Security

They cannot tell you which device because the router uses Network Address Translation (NAT) to make it appear that everything from your network comes from the public IP address, only with different port numbers.  It would be very helpful if they could tell you which IP address (on the internet) appears to be attacked.  There is a simple command that will show all of the "open ports" through the Orbi, i.e. from one internal IP address to a specific external IP address.

You would telnet into the Orbi router and enter this command:

Cat /proc/net/ip_conntrack

On the Orbi debug page (http://<ip of Orbi>/debug.htm) it is possible to have the Orbi record all packets that pass through the public side of the Orbi - the Wide Area Network (WAN).  Basically, the user tells the Orbi to "Enable LAN/WAN Capture", and then to "Start Capture".  After a while, stop the capture and then save the debug file to your PC.  It is a zip file.  The LAN and WAN captures can be opened with a program such as Wireshark (free).

I used the "open connections" to figure out which Cloud Services all my Internet of Things (IoT) devices were connecting to.

If they would give you at least a hint of what they are detecting, the Orbi provides the resources to track it back to the offending device.