NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
RAXE500 no longer get attack warnings
I've never been so unhappy after purchasing a router as I have been with this RAXE500. But I'll have to live with it now that I've spent the $600 to get it! Yesterday I upgraded the firmware fro...
michaelkenward Netgear have changed the attack logging so I apologise as I was surprised its so different, but it is the way its meant to be now on The RAXE500 as you guessed.
I was given this reply via Netgear. "Engineering comments: Understood and we changed the DoS attack determination rules since there are a lot of false alarms in previous version. It’s the enhancement in v1.2.13.100.
I don’t think it is an issue."Also there is a trial version to cure option 60-61 missing but users with that issue would need to contact Netgear.
GChuck wrote:
I have decided to stay with version 1.2.13.100 for a while just to see how long it take Netgear to fix the two issues I'm seeing (not logging attacks and 6G devices not showing).
Which issue is that?
The one about "not logging attacks" is not an "issue". The problem was that it logged attacks that weren't real. So, that is a fixed issue for many people. Are you saying that you want to see those false reports?
As to 6 GHz devices, what is the issue there? Are they connected and not visible? Or can you see them and they don't say "6 GHz"?
The logging issue is a problem. I know Netgear logs are so paranoid its untrue but now there are none whatsoever, I did a port scan of the router and that should show up in the logs and it did not, so the logging for known attacks is not functioning at all. That's not a fix thats a bug, if you dont want to see the attack logs you can turn them off, but on this firmware those logs are not happening at all, and port scanning happens to all routers every day, so seeing nothing at all is wrong.
Also what happened to DHCP option 60-61 users, that was said to be missing but when searched for its been removed, Google found that post but its not here in the forums, so did Netgear mess up on option 60-61or did the unit need a factory reset for those users? 6Ghz devices should show up as they did in previous firmware not as symbols, so there are GUI bugs in this router, they have changed the GUI for logging window in the GUI, well at least on Firefox. I saw the attack logs vanish on one firmware of the RAX120, its not Netgear have fixed them, its they are just not showing which in itself is not a major issue but if users want to see the logs then this firmware has messed that up. Also some but not all users were having 6E issues, so not sure whats fixed whats broken and whats mended at this time with this firmware.
I thought that I should still see some "attack" signatures happening on the router if it was logging them. This is what I saw on my previous router; not a ton of attacks, but a consistent and continuous number. As for the DHCP option 60 & 61, I run my own DHCP server so the router's DHCP has been turned off and therefore I never noticed (nor needed) those options.
But having the router show my devices "connection type" would be nice. That way at a glance, I can see how each device has connected and the fix those devices that connect at a less than ideal rate.
I guess the big question is whether or not to downgrade the router to a previous version and then if so, to what version. If version 1.2.13.100 has all the needed security updates, then that is probably the best version to stay on; even with it's shortcomings. From what I hear, Netgear is not very quick in fixing problems with the firmware.
Thanks
GChuck
GChuck wrote:
I thought that I should still see some "attack" signatures happening on the router if it was logging them.
It was logging events that did not happen. Why would is show fake signatures after Netgear fixed this defect?
A bigger problem would be if the logs did not show real events.
Can you think of events that your logs no longer show?
Maybe an empty log means that nothing happened.
In my case, the logs for an MR90 show:
[admin login]
[DHCP IP: (192.168.1.9)]
[Dynamic DNS]
[Time synchronized with NTP server]
[Internet connected]
[Internet disconnected]
[email sent to: logs@xxxxxx.net]I have it set to log the whole caboodle.
When you do a scan of the ports on the router that shows up as a port scan in the firewall logs, well it should but Its not. Whilst I agree that Netgears firewall logs show a load of garbage they should show a basic port scan and they are not. The router is not logging those attack logs as it should. As to DHCP since I use the Netgear routers DHCP server all appears as it should, with some new icons for printers and their connections show fine so maybe thats an issue with other other posters own DHCP server and this new firmware.
I'm not sure what's happening to people not using the DHCP server or what happened to option 60- and 61 for sky users as those posts just vanished. I use address reservation,and all is working as it should in that department. I think as always some issues can be cleared up by a factory reset, which is a total pain, but the router does have a few bugs in this release.
I agree its nice not to see the flood of false attacks but routers are port scanned daily, even Asus routers show that, The RAXE500 having gone from a myriad of false smtp query drop logs, and is now devoid of any attack logs or port probes and as I said using Gibson's old port scanner always shows as a port scan, because it is! Its not showing up in the logs but the router is using stealth, even though thats no guarantee of safety as any attacker would know that a router is sitting there hiding by using stealth, but that's beside the point. This firmware has some small bugs, if people have just bought the router they should contact Netgear. I cannot be bothered to downgrade to a version with other bugs thats a year old, but it seems like this router is not pruning logs after a week or so as it used to either, time will tell on that one as maybe it will when the log gets bigger.