NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi RBK50 - Noob question --> Am I being hacked?
Hello there First up, apology for this long post. Am trying to describe as best to my limited technical ability as possible without putting any assumptions onto the issue. I own the below Net...
Oh, my. What a mess! The root problem (dropouts) is one that I have no experience with, and can offer no advice. My Orbi runs for months and (as far as I can determine) never drops WiFi or loses internet. Sorry.
As for the log entries:
- All those DoS entries of various kinds are completely normal. There are people who constantly scan every IP address on the internet looking for open ports. The Orb firmware has routines which count certain attempts to connect to certain ports as "attacks" and logs them. There is an option to stop the logging process.
- The Orbi firewall does not respond to any of these attempts, whether they are logged or not. As a primitive analogy, robots call my telephone dozens of times a day. I look at the caller ID, see that I do not recognize the caller, and do not answer. I COULD record each of these numbers and report them as "attacks".
- The "LAN access from remote" is a puzzle. Since the NVR has an entry at NoIP, this indicates (to me) that at one time the NVR was set up to be accessed from the internet, almost certainly to a web server (port 80). How was that done? Was a port "opened" to the NVR 192.168.1.10 for port 80? Unless you did something, it should be impossible to reach the NVR from the internet.
Once again, I am not convinced that the issues reported in the Orbi log are responsible for the problem.
Hello there
Thanks for replying.
Yes its a mess. Your reply somehow eased my concerns that I was being hacked (even though I'm a nobody lol).
Thanks for your analogy, I have a better understanding now that the log entries are pretty normal or harmless in any sense to be concerned with.
I was continuing my shallow research and installed XArp and noted that it was my main PC that raised an ARP attack alert showing "IpFilter: ip addresss lies in the multicast range". A few searches on Google and I cant seem to grasp a basic understanding of what that alert meant.
Anyways, I also went ahead to activate Netgear Armor and it didnt prompt me on anything hairy on the security front so I assume its just me panicking when I first saw the log entries.
Yep, I believe the security guy who installed the NVR did open the port to NOIP when the system was first installed. It was done to allow me to access the CCTV cameras when I am outside of my home network. Unfortunately ever since I changed to Orbi, I have not been able to access my CCTV cameras from outside anymore.
Yea I do not understand why the log entries contain LAN access from remote via the NVR even when the NVR is physically powered off. I assume the NVR IP address is spoofed, hence the ARP Attacks are showing a spoof IP address such as the NVR. <-- this is my understanding which I hope is correct. I might just pay for a NVR upgrade instead of changing the NVR + CCTV cameras system altogether just for a piece of mind then.
For closure; can I take it as the log entries are indeed normal and my home network was not compromised?
Thanks!
I did another test earlier today.
On my PC which is LAN'ed directly to the Orbi router, I used an Internet Connectivity Monitor to monitor drop-outs.
Over the course of 4-5 hours (usually evenings my time since the dropouts started a few days ago), the LAN connected PC only had a quick dropout whilst on wireless devices (3 iPads, 1 Android and 2 iPhones - yep dont judge, got a big fam) I am experiencing dropout mania every few minutes to <30 minutes. The dropout period is around 1-2 mins. At times, the dropouts are every few minutes. Sometimes the kids managed a couple of Peppa Pig episodes before the dreaded endless circle "buffering icon".
Tomorrow I am going to try and see if I can get more info of dropouts during the day. Maybe also proceed to resetting the router + the two other satelites. Been reading on other posts on the Orbi wifi dropping off and it seems to be a persistent problem. My warranty is nearing its end (Dec this year) so hopefully I can get it sorted one way or another before the warranty runs out and them turning to be very expensive bricks.
PS: Netgear doesnt provide tech support and relies on community forum for "charitable" support from volunteers (from what I understand). How does one actually go about raising a ticket and perhaps an RMA?
FURRYe38 Hey buddy, saw in alot of posts you were helping troubleshoot RBK50 dropouts. What do you make out of my issue?
Does the RBK50 degrade over time? I have had the setup for over a year with no issue and the dropouts only occured like 3-4 days ago. I have not added any hardware onto the network. I saw your troubleshoot steps and might probably run through them tomorrow when I get a chance but to be honest, if my setup has worked for over a year, I cant seem to think of any other reason that might have caused the dropouts other than a degradation of some form on either the FW or the HW.
My ISP (NBN in Australia) connection is rock solid as I tried doing speed and ping tests repeatedly to isolate the issue from the connection part.
Thoughts?
Howdy,
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?
Has a factory reset and setup from scratch been performed since last FW update?
Any Wifi Neighbors near by? If so, how many?
What I would do is either disconnect ALL cameras and other wifi and wired devices from the Orbi system. You might even turn OFF the RBS as well. Do this and lets see if the RBR alone with maybe 1 or two devices still sees this problem of drop outs. I'd like to see if the RBR is stable alone first, then I would add one non camera/NVR devices first. Continue to test. See if anything happens. Then turn on the RBS and continue to test with out any cameras or NVR. Let us know what you find for this...
Its possible the HW can degrade over a long period of time. I have a buddy down the road from me that we installed his RBK50 back in 2017, still up and running. I haven't touched it since. Though work load for his home probably differs from yours has he doesn't use cameras. Work load will also impact life of HW as well as heat.
rsoption wrote:FURRYe38 Hey buddy, saw in alot of posts you were helping troubleshoot RBK50 dropouts. What do you make out of my issue?
Does the RBK50 degrade over time? I have had the setup for over a year with no issue and the dropouts only occured like 3-4 days ago. I have not added any hardware onto the network. I saw your troubleshoot steps and might probably run through them tomorrow when I get a chance but to be honest, if my setup has worked for over a year, I cant seem to think of any other reason that might have caused the dropouts other than a degradation of some form on either the FW or the HW.
My ISP (NBN in Australia) connection is rock solid as I tried doing speed and ping tests repeatedly to isolate the issue from the connection part.
Thoughts?
