NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Home network security issues
Need help with a lot of issues on my home network. Using the Orbi RBR50 with one satellite and the Orbi outdoor extender. I have contacted Gearhead support numerous times without resolution (do not be...
Using an Arris SB8200 - not one provided by the ISP.
I’ve tried Chrome, Edge, and IE11. Do not use Firefox, Mozilla or opera.
Remote mgmt is not enabled and the login password for the admin page of the router has been changed numerous times. Guest network and home network have custom id’s and separate passwords. As much as I’d love to boot the suspected device off of the network and not allow reconnect - that isn’t an option at this point and I need to confirm 100% that my suspicions are in fact true before I take further action in that regard.
As to Jetdrive’s recommendation about shutting down everything and disconnecting them and wiping the hard drive, that was done to some extent on one of the devices; however it returned to its prior state after reconnecting. Another thing I’d like to mention is that I recently connected my iMac which hadn’t been on the network in this house yet. It started behaving just as the other PC’s do the minute I opened safari. I immediately disconnected this device from the network and unplugged it without ever opening a webpage. Just from opening safari browser triggered the router log trail of site allowed: status.rapidssl.com....followed by all the other ocsp ones I mentioned earlier.
And since sending my earlier message today. I’ve been gone from the house - no one is there, yet I’m getting this notification:
[site blocked: netgear-07a2d5b3-0d1e-49d4-9038-f3e9ce19f9ce.2d7d] from source 192.168.1.16, Thursday, December 19, 2019 14:01:45
I’ve tried Chrome, Edge, and IE11. Do not use Firefox, Mozilla or opera.
Remote mgmt is not enabled and the login password for the admin page of the router has been changed numerous times. Guest network and home network have custom id’s and separate passwords. As much as I’d love to boot the suspected device off of the network and not allow reconnect - that isn’t an option at this point and I need to confirm 100% that my suspicions are in fact true before I take further action in that regard.
As to Jetdrive’s recommendation about shutting down everything and disconnecting them and wiping the hard drive, that was done to some extent on one of the devices; however it returned to its prior state after reconnecting. Another thing I’d like to mention is that I recently connected my iMac which hadn’t been on the network in this house yet. It started behaving just as the other PC’s do the minute I opened safari. I immediately disconnected this device from the network and unplugged it without ever opening a webpage. Just from opening safari browser triggered the router log trail of site allowed: status.rapidssl.com....followed by all the other ocsp ones I mentioned earlier.
And since sending my earlier message today. I’ve been gone from the house - no one is there, yet I’m getting this notification:
[site blocked: netgear-07a2d5b3-0d1e-49d4-9038-f3e9ce19f9ce.2d7d] from source 192.168.1.16, Thursday, December 19, 2019 14:01:45
Can you find out which device has this IP address?
192.168.1.16
If you disconnect the RBR from the ISP modem, does problem still happen?
What happens if you completely disconnect ALL lan devices from the RBR and change the SSID name and PW on the RBR to something different? Save connecting just 1 wired PC to the RBR.
Seems like if it returned to it's prior state after connecting things back up, there is one device that seems to be causing this.
Ggogo2368 wrote:
Using an Arris SB8200 - not one provided by the ISP.
I’ve tried Chrome, Edge, and IE11. Do not use Firefox, Mozilla or opera.
Remote mgmt is not enabled and the login password for the admin page of the router has been changed numerous times. Guest network and home network have custom id’s and separate passwords. As much as I’d love to boot the suspected device off of the network and not allow reconnect - that isn’t an option at this point and I need to confirm 100% that my suspicions are in fact true before I take further action in that regard.
As to Jetdrive’s recommendation about shutting down everything and disconnecting them and wiping the hard drive, that was done to some extent on one of the devices; however it returned to its prior state after reconnecting. Another thing I’d like to mention is that I recently connected my iMac which hadn’t been on the network in this house yet. It started behaving just as the other PC’s do the minute I opened safari. I immediately disconnected this device from the network and unplugged it without ever opening a webpage. Just from opening safari browser triggered the router log trail of site allowed: status.rapidssl.com....followed by all the other ocsp ones I mentioned earlier.
And since sending my earlier message today. I’ve been gone from the house - no one is there, yet I’m getting this notification:
[site blocked: netgear-07a2d5b3-0d1e-49d4-9038-f3e9ce19f9ce.2d7d] from source 192.168.1.16, Thursday, December 19, 2019 14:01:45
- The device with 192.168.1.16 is the suspected device that has created the chaos on the network. The reason it says site blocked now is because I put the address it was accessing previously into the blocked site list in the Orbi under advanced settings. I can find no information anywhere on to what that site is though? That’s the frustrating part of this. Why would that device be accessing a NETGEAR site when there is only one admin user to its interface and that device is not one that ever accesses it - if that’s what the site is? I have reset the router many times, and the modem, rebooted the entire system- and nothing stops the activity I initially described. :(
So what was this device?
Ggogo2368 wrote:
The device with 192.168.1.16 is the suspected device that has created the chaos on the network.This device could be the bot on your network, which controls/affects your GW/Orbi hebavior. Do a hard reset, using a paper clip and stick to the back of both SB8200/Orbi for a good 60secs. Leave192.168.1.16 offline, then power SB8200/Orbi back on and start testing with a Mac client. Let us know if the problem persists. Trying to test with a known bad client (192.168.1.16) will always give the same expected bad result.
I see that people have asked, "what device IS this?", but do not see a response. No one is trying to pry. Depending on what it is, there are diagnostics to determine which process within the device is trying to connect. For example, on a Windows computer, the netstat command will show all active TCP and UDP connections by process. https://www.cyberciti.biz/faq/windows-server-display-current-tcp-connections/
There could be some piece of software that was installed by accident, and deleting that software could cause this problem to go away.
There are similar tools available on other platforms.
