NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Router mvpn purge and suspicious insight xcloud communication with orbi pro sxr80; and ddos attacks
I have not initiated or setup insight app or xcloud. Router log shows insight and xcloud login to orbi pro router and mention of mvpn in router logs. Is this unauthorized access? Unusual amount of d...
Interesting mix of wild combinations of individual log entries and speculations... Simple stack protection under the DoS label does become DDoS in your wild ideas, even more widely added secured BGP (considering consumer and end-user routers rarely use BGP). Combine a DoS log entry with a remote access by Insight (what it clearly isn't) and much more. Yes, Insight does make use of a certain VPN to enable the management of multiple or many Insight managed devices on the same network and location, for this purpose it also maintains a look-up service for device information on the same local subnet and beyond, allowing to locate multiple Insight devices easily for adding more insight managed devices like switches, wireless access points, mesh satellites, ... (this is what for the registration you see in the log is for), and much more.
Neither is the mvpn nor the xcloud communication suspicious - both are part of the proprietary Netgear Insight implementation - nor has the update control for the Insight devices update mechanism much in common of what Netgear support has told you based on consumer product firmware update mechanism information.
it's a good behavior to set an environment on a managed to known and defined defaults before it might be used any further, or just before it's set to certain idle or stop state if not required in the current basic set-up. matter of fact, there are different management entities and functionalities involved on these Insight or Netgear cloud manageable devices, depending on how the user does configure and operate these. From standalone, local managed, to a single location cloud managed, to a multi-site location there can be big differences. And I have not talked about about the easy expansion or migration of a standalone local managed device to a single location cloud environment, to a multi-location environment.
No idea why users are so keen to manage one or even more multiple Insight manageable devices locally, massively crippling the oversight and limiting the service quality. The Insight App is yet another alternate UI to using the Insight web portal, so allowing the user the get the best of the Insight environment. But hey if you prefer to do everything manually by device, feel free.
it's not the job for the Netgear support organization for providing design internals or to item by item explanation of each and every log entry you might ever see in the logs. it's ok trying to understand what is going on under the hood, but don't bring in unrelated features like your (non-existing) ip phones or no longer available telephony. Undoubted, everything is IP based here in Insight). and during normal operations of devices (like mobiles, computers, ...) things can change very quickly. like a mobile device roaming to another wireless, to the WWAN (4G/5G carrier network), by a device going to sleep for power saving, so the ip stack on the router does have to deal with what is appearing as "DoS" - even if the reasons triggering can be very different during such state changes.
Beyond, there is no word (anwhere!) that these DoS protections mentioned are blocking any IP addresses just to add one more example of false or freely interpreted ideas. Correct is that if you should become a target of a DDoS attack that no CPE-side router can do anything against it. Even if you invest a lot into your router, security appliance, ... At the end of the day, you have to depend on what the ISP can do.
Thank you for feedback.
i have no ip phone - not needed yet. Will have to learn also.
i did contact tech support who said may have to do with automatic update but my automatic update is off. The logs aside from some ddos attacks showed an insight login, token request, issuance of token, established connection a mention of mvpn, a purge, and an and end of session. Maybe part of Netgear device environment and its relation with corporate resources. Periodic contact and review of devices on its network. Not sure.
I do not use the app and have not signed up - has no advantage of additional features only multi site administration of orbi pro. I have one site and prefer to access by lan onsite.
timely to evaluate address of ddos attackers and block address and probably not effective by this approach.
It seems isp would seek to identify ad remove ddos from their network - also difficult until encrypted bgp is implemented .
Interesting mix of wild combinations of individual log entries and speculations... Simple stack protection under the DoS label does become DDoS in your wild ideas, even more widely added secured BGP (considering consumer and end-user routers rarely use BGP). Combine a DoS log entry with a remote access by Insight (what it clearly isn't) and much more. Yes, Insight does make use of a certain VPN to enable the management of multiple or many Insight managed devices on the same network and location, for this purpose it also maintains a look-up service for device information on the same local subnet and beyond, allowing to locate multiple Insight devices easily for adding more insight managed devices like switches, wireless access points, mesh satellites, ... (this is what for the registration you see in the log is for), and much more.
Neither is the mvpn nor the xcloud communication suspicious - both are part of the proprietary Netgear Insight implementation - nor has the update control for the Insight devices update mechanism much in common of what Netgear support has told you based on consumer product firmware update mechanism information.
it's a good behavior to set an environment on a managed to known and defined defaults before it might be used any further, or just before it's set to certain idle or stop state if not required in the current basic set-up. matter of fact, there are different management entities and functionalities involved on these Insight or Netgear cloud manageable devices, depending on how the user does configure and operate these. From standalone, local managed, to a single location cloud managed, to a multi-site location there can be big differences. And I have not talked about about the easy expansion or migration of a standalone local managed device to a single location cloud environment, to a multi-location environment.
No idea why users are so keen to manage one or even more multiple Insight manageable devices locally, massively crippling the oversight and limiting the service quality. The Insight App is yet another alternate UI to using the Insight web portal, so allowing the user the get the best of the Insight environment. But hey if you prefer to do everything manually by device, feel free.
it's not the job for the Netgear support organization for providing design internals or to item by item explanation of each and every log entry you might ever see in the logs. it's ok trying to understand what is going on under the hood, but don't bring in unrelated features like your (non-existing) ip phones or no longer available telephony. Undoubted, everything is IP based here in Insight). and during normal operations of devices (like mobiles, computers, ...) things can change very quickly. like a mobile device roaming to another wireless, to the WWAN (4G/5G carrier network), by a device going to sleep for power saving, so the ip stack on the router does have to deal with what is appearing as "DoS" - even if the reasons triggering can be very different during such state changes.
Beyond, there is no word (anwhere!) that these DoS protections mentioned are blocking any IP addresses just to add one more example of false or freely interpreted ideas. Correct is that if you should become a target of a DDoS attack that no CPE-side router can do anything against it. Even if you invest a lot into your router, security appliance, ... At the end of the day, you have to depend on what the ISP can do.
As the SXR80 product is bundled with 5 year subscription to Insight, would it be correct to assume that:
- Connecting the router to the internet is sufficient for the router to contact Netgear and set up Insight (with no customer involvement at all)? or
- That the customer must take some action to set up Insight?
- Perhaps the act of registering the product for warranty purposes is sufficient to link the router with the user account?
CrimpOn wrote:
As the SXR80 product is bundled with 5 year subscription to Insight, would it be correct to assume that:
- Connecting the router to the internet is sufficient for the router to contact Netgear and set up Insight (with no customer involvement at all)?
Correct. Not sure on how this helps is people refusing the usage Insight/cloud/App. These users can even choose if they want a normal single Insight location entity Insight or an Insight Pro entity.
I bought my SXK80 directly from Netgear. It came with the warranty already registered with Netgear, and my Insight subscription activated.
Silly me, I thought this was a nice convenience!
Bought a business class router for the quality, safety, service, and speed.
Lean operation one site not much for additional offices and equipment, expertises, digital conversion, app management, authentications, cloud, or storage, or retrieval. Not relying on device for remote access.
Owned a Netgear pro safe firewall that had good features, seemed to speed up my traffic. Had cookie and application filters that were useful.
Your answer makes sense. And i know this type of universal product knowledge base and skilled support are rare. Did not thinks id see a better answer on forum.
Would be useful if discovery feature could be turned off. Turned off the WPS on the satellite. I read that some automatic discovery and enrollment are vulnerable. Disturbing unexplained intrusions.
I see dos protection as default on orbipro. Active by default. Not sure if it distinguishes ddos from dos. Good to have. Support said log may be of a dos that was recognized and blocked by Orbi Pro - the reason i purchased. From where, whom, and what is for me to determine level of threat and time devoted.
It seems most isps, wireless, and switched networks are vulnerable within, around, and across networks. Some say encrypted bgp will be a security feature offered by isp in future internet implementations. So hardware will cost to adapt when available.
I use no voip and ended my cable phone. Cellular only.
I use iOS private relay for browser on my mobile devices and cloudfare warp app that wraps all traffic in https and malware blocking feature. Maybe this is generating some dos log.
May be useless. As you say. We are vulnerable.
I have not experienced or implemented wide area or local area networks and thankful for the Netgear support. Unfortunately i paid $90 to get an answer. Like always depends on how, what, and whom i ask.
thank you again.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
