Zyxel T-56 ping spikes

Hi Tommie, so I did some testing, seems the zyxel does indeed take a knock with the attacks. I can help beta firmware and see if that helps. 
For completeness sake, see the screenshot below. This was taken from my Mikrotik CCR2004 (there is no ways this connection will ever over load this device. 
 

What is a concern and what I would like to draw your attention to, is the fact that I am getting a route change between two IP’s at hope 2 and depending on the path hop 3 as well. now this shouldn’t be happening this frequently, this immediately make me wonder what exactly is going on?

Hey @ChaosMonkey , this seems to be a possible denial of service attempt. More people seem to have reported the IP-address 185.191.225.130 as suspect. See for example https://www.abuseipdb.com/check/185.191.225.130 abuseipdb.com 185.191.225.130 | Probe Networks | AbuseIPDB 185.191.225.130 has been reported 142 times.

I am not sure how to tackle this issue. This may be an hacker attacking you (do you run a game where bad actors want to attack you?). But as you have a new modem (and a new IP-address) it may be directed to the previous user that had that IP-address. The destination port 8000 could also be the result of a service you have or had had open to the internet (forwarded to an internal server) that people want to disable (see  https://www.speedguide.net/port.php?port=8000 for some examples) SpeedGuide

Port 8000 (tcp/udp) Port 8000 tcp/udp information, assignments, application use and known security risks. Was this the only message or did you receive more?

Will do. 

Also there seems to be something unstable happening in the routing. 
 

hop 2 and 3 show route changes, so I am getting unstable latencies 

For comparison, I used my own router, so just swapped out the Zyxel for a mikrotik hex (and it’s not even as powerful.) 

Fyi I connect to the Zyxel over a 2.5Gbps connection. 
 

Here is what it looks like using the mikrotik

So it looks like the custom firmware that is on the Zyxel from Odido(T-Mobile) could be the cause. 

1.  Can I ask for a replacement router?
2. Can I beta test new firmware?

Hi, one thing that seems to stand out to me, is that the average response time of the modem seems to be an issue. Which could explain the odd avg’s seen in the pings to the google and cloudflare. If ICMP was being throttled that could explain it, but the network isn’t busy and a TCP ping rules that out. Seems the modem or the custom firmware T-Mobile (Odido) puts on this Zyxel might have an issue?

I do have it as ONT → Zyxel → Wired connection.
There is nothing between the ONT and the Zyxel. 

I have made a diagram of my network. I have done the tests from both my PC and the orange pi (see diagram, that is directly connected to the Zyxel) and it doesn’t change. I am questioning this Zyxel because of the spikes to it. I haven’t seen for example at a previous ISP my Mikrotik (ISP supplied router) do this. 

Even if I unplug everything like I did in the previous results and have just my PC connected directly to the Zyxel do I see the exact same behaviour. 
 

I have an openwrt router I can also test with , I just need to know what IPoE settings to use? 

What do you mean you can see I have my own router/switch connected? The tests I showed was done from a linux machine directly connected to the Zyxel router. Even with just my PC connected it still shows odd spikes, and I was initially talking about ping spikes to the Zyxel router itself. That is why my concern is sitting 
 

Yeah, you can see that from the first ping, the sub ms ping is normally not achievable on wifi. 
I am wired in with all my devices except my phone. 

Seems it is based on the EX5601/EX5600-T SERIES