NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
RAXE500 no longer get attack warnings
I've never been so unhappy after purchasing a router as I have been with this RAXE500. But I'll have to live with it now that I've spent the $600 to get it! Yesterday I upgraded the firmware fro...
michaelkenward Netgear have changed the attack logging so I apologise as I was surprised its so different, but it is the way its meant to be now on The RAXE500 as you guessed.
I was given this reply via Netgear. "Engineering comments: Understood and we changed the DoS attack determination rules since there are a lot of false alarms in previous version. It’s the enhancement in v1.2.13.100.
I don’t think it is an issue."Also there is a trial version to cure option 60-61 missing but users with that issue would need to contact Netgear.
GChuck wrote:
I thought that I should still see some "attack" signatures happening on the router if it was logging them.
It was logging events that did not happen. Why would is show fake signatures after Netgear fixed this defect?
A bigger problem would be if the logs did not show real events.
Can you think of events that your logs no longer show?
Maybe an empty log means that nothing happened.
In my case, the logs for an MR90 show:
[admin login]
[DHCP IP: (192.168.1.9)]
[Dynamic DNS]
[Time synchronized with NTP server]
[Internet connected]
[Internet disconnected]
[email sent to: logs@xxxxxx.net]
I have it set to log the whole caboodle.
When you do a scan of the ports on the router that shows up as a port scan in the firewall logs, well it should but Its not. Whilst I agree that Netgears firewall logs show a load of garbage they should show a basic port scan and they are not. The router is not logging those attack logs as it should. As to DHCP since I use the Netgear routers DHCP server all appears as it should, with some new icons for printers and their connections show fine so maybe thats an issue with other other posters own DHCP server and this new firmware.
I'm not sure what's happening to people not using the DHCP server or what happened to option 60- and 61 for sky users as those posts just vanished. I use address reservation,and all is working as it should in that department. I think as always some issues can be cleared up by a factory reset, which is a total pain, but the router does have a few bugs in this release.
I agree its nice not to see the flood of false attacks but routers are port scanned daily, even Asus routers show that, The RAXE500 having gone from a myriad of false smtp query drop logs, and is now devoid of any attack logs or port probes and as I said using Gibson's old port scanner always shows as a port scan, because it is! Its not showing up in the logs but the router is using stealth, even though thats no guarantee of safety as any attacker would know that a router is sitting there hiding by using stealth, but that's beside the point. This firmware has some small bugs, if people have just bought the router they should contact Netgear. I cannot be bothered to downgrade to a version with other bugs thats a year old, but it seems like this router is not pruning logs after a week or so as it used to either, time will tell on that one as maybe it will when the log gets bigger.
Killhippie wrote:
When you do a scan of the ports on the router that shows up as a port scan in the firewall logs, well it should but Its not.
Firewall logs? I haven't seen that term used for those logs before.
The logs produced show attacks on the firewall along with all the other things ticked and as we know some are not attacks at all, but some are just logs from incoming communication with the routers firewall that Netgear's routers have always seemed paranoid about as most are not attacks and it would be nice to have it fixed so it does not show false positives like Amazon or Apple etc. When a port scan is done against the routers firewall it is shown in the logs these are firewall logs mixed in with the other logs we have selected in the routers GUI. As of now the logging system is not showing logs from the firewall like the port scan I did on the router, and it should. So this is a bug.