NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Nighthawk MR60 spying on my Internet usage
I installed a new Nighthawk AX1800 WiFi 6 Mesh System only to find that it is now the top user of DNS in my network and it's looking up the hostname of every IP any of my devices visit on the interne...
Most modern forum software will use a range of automated filtering functions that will look for patterns such as a large number of URLs posted at once or various keywords. Sadly it is effectively unavoidable with public forums what want to allow for public registrations without annoying screening processes such as requiring the first few posts to be moderator approved.
I have moderated on a different forum in the past and it wasn’t uncommon to see the system block over 100 bot accounts within a single day, and that is with a captcha system. Sadly many mass spamming operations do effectively captcha farming, or sidejacking style malware where someone’s normal activity provides the data that google recaptcha needs.
Overall until something better comes out many forums will have a range of filters and other automations in place to prevent spam, even though that can have false positives (depending on the content).
In focusing more of the core issue, your best bet may be the LAN to LAN setup especially if Netgear armor is enabled and you don't want its cloud related network activity taking place.
The reply that disappeared was mostly just hostnames not URL's.
But anyway, I am keen on trying the LAN LAN mode, but the router is at my elderly parent's house 40 miles away, so I probably won't be able to get down there before Wednesday.
Razor512 To my knowledge, I never enabled Netgear Armor.
How would I check and how would I disable it?
To me, Access Point mode should be "brick-stupid do nothing nothing but bridge the WiFi to my actual router."
That one button to turn on AP mode should disable all this other gratuitous nonsense. :-/
Typically if you use the nighthawk app to set the device up then it automatically enables Netgear Armor. While more experienced users will be fine without it, if someone is new to computing, or infect their system via malvertising, then armor is pretty useful as if a malicious ad makes it past their adblocker, then at least the malware will not download in the vast majority of situations.
Aside from that, with the AP mode, it may be due to most people wanting to retain as many value add features as possible while in AP mode, as compared to just being a transparent bridge for the WiFi radio.
Since I can't get physically to the site where the routers are installed until tomorrow, I ended up calling BitDefender to have the Armor subscriptions invalidated. Hoping that will help.
About the detailed analysis I did, which was deleted from this thread.
Here is a much more terse summary.I could only check on the IPv4 traffic; could not find any way to get meaningful DNS lookups for the IPv6 traffic.
But just looking at the IPv4 traffic from last 7 days, here is the breakdown of the majority of fwd lookups, showing only the base domain from among the many individual sub domain/hostnames.
Fwd lookups -- as you can see, not all Netgear related; many are our general Internet usage. This constitutes spying...
7131 netgear.com
1773 ngxcld.com
1678 apple.com
234 icloud.com
142 akadns.net
131 akamaiedge.net
84 ford.com
62 apple-dns.net
53 google.com
51 office365.com
40 akamai.net
36 aaplimg.com
30 icloud-content.com
22 cloudapp.net
21 facebook.com
19 ring.com
18 bugsnag.com
17 urbanairship.com
17 mzstatic.com
14 routerlogin.net
14 amazonaws.com... (partial list)
Reverse lookups:
7858 cloudfront.com
(the only reverse lookup domain seen via IPv4.
There were 15710 IPv6 reverse lookups, which I could not resolve.