NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
RBR50 Problem
Hi Team
I found the following entries in my Log:
[remote login failure] from source 185.210.217.244, Friday, December 21, 2018 05:08:33
[remote login failure] from source 62.173.145.228, Monday, December 24, 2018 19:31:15
[remote login failure] from source 141.105.70.50, Wednesday, December 26, 2018 20:14:02
and so on...several times. What's that? The Orbi's works as AccessPoints.
kind regards!
This shows that someone reached to the public IP address and port of Orbi admin page (via the ISP main router) and tried to login but failed, likely because of wrong password.
I also see many of those all the time. If you have a long secure admin password then you should be fine.
The only way to completely get rid of this is to disable Remote Management.
10 Replies
What FW is currently loaded?
What is the Mfr and model# of the ISP modem the NG router is connected too?See who owns those IP addresses at whois.domaintools.com
Might start with any blocking features at the host router or modem. Contact your ISP for help if there modem has a built in router.
Do you have remote adminstration turned on?
On the surface, looks like someone was trying to log onto your router to remotely administer it but couldnt get username/pw correct.
That's the good news.
The bad news is that someone was clearly trying to get into your router.
If you only remote from specific machines, I would add those to the "Only accept connections from..." fields.
If you dont administer your router remotely, turn off that function to minimize your exposure/risk.
FURRYe38 gives good advice to figure out where those IP addresses are located which will give you a clue of who is knocking on your door trying to snoop around.
If this was my network I would be sure to udpate all virus & malware software, scan each machine and be increasingly vigilant.
Chuck_M wrote:
........... figure out where those IP addresses are located which will give you a clue of who is knocking on your door trying to snoop around.
...........
Those IP addresses are usually coming from all over the world. I saw addresses from Europe, UAS, Asia,...., so yes it's nice to know where this comes from but....
This shows that someone reached to the public IP address and port of Orbi admin page (via the ISP main router) and tried to login but failed, likely because of wrong password.
I also see many of those all the time. If you have a long secure admin password then you should be fine.
The only way to completely get rid of this is to disable Remote Management.
Hi Team
Many thx for the replies. I think deactivating the Remoteaccess (in the App) will be the savest way.
kind regards and greets from Switzerland!
dali70 wrote:
I think deactivating the Remoteaccess (in the App) will be the savest way.
I think you are wrong: Remote Access in the App is not the same as the Remote Management access as configured in the Web based access.
The Remote Access does allow the device to link into a Netgear cloud system, here the App can connect to using Remote Access. This is _not_ what is causing the log entries you have shown.
You have to disable the Remote Management in the Orbi (or Nighthawk, or whatever Netgear router) in the Advanced settings on the Web UI. this is what does expose the router management port to the wild Internet.
