NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Outbound traffic to Amazon space
Hello, I am wondering why my Orbi AC2200 unit (running latest firmware as of 2/23/2020, RBR20) is constantly making outbound connections to the Amazon space (52.0.0.0/11) over SSL/443. The home ...
The Orbi WiFi backhaul is a 5G radio link directly between the router and satellite. Since it is encrypted in a WiFi signal, I doubt very much that this traffic will be "capturable". (word?)
Re: the outbound 192.168.x.x address pings
In my logs since the day I installed the Orbi, i see one icmp outbound packet from the Orbi router per day to 192.168.100.1 which gets denied by my src:any dst:rfc1918 subnets rule. I am not sure where this comes from.
Btw, if you would like a complete list of URLs your Orbi devices are configured for, telnet to your router, and:
root@RBR20:~# grep -rw '/etc' -e 'https:'
Some of the domains are not related to our devices, however, a few more popped up in the config (I don't see these in the pcaps):
advisor.qa.arloxcld.com
registration.qa.ngxcld.com
presence.qa.ngxcld.com
registration.qa.ngxcld.com
updates.netgear.com
genieremote-qa.netgear.com
devcom-qa.up.netgear.com
arlo-device-staging.messaging.netgear.com
devicelocation.dev.ngxcld.com
devicelocation.qa.ngxcld.com
devicelocation.ngxcld.com
redmine.lighttpd.net
It probably won't hurt to block these as well.
192.168.100.1 maybe your upstream modem? Stand alone modems usually use this address for there web page access.
Same here, I don't use 192.168.100.x space at all on my home network. My PA gets an outside IP from Spectrum (external interface is configured in DHCP client mode), inside is 10.x.x.x. My Orbi Costco box looked like it had been opened and the units had been used previously. I am wondering if this 192.168.100.x came from the previous home setup and the Netgear's reset to default button doesn't really completely wipe previous configuration?
What the Mfr and model # of your ISP modem? Just curious. That IP address comes from stand alone modems management web page only, regardless of WAN IP from ISP service which is different.
Reset should wipe out all configurations and information.
You might try this, save a backup configuration to file of the RBR. factory reset, re-load FW on to the RBR, factory reset once more and see if that address still appears. if not, re-apply the config file from backup.
1qwerty1 wrote:Same here, I don't use 192.168.100.x space at all on my home network. My PA gets an outside IP from Spectrum (external interface is configured in DHCP client mode), inside is 10.x.x.x. My Orbi Costco box looked like it had been opened and the units had been used previously. I am wondering if this 192.168.100.x came from the previous home setup and the Netgear's reset to default button doesn't really completely wipe previous configuration?
never thought to telnet to the router .... doh! Really Netgear, telnet open? I will take a look. In regards to the other comment surrounding it being the upstream router ... that is not my case. I have a PA-220 firewall that sits between my homenet (172.31.2.x) where my pi-hole is the DNS and DHCP server. The Orbi sits on this homenet as an AP. The outside of my PA-220 is static to my FIOS router which sits on a 192.168.1.x subnet ... so I dont know where it would be sending that 192.168.0.x too as nothing has been configured. I will look at the telnet into the router to see what this thing is doing. Thanks for the feedback!
