NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Proton68's avatar
Proton68
Aspirant
Feb 14, 2019

Orbi connection to China

Hi,   I've upgraded my IPS system and it has begun to send me alerts notifying that my orbi device was connecting on port 80 to an address that seems to be in China, and it does so regularly. doe...
Troubleshooting
CrimpOn's avatar
CrimpOn
Guru - Experienced User
Feb 14, 2019

The WhoIs lookup on these IP's traces back to:

inetnum:        203.205.192.0 - 203.205.255.255
netname:        TENCENT-NET-AP
descr:          Shenzhen Tencent Computer Systems Company Limited
descr:          Tencent Building, Kejizhongyi Avenue,Hi-techPark,
descr:          NanshanDistrict, Shenzhen
country:        CN

 

inetnum:        203.205.128.0 - 203.205.159.255
netname:        TENCENT-NET-AP
descr:          Shenzhen Tencent Computer Systems Company Limited
descr:          Tencent Building, Kejizhongyi Avenue,Hi-techPark,
descr:          NanshanDistrict, Shenzhen
country:        CN

 This doesn't smell like "Netgear" to me.  If 10.1.1.16 is the Orbi's WAN port, you could use the debug page to capture the LAN traffic and see exactly which device on your Orbi is connecting to those IP's.

michaelkenward's avatar
michaelkenward
Guru - Experienced User
Feb 14, 2019
CrimpOn wrote:

The WhoIs lookup on these IP's traces back to:

inetnum:        203.205.192.0 - 203.205.255.255
netname:        TENCENT-NET-AP
descr:          Shenzhen Tencent Computer Systems Company Limited
descr:          Tencent Building, Kejizhongyi Avenue,Hi-techPark,
descr:          NanshanDistrict, Shenzhen
country:        CN

 

inetnum:        203.205.128.0 - 203.205.159.255
netname:        TENCENT-NET-AP
descr:          Shenzhen Tencent Computer Systems Company Limited
descr:          Tencent Building, Kejizhongyi Avenue,Hi-techPark,
descr:          NanshanDistrict, Shenzhen
country:        CN

See above.

 

CrimpOn wrote:

 This doesn't smell like "Netgear" to me.

 

Nor does it smell like the Chinese or Russian governments.

 

Many of these things tracks back to something else on the local network. Sometimes an IoT device. Who knows?

 

Don't immediately think Chinese IP address = nasty. Look under the hood for what is really going on.

 

This is the important bit:

 


...capture the LAN traffic and see exactly which device on your Orbi is connecting to those IP's.

 

The router's log may be helpful. But it also had a habit for finding useless and misleading information.

 

But first check the plumbing.

  • Chuck_M's avatar
    Chuck_M
    Mentor
    Feb 14, 2019

    You would figure Netgear armor would ID and take care of this :)  LOL!

    • CrimpOn's avatar
      CrimpOn
      Guru - Experienced User
      Feb 15, 2019

      I had not realized that Netgear Armor was available for the Orbi product line.  Everything I have seen mentions the Nighthawk line.

       

      With our houses filling up with devices that can be controlled using smartphone apps, pretty soon we'll have dozens of open ports.  In my case, nearly everything connects back to Amazon Web Services (AWS). 

       

      It would be fascinating to know which Internet Protection System you have and how it fits into the modem->router environment.