be some interference. It looks like the PC at .199 ip address is the one your using to test and trying to connect?

If this is reporting a auth/de-auth means that the PC has gone off line, turned off or didn't connect to the routers wireless correctly.

IP .199 is my main PC, but not the one with MAC address 001DE0B9B3AD. That is a PC of a tenant also using the net. so could be the auth/de-auth is nothing strange.


The ALG on DNS relay, mm, never seen this however you could try and turn this feature off and test weather or not it's helps. Usually this feature is ON under the firewall settings. There are 4 application layer options on some routers and one of these is ALG.

I have DNS relay ON and Advanced DNS Services OFF?

About the DNS I did find a post on the forum here http://forums.dlink.com/index.php?topic=5349.0  and from how I did understand the post, since the router can not create new internet session it can neither connection to the DNS server.


Router had crashed again during the night. So it should be low activity, had only some browser windows up that probably auto refreshed and some RDP connection.   
Code: [Select]
2011-09-12 07:07:17 System3.Info 192.168.0.1 Mon Sep 12 07:07:09 2011 SecureNet System Log: Blocked incoming UDP packet from 200.118.183.74:35320 to 84.215.xxx.xxx:12897
2011-09-12 07:07:47 System3.Info 192.168.0.1 Mon Sep 12 07:07:38 2011 SecureNet System Log: Blocked incoming TCP connection request from 24.85.52.61:36315 to 84.215.xxx.xxx:12897
2011-09-12 07:07:47 System3.Info 192.168.0.1 Mon Sep 12 07:07:39 2011 SecureNet System Log: Blocked incoming TCP connection request from 24.85.52.61:36315 to 84.215.xxx.xxx:12897
2011-09-12 07:07:49 System3.Info 192.168.0.1 Mon Sep 12 07:07:40 2011 SecureNet System Log: Blocked incoming TCP connection request from 24.85.52.61:36315 to 84.215.xxx.xxx:12897
2011-09-12 07:07:50 System3.Info 192.168.0.1 Mon Sep 12 07:07:41 2011 SecureNet System Log: Blocked incoming TCP connection request from 24.85.52.61:36315 to 84.215.xxx.xxx:12897
2011-09-12 07:07:51 System3.Info 192.168.0.1 Mon Sep 12 07:07:42 2011 SecureNet System Log: Blocked incoming TCP connection request from 24.85.52.61:36315 to 84.215.xxx.xxx:12897
2011-09-12 07:07:52 System3.Info 192.168.0.1 Mon Sep 12 07:07:43 2011 SecureNet System Log: Blocked incoming TCP connection request from 24.85.52.61:36315 to 84.215.xxx.xxx:12897
2011-09-12 07:07:54 System3.Info 192.168.0.1 Mon Sep 12 07:07:45 2011 SecureNet System Log: Blocked incoming TCP connection request from 24.85.52.61:36315 to 84.215.xxx.xxx:12897
2011-09-12 07:07:58 System3.Info 192.168.0.1 Mon Sep 12 07:07:49 2011 SecureNet System Log: Blocked incoming TCP connection request from 24.85.52.61:36315 to 84.215.xxx.xxx:12897
2011-09-12 07:10:22 System3.Info 192.168.0.1 Mon Sep 12 07:10:13 2011 SecureNet System Log: Blocked incoming TCP connection request from 118.217.181.201:6000 to 84.215.xxx.xxx:3389
2011-09-12 07:10:58 System3.Info 192.168.0.1 Mon Sep 12 07:10:50 2011 SecureNet System Log: Dropped packet from 192.168.0.199 to 199.27.135.29 (IP protocol 6) as unable to create new session
2011-09-12 07:10:58 System3.Info 192.168.0.1 Mon Sep 12 07:10:50 2011 SecureNet System Log: Dropped packet from 192.168.0.199 to 216.127.62.29 (IP protocol 6) as unable to create new session

Will try to have as few PC's connected as possible for some days. Since it seem to crash more often when I got more PC connected even if they are not used.

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-635 Crashing
« Reply #12 on: September 12, 2011, 07:16:35 AM »

Try turning off DNS relay. I'll need to probably manually input DNS addresses into the PCs that are connecting. We talked about the pros and cons of use DNS relay. I have been using it 99% of the time. There is cool tool that when I get home I'll send you a link for. I Think it's googles however it goes out and finds better ISP DNS addresses for you. I'll see if I can find the threat for this discussion. I'm curious off the Protocol 6 and 17. I've only seen this a couple of times and one of them was my buddies DSL system not wired correctly by the ISP. There was some feedback on the line causing this IP Protocol 17 in his router logs. Connections were ****py. However this seems to be only from your PC? Does the other tenant see this log entry? I would try to track down these 2 items and see. Possible malware on your PC? If one PC doesn't see this and the other does, I might search on that PC for something. Isolate it. Keep us posted.

http://www.auditmypc.com/udp-port-17.asp
« Last Edit: September 12, 2011, 07:20:08 AM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

milmal

  • Level 1 Member
  • *
  • Posts: 1
Re: DIR-635 Crashing
« Reply #13 on: October 31, 2011, 03:25:48 AM »

Any luck solving this? I have a very similar issue.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-635 Crashing
« Reply #14 on: October 31, 2011, 09:15:30 AM »

What HW version is your router?
What FW version is currently loaded?

What ISP Service do you have? Cable or DSL?
What ISP Modem do you have? Stand Alone or built in router?
What ISP Modem make and model do you have?
If this modem has a built in router, it's best to bridge the modem. Having 2 routers on the same line can cause connection problems.

Ensure DNS IP addresses are being filled in under Setup/Internet/Manual? You can find these under Status/Device Info/Wan section.
Turn off ALL QoS (DIR only) GameFuel (DGL only and if ON.) options.
Turn off Advanced DNS Services if you have this option under Setup/Internet/Manual.
Turn on DNS Relay under Setup/Networking.
Setup DHCP reserved IP addresses for all devices on the router.
Ensure devices are set to auto obtain an IP address.
Set Firewall settings to Endpoint Independent for TCP and UDP.

What wireless modes are you using?
Try single mode G or mixed G and N?
What security mode are you using? WEP, WPA or WPA2? Preferred is WPA-Personal. WPA2/Auto TPIK and AES.
What wireless devices do you have connected?
Any cordless house phones?
Any other WiFi routers in the area?
Turn off Short GI and WMM Enable under Advanced/Adv. Wireless.

Turn off all anti virus and firewall programs on PC while testing.
Turn off all devices accept for one wired PC while testing.
Any luck solving this? I have a very similar issue.

Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.