NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Is a Factory Reset Sufficient to Resolve Suspected System Compromise?
My question: I'm concerned that my Orbi was compromised/hacked. If I do a factory reset is that "sufficient" to resolve a security incident? My gut is to throw the devices out because I don't know enough about the system architecture (i.e. is it susceptible to a root kit, etc.).
Background: I have an RBR50 and 2 RBS50s. All were on 2.4.x firmware. Yesterday morning I started getting "Access Control" errors when accessing any Internet address. The same issue occurred from multiple devices. I logged into the RBR50 admin panel to check the Access Control page. Over half of my devices were flagged as blocked. I had never seen this issue before, and had never setup any Access Control policies. That was my first time logging into the Admin panel in several months, and nobody else in my house has the login. I disconnected the RBR50 from the AT&T gateway, and manually applied the 2.7.5.4 firmware update. After reboot everything worked.
7 Replies
Yes.
Your ISP Modem already has a built in router and wifi. This would be a double NAT (two router) condition which isn't recommended. https://kb.netgear.com/30186/What-is-Double-NAT
https://kb.netgear.com/30187/How-to-fix-issues-with-Double-NAT
Couple of options,
1. Configure the modem for transparent bridge or modem only mode. Then use the Orbi router in router mode. You'll need to contact the ISP for help and information in regards to the modem being bridged correctly.
2. If you can't bridge the modem, disable ALL wifi radios on the modem, configure the modems DMZ/ExposedHost or IP Pass-Through for the IP address the Orbi router gets from the modem. Then you can use the Orbi router in Router mode.
3. Or disable all wifi radios on the modem and connect the Orbi router to the modem, configure AP mode on the Orbi router. https://kb.netgear.com/31218/How-do-I-configure-my-Orbi-router-to-act-as-an-access-point and https://www.youtube.com/watch?v=H7LOcJ8GdDo&app=desktopTry option #2 first...
elmnoise wrote:
I disconnected the RBR50 from the AT&T gateway, and manually applied the 2.7.5.4 firmware update.What is that AT&T gateway?
It could be that it too is a router and the symptoms that you see have nothing t do with being hacked but are the consequence of using two routers at the same time.
Two routers on your network can cause headaches. For example, you can end up with local address problems. Among other things, the other router can misdirect addresses that the Netgear router usually handles, such as routerlogin.net or the usual IP address for a router, 192.168.1.1.
This explains some of the other drawbacks.
What is Double NAT? | Answer | NETGEAR SupportI would diagnose what is happening before you conclude that you have been hacked.
Hello. The AT&T Gateway is the Pace 5268AC. I set it up to open a "pinhole" to the RBR50. The RBR50 is on a 10.X network, and the Pace is on the normal 192.168.X. I've had this configuration for a couple of years without issue. I agree it's not necessarily a problem with the Orbi, but that's where the errors were coming from. I factory reset everything and ensured the latest firmware was applied. No problems now, but still a bit nervous about using this Orbi.
Your ISP Modem already has a built in router and wifi. This would be a double NAT (two router) condition which isn't recommended. https://kb.netgear.com/30186/What-is-Double-NAT
https://kb.netgear.com/30187/How-to-fix-issues-with-Double-NAT
Couple of options,
1. Configure the modem for transparent bridge or modem only mode. Then use the Orbi router in router mode. You'll need to contact the ISP for help and information in regards to the modem being bridged correctly.
2. If you can't bridge the modem, disable ALL wifi radios on the modem, configure the modems DMZ/ExposedHost or IP Pass-Through for the IP address the Orbi router gets from the modem. Then you can use the Orbi router in Router mode.
3. Or disable all wifi radios on the modem and connect the Orbi router to the modem, configure AP mode on the Orbi router. https://kb.netgear.com/31218/How-do-I-configure-my-Orbi-router-to-act-as-an-access-point and https://www.youtube.com/watch?v=H7LOcJ8GdDo&app=desktop
https://kb.netgear.com/000061277/Which-features-are-disabled-on-my-Orbi-router-when-it-is-set-to-AP-ModeI would try option #2 first or if your overly conserned, try option #3 and let the ISP gatway handle security.
