NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RAX75 hanging after latest firmware update
The router started crashing as of yesterday, and becomes unresponsive to the webui (@192.168.1.1) or the Nighthawk Android App. I noticed that the firmware updated recently to firmware V1.0.3.88_1.0.41. After a couple of manual reboots, I wasn't able to login to the webui anymore and had to do a factory reset of the device. After going through a full factory reset, and reconfiguring, the crashes started to occur again. I'm not sure if I'm alone in this issue or if anyone else is experiencing this with the latest firmware.
I looked at the logs and I do see some suspicious log entries that I don't recall seeing before, for example:
[DoS attack: TCP SYN Flood] from source 87.251.75.51,port 65532 Thursday, Jun 11,2020 17:56:20
[DoS attack: ACK Scan] from source 3.93.179.0,port 2350 Thursday, Jun 11,2020 17:52:11
[DoS attack: ACK Scan] from source 52.88.22.0,port 443 Thursday, Jun 11,2020 17:48:47
I'm wondering if the new AppArmor security feature is causing these types of log messages and perhaps it's causing the router to be overwhelmed.
Anyway, this is my last desperate act before I move on to a different product. Hopefully there is some help out there.
6 Replies
I'd roll back the firmware. I've seen 1 other on here with that issue and that update just rolled out recently. Theirs was fixed by the downgrade.
Its pretty easy to to. Just simply download the 1.0.2.76 firmware, extract it, and then follow the manual firmware update process from the manual. I'd make sure to do it over a hardwired connection.
I'd then disable auto-update until a newer update comes out.
Thank you, this is good advice!
So other items of note. I've found a way to disable the AppArmor feature, which is a little too hard to do. And I do feel like the router is running cooler, and more reliably. This might be a red herring though. Probably best to roll back like you said.
Do you know if the backup files taken with the new firmware would work when applied to the older firmware? I don't really want to go through the trouble of reconfiguring this again.
Do you know if the backup files taken with the new firmware would work when applied to the older firmware? I don't really want to go through the trouble of reconfiguring this again.
its worth trying the backups. Worst case you simply re-factory reset and run it. Best case is a simple install.
nebhead wrote:
I looked at the logs and I do see some suspicious log entries that I don't recall seeing before, for example:
[DoS attack: TCP SYN Flood] from source 87.251.75.51,port 65532 Thursday, Jun 11,2020 17:56:20
[DoS attack: ACK Scan] from source 3.93.179.0,port 2350 Thursday, Jun 11,2020 17:52:11
[DoS attack: ACK Scan] from source 52.88.22.0,port 443 Thursday, Jun 11,2020 17:48:47Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.
Search - NETGEAR Communities – DoS attacks
Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP. Yours seem to be from Amazon.
Here is a useful tool for that task:
IPNetInfo: Retrieve IP Address Information from WHOIS servers
If these events are slowing down your router, or maybe even causing the crashes you see, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering, n ot to mention Armor and Circle – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.
