NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

wfletchb99's avatar
wfletchb99
Star
Mar 24, 2022

Netgear Armor threat messages that tell me nothing

Have been getting this message frequently over the last several months, sometimes multiple times per day.   Titled "RBR750 Threat" it says: "We have detected and blocked a threat on RBR750.  Your ...
FURRYe38's avatar
FURRYe38
Guru - Experienced User
Mar 24, 2022

What devices do you all have connected to the Orbi system? 

 

What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

  • wfletchb99's avatar
    wfletchb99
    Star
    Mar 24, 2022

    FURRYe38 :

     

    In terms of devices, there are a bunch and my setup is not entirely straightforward.  The modem is a Pace 5268AC (yes I do realize it's also a router).  The router functionality of the Pace device has been disabled as much as feasible (can't be totally eliminated) with only a single incoming IP address active and wifi disabled. I use Pi-Hole for DNS.  I've been using this setup for about 4 years with the only change being that I replaced an R7000 with the RBR750 and single RBS750 satellite early last year.

     

    I recently updated my wifi password and made a list of connected devices that totaled 42.  We have four smart TV's, two Xbox consoles, 2 laptops, a desktop, 2 Android smart phones, 5 tablets (Apple and Android), Chromecast, Fire TV sticks, security system, smart outlets, and several exterior and interior cameras.  Not all of these are constantly active, but as of this moment there are 31 devices attached to the network.

     

    The RBR750 and RBS750 are running firmware 4.6.5.14, but the Armor messages started appearing with prior firmware.  I believe it basically started happening about the time the DDOS reporting feature was added to Armor.

     

    My thinking is that the "threat" could be originating with the Pace device since it is the point on contact with the outside world, but I cannot tell. I do admit that the "router" in the message could mean the Pace device even if it is essentially acting as a Fiber modem.  Even if it is what Armor is referring to as "your router," it is directly connected to the RBR750, so the threat message still does not inform.

     

    After spending time on the phone multiple times with support in prior months, I just stopped trying to figure it out until today.  Aside from the threat messages, there is no issue with performance or connectivity with any device on the network or any evidence that anything is compromised.  I'm not worried that there is a looming disaster with this, just trying to find what Armor is detecting and, if it's something harmless that I can fix (e.g. software pinging for updates), I would.  Of course, if it's Vlad trying to get in, I'd like to address that, too.

     

    Thanks,

     

    Will