NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

olfin7's avatar
olfin7
Aspirant
Oct 12, 2024

Suspicious Connection attack warning on device from the IP address that is that device

Hi. We have a home network with Netgear Orbi wifi routers, protected by Netgear Armor. Recently we've been getting lots of "Attack Found on "computername"" messages. In the details it says "Suspicous Connection" and "Netgear Armor detected that a suspicous remote location attempted a connection..." The ones we've been getting the last couple days are especially strange and scary because the remote location given is the exact IP address of the device that is being attacked. Has someone succeeded in breaking into our computers, or is this a configuration issue and it's a false warning? Either way, it makes it sound very scary. An example message is:

 

"NETGEAR Armor detcted that a suspicous remote location 10.0.0.20 attempted a connection COMPUTERNAME and blocked that connection." But COMPUTERNAME's IP address on the network is 10.0.0.20.

 

Any help would be greatly appreciated because I don't know whether to try to lock everything down further or ignore them.

 

As a note, I already changed my wifi network name and password, rebooted it, unplugged and replugged it in, and manually reconnected all of our devices back to it.

 

Thank you for any help.

6 Replies

  • Looking deeper, I think I have more info but it’s no clearer to me. First a few days ago I got this message:

    There was an attempt to establish a connection to your device from the IP 172.64.151.101.

    The IP has been associated with malicious activity in the past, thus the connection to your device was blocked.


    Now yesterday and today I’m getting the inverse message:

    The device attempted to establish a connection to an untrusted IP.

    The IP has been associated with malicious activity in the past, thus the connection towards it was blocked.

    Device name
    COMPUTERNAME

    External IP
    172.64.151.101

    Does this mean it was ultimately successful in connecting and now it’s trying to send info back, or something else?
  • FURRYe38's avatar
    FURRYe38
    Guru - Experienced User

    What Orbi model system do you have?

    What FW version is loaded on the system?

    What is the brand and model# of the device at 10.0.0.20? 

    What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

     

     

    • olfin7's avatar
      olfin7
      Aspirant

      I had the RBR50 and satellite with the latest firmware. However, I noticed at the time that the firmware was no longer being updated and was like two years old. Since then as part of my trying to make sure everything is fully secured regardless of if it was a real threat or not, I've purchased a new Orbi and updated the firmware to the very latest on it.

       

      This notice was happening to two different devices. One was a MacBook Pro (older Intel version) and the other was a PC running Windows 11.

       

      The modem is a Telus Arcadyan nh20a. I also realized that it was not running in bridge mode, not sure if that could've caused false warnings. I've since fixed it to run in bridge mode.