NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi RBK50 - Noob question --> Am I being hacked?
Hello there First up, apology for this long post. Am trying to describe as best to my limited technical ability as possible without putting any assumptions onto the issue. I own the below Net...
Oh, my. What a mess! The root problem (dropouts) is one that I have no experience with, and can offer no advice. My Orbi runs for months and (as far as I can determine) never drops WiFi or loses internet. Sorry.
As for the log entries:
- All those DoS entries of various kinds are completely normal. There are people who constantly scan every IP address on the internet looking for open ports. The Orb firmware has routines which count certain attempts to connect to certain ports as "attacks" and logs them. There is an option to stop the logging process.
- The Orbi firewall does not respond to any of these attempts, whether they are logged or not. As a primitive analogy, robots call my telephone dozens of times a day. I look at the caller ID, see that I do not recognize the caller, and do not answer. I COULD record each of these numbers and report them as "attacks".
- The "LAN access from remote" is a puzzle. Since the NVR has an entry at NoIP, this indicates (to me) that at one time the NVR was set up to be accessed from the internet, almost certainly to a web server (port 80). How was that done? Was a port "opened" to the NVR 192.168.1.10 for port 80? Unless you did something, it should be impossible to reach the NVR from the internet.
Once again, I am not convinced that the issues reported in the Orbi log are responsible for the problem.
Hello there
Thanks for replying.
Yes its a mess. Your reply somehow eased my concerns that I was being hacked (even though I'm a nobody lol).
Thanks for your analogy, I have a better understanding now that the log entries are pretty normal or harmless in any sense to be concerned with.
I was continuing my shallow research and installed XArp and noted that it was my main PC that raised an ARP attack alert showing "IpFilter: ip addresss lies in the multicast range". A few searches on Google and I cant seem to grasp a basic understanding of what that alert meant.
Anyways, I also went ahead to activate Netgear Armor and it didnt prompt me on anything hairy on the security front so I assume its just me panicking when I first saw the log entries.
Yep, I believe the security guy who installed the NVR did open the port to NOIP when the system was first installed. It was done to allow me to access the CCTV cameras when I am outside of my home network. Unfortunately ever since I changed to Orbi, I have not been able to access my CCTV cameras from outside anymore.
Yea I do not understand why the log entries contain LAN access from remote via the NVR even when the NVR is physically powered off. I assume the NVR IP address is spoofed, hence the ARP Attacks are showing a spoof IP address such as the NVR. <-- this is my understanding which I hope is correct. I might just pay for a NVR upgrade instead of changing the NVR + CCTV cameras system altogether just for a piece of mind then.
For closure; can I take it as the log entries are indeed normal and my home network was not compromised?
Thanks!