NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
CAX80 keeps rebooting
For the past 3 days my CAX80 has been rebooting every 4 to 5 hours. I’ve tried connecting the power source directly to an outlet and that didn’t work. I did a factory reset and that also didn’t work. ...
FURRYe38 I'm going to have to disagree about the Auto reboot on any signal issue. Every other month my Downlink light starts to blink and I see multiple links that are not locked and the Router has never rebooted automatically.
In looking at my log, I see that the initial Firmware update was initiated Nov 2021
As you can see, there are no DoS attacks before this. However, I DO see DoS attacks starting shortly afterwards:
AND the IP Address is NOT a DoS Attack, not sure why the Router labels it as such. When I do an IP Lookup it reports:
AND I show my IP Address as the one listed as the Source of the DoS attack. SO those who posted about the DoS attack, look at the IP and determine if it is YOUR IP from your ISP. But this still points back to an issue with Firmware .7 since the DoS attacks didn't start logging until AFTER .7 was updated to the Router. Either way, the issue is almost definitely with the firmware.
SO again, HOW can we stop the Router Firmware from being auto updated? AND why did it start on or about 11 Jun 22, why not way back in Nov. when the update was pushed . . .
Alright, downgraded again to .5
Performed a factory reset, unplugged for 1 minute and then went through setup. I guess we'll see what happens . . .
Since downgrading to v2.1.3.5 I have not experienced any random reboots. Nor had I observed any DOS "LAND Atack" events in the Log.
Last night when I went to bed, I was still running v2.1.3.5 so I anticipated this was to continue. I was wrong.
When I awoke this morning and looked at the UI to see if any reboots occurred in the middle of the night, I discovered my router upgraded to firmware v2.1.3.7.
Looking closer at the Log it reflects the router upgraded its firmware to v.2.1.3.7 at approximately 1:20am. After the upgrade the Log reflects twenty or so DOS "LAND Attack" events involving port 2190 and a few DOS "NULL Attack" events.
Then at approximately 3:40am the router does a reboot and has since recorded another thirty plus DOS "LAND Attack" events involving port 2190 in the log.
Obviously, I am not pleased.
Being extremely familiar with Internet security and network security for thirty years, I find it highly improbable and very unlikely my network is experiencing a LAND attack. Especially whereas others are reporting LAND attacks with the SAME port number all of sudden after upgrading the firmware.
For reference a LAND attack is often a human (user) generated attack, designed with the intention of causing a Denial of Service (DoS). It involves the user injecting traffic into the network with the source IP and destination IP addresses being the same as well as choosing a port number (1-65535) to be used as the source and destination ports. The fact this attack is being recorded by multiple persons with the same port number (2190) is highly indicative this event is being generated by the router itself.
In all likelihood there is something wrong with firmware v.2.1.3.7After the CAX80 running .7 rebooted itself at ~3:30am this morning... besides the "[DoS attack] LAND Attack SPT:2190 DPT:2190" messages in the log I'm also getting a bunch of "[DoS attack] DoSPortScan PROTO:Icmp" log messages.
