NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Trying to understand nature of "DoS attack: RST Scan" log messages
Disclaimer: I am a security engineer, so my questions which follow are not to understand what a DoS attack or RST scan are; I know what those are -- I'm trying to understand the behavior of my router...
michaelkenward thanks for the reply.
As things stand, as a security engineer you can probably tell us more than most about what is going on under the hood.
Well, what I know is that something here doesn’t make sense, The meaning of the log entry isn’t clear nor is the criteria which generates it; even if you knew all of that information, there doesn’t appear to be any mitigation options in the router for the likely possibilities. It kind of relegates all of the supposed security features to Christmas lights — they blink and flash and look pretty and makes you feel good that they’re there, but they don’t have much of a pragmatic use. (No knock on Christmas lights).
Improving usability surrounding logs, diagnostics, and documentation on low-level routing function would all be pretty low-hanging fruit to give these routers a giant leap forward. Seems like NETGEAR wants to follow the model of newer cars, sealed black boxes which you cannot fully administer and work on yourself. Too bad, much room for improvement here. Kind of screams for a Raspberry Pi Kickstarter.
Anyway, thx again for the response.
brado77 wrote:
Improving usability surrounding logs, diagnostics, and documentation on low-level routing function would all be pretty low-hanging fruit to give these routers a giant leap forward. Seems like NETGEAR wants to follow the model of newer cars, sealed black boxes which you cannot fully administer and work on yourself. Too bad, much room for improvement here. Kind of screams for a Raspberry Pi Kickstarter.
The issue of weird logs has been rattling around here for some time. Hence the boilerplate repose "check the sort of those attacks".
As to "it would be easy to fix" comments, I bow to your knowledge, but in many cases these demands come from people who don't know what it takes to code this sort of stuff. They also overlook the fact that coding is just a part of it. Qualification of the new firmware – getting it through quality control and the like – is probably more complicated than the coding. And as we see all too often, when broken firmware lands here, it is this bit of the process that fails.
But please keep digging. This has turned into an interesting conversation.
Fact is, NG refuses to change the developer of its firmware (NG itself doesn't make the firmware) most likely due to economic issues. I'm absolutely sure NG is aware it has one of the worst firmware around, yet refuses to do anything. Delta Networks, inc (DNI) doesn't care that much as long as they get paid and offer a "good enough" firmware, regardless of bugs and other issues
If NG continues this path and doesn't change its priorities, they will fall further and further down.
That said, NG offers one of the best *hardware* devices around. They run cool, are very solid and reliable, and just work (unless the firmware throws crap)
michaelkenward wrote:
As to "it would be easy to fix" comments, I bow to your knowledge, but in many cases these demands come from people who don't know what it takes to code this sort of stuff. They also overlook the fact that coding is just a part of it. Qualification of the new firmware – getting it through quality control and the like – is probably more complicated than the coding. And as we see all too often, when broken firmware lands here, it is this bit of the process that fails.I have a few years developing software (30), so I can speak to that. Perhaps I should have said “relative ease”, because it would not be an exercise of development from scratch. All of the data is already being processed, and it appears that the “logs” the user are provided are more an aggregation or conclusion (which I’m guessing isn’t completely accurate) rather than just providing the raw logs.
I’ve been using NG networking equipment for about 25 years now, so I’m very familiar with the evolution of their hardware (and microchip8 is right, good hardware), and the non-evolution of their admin consoles, so over time, using NG products seems to be synonymous with an ever-growing wish-list. (In fact, funny side note — I recently bought one of the old NG hubs on eBay, b/c w/o switching, it makes for a nice device to sniff network traffic for security research — I ended up paying more for it than when it retailed new!)
It is pretty clear that the NG roadmap is a lot like that of newer automobiles, to make products that are even further black-box, which the only knowledge / support can be performed by the vendor. I understand why this is (both good reasons and bad), but it would be nice if NG would embrace both. A model where folks who didn’t care could stick to the blinking lights and needles on the dashboard, and others who want to pop the hood could do so and really understand and perhaps improve the product could do so.
A comment / question:
- Last I checked, NG’s bug bounty program didn’t compensate security researchers for submitted vulnerabilities (it is a work-for-free deal) which is why I didn’t research on that program. It would be really nice if that changed, I have found vulnerabilities in the past just by using the thing, not even researching. I’ll check back to see the status of their program….haven’t looked at it in a while.
- Does anyone know if NG makes firmware available for community review / development? I know there’s a community that has sprung up around some Linksys router firmware. It would be really cool if NG would embrace what some video games and security tool vendors have (like OWASP, Cobalt Strike, Hak5), and leveraged the modding community. If that were possible, I’d work on NG firmware in a heartbeat.
I’d sum up my perspective here as wishing NG would see the cup half-full. There’s huge opportunity for innovation here….just need the optimism to embrace it. I’d love to contribute if it were worth my while.
Thx for replies…this has become an interesting discussion.
