NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Home network security issues
Need help with a lot of issues on my home network. Using the Orbi RBR50 with one satellite and the Orbi outdoor extender. I have contacted Gearhead support numerous times without resolution (do not be...
I see that people have asked, "what device IS this?", but do not see a response. No one is trying to pry. Depending on what it is, there are diagnostics to determine which process within the device is trying to connect. For example, on a Windows computer, the netstat command will show all active TCP and UDP connections by process. https://www.cyberciti.biz/faq/windows-server-display-current-tcp-connections/
There could be some piece of software that was installed by accident, and deleting that software could cause this problem to go away.
There are similar tools available on other platforms.
Actually, for Windows TCPView is even better. https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview
It actually shows the name of the program which has opened the connection(s).
- Sorry for the slow response - been fighting network cutting in and out all day long. The “device” I refer to that I believe had created the issues is a Windows 10 PC. I have done the paper clip reset that was mentioned and unfortunately they did not resolve the issue. Like i have said, I’m not a computer person at all. My background is research...which I have tried to do and understand to no avail. What I think (and it’s a stretch at best), is the “device” has someone created some type of admin privileges and is controlling the network, the attached devices and their traffic. I don’t know the terminology for it, but I do not believe the certificates are authentic, in other words they are wildcard certificates from this RapidSSL, there are many instances of devices being on captive portal on my home network (mine and my daughters iPhone devices), which makes zero sense on my own home network? I’m baffled???
- I forgot to mention that I’ve contacted four system and computer management companies locally (I do work from home running two small businesses), and none of them are willing to assist since I’m not a multi million dollar company.
- Please download and install TCPView. It will show exactly which program is connecting to this web site.
- Now my non-tech is going to really show....is TCPView a program or a file?
- I would download this on my device or my daughters since I do not have access or control over “the device” in question, right? Does the other device need to be online or running when this is done or does it matter?
- It is a program. Click on the link above. Download and extract the files (desktop is fine), then click on the program to run it.
- I’m not seeing a link on my end
- It was several posts above. Since you have blocked the strange web site, you may have to unblock it to see which program is connecting to it.
I was able to download it from Microsoft and I am on a PC running windows 7 Pro. Not sure what I'm looking at though. The other "device" is not currently online though if that matters?
- You need to run it on the machine that is causing the problem.
If I had access to that machine I would probably be able to figure a lot of the problems on my network out - but there in lies the problem.
I suggest enabling the Access Control feature on your Orbi and disabling the network connection of the infected device. You previously reported this as being a Windows 10 system at IP 192.168.1.16, so disable that device using the Access Control in either the web or smart phone application. Once the device is disabled from network access, then you can make sure no other devices are affected/infected by whatever malware may be on it.
Ggogo2368 wrote:If I had access to that machine I would probably be able to figure a lot of the problems on my network out - but there in lies the problem.
This is where I am failing to understand the problem. WiFi routers have a "public" Wide Area Network (WAN) IP address which is assigned to the Internet Service Provider (ISP). The WiFi router then create a "private" Local Area Network (LAN) IP address for each of the computers that are being serviced by the WiFi router. IP addresses which begin with 192.168 are "private" IP addresses. So, the Orbi has assigned the IP 192.168.1.16 to this Windows 10 computer. It's your network, but you have no access to this computer.
This is what I cannot understand. Is there a locked room in the house that you cannot get into? Does the computer belong to a teenager who won't let you into this room? Is this Orbi providing service to several apartments, and the other tenants won't let you in?
If the problem is that this computer is not supposed to be on your network, then change the WiFi password, put the MAC address of this computer into the Security Access Control table as "Blocked", and the problem should go away.
I am probably coming across as confrontational. (sorry) Please explain how this computer can be on your network yet you cannot touch it.
- Thank you for that suggestion. We have tried that one. When we blocked the IP of that device and ran malwarebytes and system mechanics nothing was found or resolved. The same issue persisted and when we tried to update or restore we get message that we do not have authorization to perform these tasks.
- Not taken as confrontational at all. I appreciate any and all suggestions and advice. The device is not locked in a room and it’s not an apartment. The device has been allowed intermittent access to the internet in the home over the past two years but I do not own the device (please see my pvt. message) but as I mentioned- I do work from for two small companies and people do come to the home and access the internet occasionally as well. I typically will share the Wi-Fi via the app on the phone when that occurs.
What about changing the SSID and opening up the Guest network (with a separate password)? That is supposed to keep devices on the Guest network from affecting the primary network.
The infected device (your daughters Windows PC at 192.168.1.16) is the device that you need to run Malwarebytes and TCPview on. Running Malwarebytes on your other systems is also advised to clear them of any malware. You stated you ran Malwarebytes and it did not have permissions to repair it. Was that on the infected PC? If so, then the infected PC may need to be either erased and reloaded from an uninfected backup or from scratch, or possibly take it to a local computer shop that can remove the malware from it.
Ggogo2368 wrote:
Thank you for that suggestion. We have tried that one. When we blocked the IP of that device and ran malwarebytes and system mechanics nothing was found or resolved. The same issue persisted and when we tried to update or restore we get message that we do not have authorization to perform these tasks.Another proposal. This issue has consumed enormous amounts of your time and energy.
- Open the Control Panel, click on "Programs and Features". Look through the list of programs on the computer. Are there any that you do not recognize? Make a note of them. (We'll need that list later).
- Do another scan of your Windows 7 computer (anti-virus and Malwarebytes).
- Reset the Orbi to "factory" (which is now firmware 2.5.1.8)
- Connect your Windows 7 computer to the Orbi with an ethernet cord, open a web browser and do a new setup.
Create a new admin password for the Orbi, and a new WiFi password. (no need to change the WiFi SSID, just the password) - Activate the Guest network, with a new password.
- There is now one computer connected to the Orbi.
On the Windows 7 computer, run the program TCPView.
It should show a list of programs and which web sites they are connected to.
Is the suspect web site on the list? - Are any programs on the list that seem "odd", such as programs from the above list that you did not recognize?
(There will be a huge number of Windows programs connected all over the place. But, that's Windows.)
I have attached part of a scan from my computer. Sort of takes one aback to realize how "busy" my computer is.
No idea why it is connected to my TV, or what most of those entries are. - Try to do things on the Windows 7 computer. Browse web sites. Open email.
Do you get those error messages about certificates or authorization? - Add the daughter's computer and do the same thing as above.
- When the suspect computer comes in again, have it join the Guest network.
Watch for "something to happen."
If a computer on the Guest network is able to in some way affect an Orbi, it should come as a big shock to Netgear engineers and we would want one of the moderators to get involved to escalate the problem to the engineers.
