I have to be careful in how I word this because it’s a matter in which nothing I say and nothing that our network hardware says is believed to be anything but error and paranoia. Beginning about a month or two ago, our ISP provided  router had a constant stream of two separate DoS attacks that its logs detailed were occurring every few seconds or so. It’s been a lot of other things since then so, I can’t recall at the moment how close together they each were but it was steady, constant, and from the same source. One computer in the home that’s only use is “supposed to be” used for working at home with SF insurance company. She uses Cisco Anyconnect and the entire system and operating system is managed by SF and their IT department. They have stated just today that they see nothing and no reason or problem. Our home network has been completed overwhelmed and is shut down at least 3-10 times daily. The home has a total of 6 personal devices including streaming tvs, smart phones, and computers. When the issue first comes to light I rerouted the network to where it wasn’t capped off immediately by the attacking computer and the total length of networking cable went from 3 feet to over 150 feet out to the separate structure on the property I live in. I began to try and diagnose the issue and in that time every single device that has logs all reported the same things. Just different DoS and/DDoS attacks taking place. The first that the ISP router reported was called the “ping of deth” attack and I can’t recall what the second one was. But they were constant and from that one computer; named by name, mac address, and ip address. After running the cat5 to my home and setting up a simple set of mesh routers and bypassing that computer and leaving the ISP router in the hole it belonged in; the first speed test results had went from a 2 year regular average of 30-40mb/s max to a level I didn’t think was necessary or possible given that we have a standard basic fiber connection. As I said the speeds were an average of 30-40mb/s for two years and as soon as I added over 100 foot of cable to the network and added a 2 simple economy mesh routers (2 of the 3 routers in the set) I thought if anything I was going to have to explain the loss of speed is a small price to pay for the security gained by running the network through the firewalls first. But to my surprise, the speeds were topping over 200mb/s to 220 & 230. The speeds stayed that high until the day came when she started work again. Then dropped to still being higher at around 90mb/s now down to about 70 a month later. I’m having more than a difficult time convincing her that there is what every single router and firewall we own are all saying is more than guesses and that it’s not just random errors. That these attacks don’t happen to individuals unless they’re being targeted by someone with a sick and immoral desire to disrupt the lives of others. She will not be convinced that the logs are actually indicating what they say. She refuses to accept anything that’s said or read unless it’s stated by someone wearing a company shirt and name tag. As comforting that is, I’m reaching out to you and anyone here to please take a few moments of your time to please share your knowledge about these kind of attacks, how they occur, when and why a router announces/ logs them, and what they mean. Is it at all possible that the two different NGear routers and the ISP router are all making up this data and if so why or how do they all seem to choose the same things. A total of 4 I believe different DoS attacks and the only two I recall the names of are the “ping of deth” and the “Smurf” attack. Take into account that this is the only network on the property and has a maximum of 6-7 devices online at any given moment using no more than a small handful of mb’s of data. Yet our network began to be shut down and hasn’t stopped being crippled since the first attacks were noted in the logs. Why would the speed more than quadruple after adding over 100 plus feet to the layout or network topology? Why or how would three different routers all start to log various DoS attacks taking place if there truly isn’t any DoS attacks happening? Also, why or how can a perfectly fine and an uninfected computer (SF’s words/ remotely during a 10 minute conversation) be pointed to or at by the network hardware as the source of various DoS attacks that aren’t taking place and aren’t really happening? Lastly, why would a home networks routers under such a little load repeatedly be shut down/ fail over and over daily after these logs began if there isn’t any actual DoS attacks taking place? Is it at all possible that something else is the case?