NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Is Armor reported locks sourced from devices on my LAN?
RAX43, Windows 10
Im getting messages from Netgear Armor every few hours, "NETGEAR Armor detectedd that NVR House Cameras attempted a connector to a suspicious remote locate 42.96.185.60 and blocked that connection We will keep an eye on this device for your. Your protected and dont need to do anything else." THere are a few different IP addresses with these same log messages from the same device or NVR.
"NVR House Cameras" is a Network Video Recorder for my home security monitoring.
Does this log message mean the NVR is initiating communication with that IP address?
How does Netgear know its suspicious and not a time sync or update check or something like that?
Ive turned off power to the NVR and these Armor messages have stopped. I guess I have a trojan on the NVR?
3 Replies
Some of the NVR's communicate back with the manufacturer's servers for updates/time checks/etc.
It could be that happening. Some of the basic settings could be blocking that check.
Is the NVR having any issues or working as it should?
If its working as it should, I wouldn't worry to much about it.
This NVR has gotten hacked at some point. I know this because some of the Camera names were changed to "f...ck Biden" and some other things changed. Further, I have an identical NVR and have had no blocked warnings from it. So Im sure there is some trojan on the NVR or possibly a camera. Another bit of evidence is that I turned off the NVR and the warnings stopped. Ive reset to factory settings and will monitor for block warnings and Im hoping that cleared the hack. The NVR stores video on a harddrive but I would not think there would be any hard drive data involved in the operation of the NVR but easy enough to reformatte the drive too.
Other then the obvious hack messages the NVR has worked fine.
If the reset to factory does not work, Ill replace the NVR as I have a spare one in case of failure as its hard to trust the chinese sellers will be around long enough to support.
Sounds like you have it under control!
Good work!
