NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
IoT, Guest, Primary best practice network security RB850
I have an RB853 router with wired and WiFi and presently just a primary network and a Guest Network. I have extensive IoT devices and home automation and would like to get suggestions on best practi...
Hi CrimpOn, thanks for your comments. WRT the IoT devices my main concern was having them on the primary network would allow them to potentially be a way to sniff into our network in case one of the devices had a known vulnerability (i.e. Purple Air Sensor, weather station, sprinkler system....). I've seen reports of burglaries in the Bay Area with bad guys carrying WiFi jammers and disrupting home security cameras. I'm assuming at some point bad guys that were also "smart" might learn how to gain access to your network and disable security systems or some other malicious crime.
As for the concern about the laptop. I just got another Orbi alert notification from yesterday. "Suspicious Connection Blocked. Netgear Armor has detected and blocked a suspicious connection on PC xxxxxxx". If you click through the alert it will state the remote IP was 80.66.88.211 which is the Netherlands. I realize they could be using a VPN and routed through that IP, but nonetheless it is some device somewhere well outside my home apparently attempting to connect to this PC. I see IP connection attempts from Netherlands, Belize, China, Russia, Germany.....and why me? I don't think I'm that interesting a target to go after. Your thoughts on these warnings?
Armor is a mystery to me (I have never enabled Armor. Once I saw, "Free Trial", my brain went into "They want money."
With no experience to draw on, and no documentation about how Armor works, I can only speculate. If there is no port being forwarded through the router to the laptop, then it is literally impossible for anyone to even attempt to connect to the laptop. My guess is that some application on the laptop has attempted to connect to this IP address and Armor said, "No Way!" (Most likely a web browser.) Check this out:
https://www.abuseipdb.com/check/80.66.88.211
Here's what Bitdefender says:
https://www.bitdefender.com/consumer/support/answer/28376/
Would have been nice to see a link to an actual "list" of these web sites.
It might be entertaining to look at web browser history and see what was going on right before this alert popped up.
To answer your question on what was the PC doing prior to the alert coming up..................nothing. Some of these alerts are occurring during the night when the PC is not being used. It's not a URL that the user gets blocked on. Instead it is the alert that an outside IP tried to connect to the PC. That IPabuse website you referenced shows that the IP that is attempting to connect has thousands of user reports/complaints of hacking attempts (bruteforce, SSH...). That PC is a lightly used relic from some years ago although its loaded with current OS, and scanned for malware/viruses using BitDefender and previously Norton. I do know that my email address and prior passwords could have been subject to a breach by Comcast and they have appeared on the dark web. However every password has been changed and two factor authentication on most every important site we access. Nonetheless, still disturbing to see regular what appear to be hacking attempts on a low value home PC.
Thanks for the information. Sounds like Black Magic (Voodoo) to me.
I would love for one of the technically adapt users on the forum to propose a mechanism that would allow someone to attempt to connect to a specific device on the Orbi LAN.
The Wikipedia article on Network Address Translation (NAT) is pretty specific in stating that it is impossible for an external device to connect to an internal device:
This method allows communication through the router only when the conversation originates in the private network, since the initial originating transmission is what establishes the required information in the translation tables. Thus a web browser within the private network would be able to browse websites that are outside the network, whereas web browsers outside the network would be unable to browse a website hosted within.[a] Protocols not based on TCP and UDP require other translation techniques.
If this laptop is powered on when these events happen, it might be doing "something"? My desktop is a busy little guy 24 hours a day, running all sort of updates, backups, and what-not at all hours of the day and night.
There is a community forum for Armor. Maybe someone there would have more insight?
https://community.netgear.com/t5/NETGEAR-Armor/bd-p/en-home-armor