NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Allen_non's avatar
Allen_non
Aspirant
Aug 05, 2025

Netgear router models are RAX45-100NAS and RAX54-100NAS

Hi, Allen_non here.  I'm a competent computer user, also able to set up MAC filtering, and similar level operations on routers, but am lost in the weeds when it comes to ports, channels, etc inside t...
rax54
CrimpOn's avatar
CrimpOn
Guru - Experienced User
Aug 08, 2025

Great detail. Thanks.

 

  • All of these WiFi routers use the same WiFi credentials? (SSID/password), or are they different?
  • Eager to hear if IPv6 is enabled on the RAX routers.**
  • Can you access the management interface of the Arris router?  During these episodes, does the Arris have a way to display information about "connected devices"?
  • Because all three of your routers are connected to the Arris router, it should be possible for a computer connected to the R7000 to 'ping' the WAN interface of the two RAX routers.  (i.e. the IP address assigned to them by the Arris.)

I have a suspicion that the "flood" is a result of the RAX routers not responding to the Fios router, causing the Fios to keep asking, "are you there?"

https://en.wikipedia.org/wiki/SYN_flood  The flood may be a symptom of the underlying problem, not the cause.

 

** IPv6 appears to be a "hot topic" on the Forum these days.  I, personally, have had IPv6 enabled on my aging Orbi router with Spectrum for YEARS and never notice any issues, but the Forum seems to have a lot of discussion about IPv6.  If it IS enabled on those RAX routers, maybe turning it off would be a useful experiment.

  • Allen_non's avatar
    Allen_non
    Aspirant
    Aug 09, 2025

    I've been able to verify that IPv6 is disabled on all 3 Netgear routers (RAX45, RAX54, and R7000). 

     

    The ATT Arris router was less intelligible:  I had to browse across several tabs to get the following:

             - "IPv4 set to preferred protocol"

     

             - Firewall status:      

                        - Packet Filter On

                        - IP Passthrough Off

                        - NAT Default Server Off

                        - Firewall Advanced On

     

    Whatever is going on, it appears to just be affecting the 2 "newer" NG routers, not affecting the older R7000, based on my testing during the Tuesday 29-July event.

     

    I do get the idea of the flood being a symptom, rather than the cause.  I ran a shields up test earlier today, connected to RAX 45 in my home office, and per their diagnostics, I was completely invisible.  I do think this is something internal rather than someone parked in my driveway trying to hack my network.

     

    I also plan to check tomorrow whether Netgear or ATT ran a FW update approx 6 weeks ago when this all started.  I'm wondering if a FW update could have introduced new "sensitivities" that get logged as attacks.

     

    In the same vein, I'm also wondering if I should turn off DoS logging in my NG routers.  I've read elsewhere that prolific DoS logging can consume router resources, which could cause the wifi to drop.  

     

    Unfortunately, my test window only appears to be on Tuesdays around 12:25 pm.....

     

    Let me know what else you need or need me to try...   again, much appreciate your help!!