NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RBK40 black list external IPs
Hi All,
I'm wondering is it possible to black list external IP addresses ?
In my router logs i can see a lot of "failed login" attempts (in hundreds). I can stop the remote management funtion, but it is good to have it working.
Also a can see a lot of DoS attacks.
Thnaks.
8 Replies
I am not aware of any mechanism to blacklist specific IP addresses. Even if there were, my guess is that this would be similar to me blocking robocalls. Since they spoof telephone numbers, I can add a block after every call that comes in and they just keep picking new telephone numbers to spoof.
I take solace that the log is reporting attempts that the Orbi detected and repulsed. It's just a reminder that we do not want our devices exposed to the internet if we can help it.
What Firmware is currently loaded?
What is the Mfr and model# of the ISP modem the NG router is connected too?Most routers firewall are good enough to block problems like this. The logs are just reporting that the firewall is doing it's job.
Contact your ISP and have them help you change the WAN IP address that is given to you by your ISP.
Besure that respond to WAN pings is disabled.
Do you have Remote Management enabled on the RBR? If you don't need this, disable this feature.
Hi All,
My Orbi FW is the lattest one, my IP is dynamic one. I'm haveing one small ISP router (which is spliting the internet and the TV) before Orbi on which i don't have access anyway.I'm concerned about the DoS attack, the problem here is that someone is trying to brute force my password. That's why we can see so much failed login attempts and the goal here is to have remote access to my switch, but to be able to block external IPs.
Contact your ISP and have them help you change the WAN IP address that is given to you by your ISP. if you don't have access to there device, then they need to help you with this.
Stimar wrote:I'm wondering is it possible to black list external IP addresses ?
In my router logs i can see a lot of "failed login" attempts (in hundreds). I can stop the remote management funtion, but it is good to have it working.
There are two alternative ways to manage an Orbi remotely, which will eliminate the "failed login" attempts:
- The Orbi "app" provides the typical "cloud" pathway where the Orbi opens a link to Netgear's cloud system and the app uses this link to reach the Orbi. This is what is used for the bulk of the Internet of Things (IoT). For me, although the "app" is shiny and modern, I find that most of what I want to do on the Orbi requires either web or telnet access.
- Set up VPN. Once a Dynamic DNS and VPN (they go together) are configured, it is possible to reach the Orbi from the internet through the VPN and access the web interface or telnet into the Orbi. This is not a trivial exercise
One of my "suggestions" to Netgear is to show what password was entered in the failed attempt so that the user can determine what sort of attack is being conducted. i.e. Is it a list of common passwords? Are they enumerating all possible passwords starting with "aaaaa"? In my case, my 25 character string of words, numbers, and punctuation is likely to withstand attack well into the next century.
Hi All
CrimpOnThanks for the suggestion that you made, about the strong password - this is correct but sometime attackers are exploiting vulnerabilities which are independent from the password it self. Most time problems come from within. IoT devices for example are more prone to attacks since they are not regularly updated or no updated at all which pose a risks.
The question would be - will NetGear add new feature - blacklist, which will be firewall improvement.
Stimar wrote:Hi All
CrimpOnThanks for the suggestion that you made, about the strong password - this is correct but sometime attackers are exploiting vulnerabilities which are independent from the password it self. Most time problems come from within. IoT devices for example are more prone to attacks since they are not regularly updated or no updated at all which pose a risks.
The question would be - will NetGear add new feature - blacklist, which will be firewall improvement.
Netgear has an "Idea Exchange" where customers propose features. https://community.netgear.com/t5/Idea-Exchange-For-Home/idb-p/idea-exchange-for-home
This is just an opinion, but my feeling is that Netgear may think that "Armor" is their solution to enhanced security. I, personally, have not activated Armor, and have not spent much time learning what it does.
