Need help with your equipment?
unclejames's profile

Tutor

 • 

5 Messages

Sunday, April 23rd, 2017 6:16 PM

Pace 5268AC Responds to Pings in DMZplus mode

I have a Pace 5268AC with a router behind it in DMZplus mode.  In this setting, the Pace responds to pings sent to the router behind it.  I have already confirmed (through the log of the router) that although the router is seeing the outside ping requests, it is also dropping them.  Yet the outside is getting ping responses.  I have tried two different routers to ensure that the routers are not responding to ping from the outside.  (And they are not)  In fact, when I set the router to respond to pings, the outside is getting duplicate ping responses!  (From two different devices)

 

The router is the only thing connected to the Pace 5268AC, so I know there isn't another device that might be picking up the ping and responding (other than the Pace 5268AC).  I tried calling tech support and was told that this was the reason WIFI had a password on it.  Yeah, that's as helpful as a box of burnt out lightbulbs.

 

When the system is taken out of DMZplus mode, the device again goes silent and will not respond to pings.  Only in DMZplus mode does the Pace 5268AC respond to pings--again, I have verified that the router is NOT responding--leaving only the Pace 5268AC to be responding.

 

This seems to be a pretty major issue with the firewalling of the PACE 5268AC--basically telling the whole world: "Hey, there's something here!!!!  Lay into it!!!"  And, yes, I do get a storm of attempts at the router.  Sometimes taking down my Internet speed.  But I can't seem to convince anyone in tech support that this is an issue.  {Please, don't tell me this is related to WIFI--after having 10+ years in networking, including training in network security, etc., I am not foolish enough to believe that.}

 

Is anyone else seeing this and have a solution?  Obviously, if I had access to the firewalling abilities of the Pace 5268AC, I might be able to do it myself, but frankly I've always found the DMZplus mode to be a little less than pretty in its operation.  I would prefer to have static IP addresses that I could use inside my router--but again, due to the software and settings in the Pace 5268AC that has never been a real option.

 

 

Community Support

 • 

231.2K Messages

7 years ago

Hi @unclejames,

 

If you place the 5268AC in DMZ+ mode, or more specifically the device you chose in local LAN, then the device behind the 5268AC will be open to ping attacks(DDoS). If you take the 5268AC out of DMZ+ mode then the 5268AC does not respond to ping. Can you clarify your question or issue that we may not be understanding so we can help?

 

-ATTU-verseCare

Tutor

 • 

5 Messages

7 years ago

When not in DMZplus mode, pings are dropped from the Internet.  This is as expected.  When put into DMZplus mode, pings are responded to from the Internet.  I understand that DMZplus opens the inside device to the Internet.  However, the inside device is set to drop pings as well.  

 

Logs from the inside device indicate that it is seeing the pings and dropping them (not responding).  However, something is responding.  The only other device open to the Internet is the 5268AC.  It must be the device responding to pings.

 

When the inside device is set to respond to pings, pinging it from the Internet results in duplicate responses--indicating TWO devices are responding to the pings.  Obviously the inside device is responding as well as another device.  Again, the only other device open to the Internet is the 5268AC.  It must be responding to pings as well.

 

This seems to be a software/firewall issue within the 5268AC itself.

Community Support

 • 

231.2K Messages

7 years ago

Hi @unclejames,

 

Thanks for the follow-up. Are you finding this double ping response in your router logs and can you send us an image of this happening? Let's see if we can track this down or maybe this is a defective 5268AC.

 

-ATTU-verseCare

Tutor

 • 

5 Messages

7 years ago

The following occurs when the 5268AC is set to DMZplus mode with my router.  There are no other devices facing the Internet or even on the 5268AC.

 

Here's the ping from the outside, when my router is set to drop packets:

PING 107.201.50.25 (107.201.50.25) 56(84) bytes of data.
64 bytes from 107.201.50.25: icmp_seq=1 ttl=46 time=45.3 ms
64 bytes from 107.201.50.25: icmp_seq=2 ttl=46 time=45.2 ms
64 bytes from 107.201.50.25: icmp_seq=3 ttl=46 time=45.4 ms
64 bytes from 107.201.50.25: icmp_seq=4 ttl=46 time=45.2 ms
64 bytes from 107.201.50.25: icmp_seq=5 ttl=46 time=45.4 ms
64 bytes from 107.201.50.25: icmp_seq=6 ttl=46 time=45.4 ms
64 bytes from 107.201.50.25: icmp_seq=7 ttl=46 time=45.4 ms
64 bytes from 107.201.50.25: icmp_seq=8 ttl=46 time=45.3 ms

--- 107.201.50.25 ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 1404ms
rtt min/avg/max/mdev = 45.216/45.371/45.496/0.261 ms

 

Here's the output from my router when it is set to NOT respond to pings (drop ping):

 

listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

09:55:03.946189 IP 184.72.226.23 > 107.201.50.25: ICMP echo request, id 17143, seq 1, length 64

09:55:04.146870 IP 184.72.226.23 > 107.201.50.25: ICMP echo request, id 17143, seq 2, length 64

09:55:04.347341 IP 184.72.226.23 > 107.201.50.25: ICMP echo request, id 17143, seq 3, length 64

09:55:04.548101 IP 184.72.226.23 > 107.201.50.25: ICMP echo request, id 17143, seq 4, length 64

09:55:04.748488 IP 184.72.226.23 > 107.201.50.25: ICMP echo request, id 17143, seq 5, length 64

09:55:04.949278 IP 184.72.226.23 > 107.201.50.25: ICMP echo request, id 17143, seq 6, length 64

09:55:05.150341 IP 184.72.226.23 > 107.201.50.25: ICMP echo request, id 17143, seq 7, length 64

09:55:05.350561 IP 184.72.226.23 > 107.201.50.25: ICMP echo request, id 17143, seq 8, length 64

 

Here's the same information when my router IS set to respond to pings:

PING 107.201.50.25 (107.201.50.25) 56(84) bytes of data.
64 bytes from 107.201.50.25: icmp_seq=1 ttl=46 time=46.1 ms
64 bytes from 107.201.50.25: icmp_seq=1 ttl=46 time=46.9 ms (DUP!)
64 bytes from 107.201.50.25: icmp_seq=2 ttl=46 time=58.2 ms
64 bytes from 107.201.50.25: icmp_seq=2 ttl=46 time=58.2 ms (DUP!)
64 bytes from 107.201.50.25: icmp_seq=3 ttl=46 time=45.2 ms
64 bytes from 107.201.50.25: icmp_seq=3 ttl=46 time=46.0 ms (DUP!)
64 bytes from 107.201.50.25: icmp_seq=4 ttl=46 time=45.4 ms
64 bytes from 107.201.50.25: icmp_seq=4 ttl=46 time=47.6 ms (DUP!)
64 bytes from 107.201.50.25: icmp_seq=5 ttl=46 time=45.2 ms
64 bytes from 107.201.50.25: icmp_seq=5 ttl=46 time=45.9 ms (DUP!)
64 bytes from 107.201.50.25: icmp_seq=6 ttl=46 time=45.5 ms
64 bytes from 107.201.50.25: icmp_seq=6 ttl=46 time=46.2 ms (DUP!)
64 bytes from 107.201.50.25: icmp_seq=7 ttl=46 time=44.9 ms
64 bytes from 107.201.50.25: icmp_seq=7 ttl=46 time=45.7 ms (DUP!)
64 bytes from 107.201.50.25: icmp_seq=8 ttl=46 time=45.2 ms

--- 107.201.50.25 ping statistics ---
8 packets transmitted, 8 received, +7 duplicates, 0% packet loss, time 1405ms
rtt min/avg/max/mdev = 44.987/47.521/58.256/4.259 ms


And the information from my router showing it IS responding to pings:

09:57:34.503247 IP 184.72.226.23 > 107.201.50.25: ICMP echo request, id 18264, seq 1, length 64

09:57:34.503596 IP 107.201.50.25 > 184.72.226.23: ICMP echo reply, id 18264, seq 1, length 64

09:57:34.704491 IP 184.72.226.23 > 107.201.50.25: ICMP echo request, id 18264, seq 2, length 64

09:57:34.704764 IP 107.201.50.25 > 184.72.226.23: ICMP echo reply, id 18264, seq 2, length 64

09:57:34.904961 IP 184.72.226.23 > 107.201.50.25: ICMP echo request, id 18264, seq 3, length 64

09:57:34.905239 IP 107.201.50.25 > 184.72.226.23: ICMP echo reply, id 18264, seq 3, length 64

09:57:35.105410 IP 184.72.226.23 > 107.201.50.25: ICMP echo request, id 18264, seq 4, length 64

09:57:35.105680 IP 107.201.50.25 > 184.72.226.23: ICMP echo reply, id 18264, seq 4, length 64

09:57:35.306527 IP 184.72.226.23 > 107.201.50.25: ICMP echo request, id 18264, seq 5, length 64

09:57:35.306843 IP 107.201.50.25 > 184.72.226.23: ICMP echo reply, id 18264, seq 5, length 64

09:57:35.506357 IP 184.72.226.23 > 107.201.50.25: ICMP echo request, id 18264, seq 6, length 64

09:57:35.506658 IP 107.201.50.25 > 184.72.226.23: ICMP echo reply, id 18264, seq 6, length 64

09:57:35.706729 IP 184.72.226.23 > 107.201.50.25: ICMP echo request, id 18264, seq 7, length 64

09:57:35.707014 IP 107.201.50.25 > 184.72.226.23: ICMP echo reply, id 18264, seq 7, length 64

09:57:35.908723 IP 184.72.226.23 > 107.201.50.25: ICMP echo request, id 18264, seq 8, length 64

09:57:35.909001 IP 107.201.50.25 > 184.72.226.23: ICMP echo reply, id 18264, seq 8, length 64

 

Clearly something else is also responding.  I can't get to specific logs in the 5268AC, but it is the only other thing connected.

Community Support

 • 

231.2K Messages

7 years ago

Thanks @unclejames,

 

It appears that the AT&T router may be having issues. Do us a favor and factory reset your AT&T modem/router. You can go to this thread that goes over How to Restart and Factory Reset your Gateway. After the factory reset perform your DMZ+ mode setup to see if issue has been corrected for this issue.

 

-ATTU-verseCare

Tutor

 • 

5 Messages

7 years ago

Factory reset did not fix the problem. 

Community Support

 • 

231.2K Messages

7 years ago

Hey @unclejames,

We have sent you a private message and look forward to working with you to get this sorted.

ATTU-verseCare

Tutor

 • 

5 Messages

7 years ago

The router ended up having to be replaced with a different router type.  There seems to be something wrong with the way the 5268AC operates when in DMZ+ mode.

Contributor

 • 

1 Message

7 years ago

I am seeing this same thing. Is the "new" router given by att. I need this closed.

Contributor

 • 

1 Message

6 years ago

 I'm having the same problem as reported on this thread. I'm running a Netgear R7000P for the Circle parental control feature. At the moment I'm stuck with either double NATing my router or duplicate ping responses from my router and the AT&T RG responding. Glad to supply any additional information needed, or if this is a known issue that can be solved by changing routers just point me in the right direction

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.