NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Should I be worried about my C7000v2 modem/router?
I wanted to have Spectrum update the modem/router. (I think previously Time Warner did at least one update) But now Spectrum (who acquired Time Warner) just says, "We don't update customer equip...
IF you got a new different router, the C7000 should be put in to modem only mode.
mtiede wrote:
I wanted to have Spectrum update the modem/router. (I think previously Time Warner did at least one update)
But now Spectrum (who acquired Time Warner) just says, "We don't update customer equipment". And *I* can't update it.
So I bought a separate router (Synology RT6600ax) and I turned off the router portion of the C7000v2. Things are working, but I have some concerns. In particular (although I've been using this combination for several months now), I just got a "Threat Prevention" event detected Source IP 192.168.100.10 communicating to the Target IP 8.8.8.8 and saw signature "ET INFO DYNAMIC_DNS Query to a *.dyndns .org Domain ".
192.168.100.x is not my router's IP range. I can't ping 192.168.100.x from inside my lan. Where is this coming from? Has some sort of DMZ been set up? Is there something in the modem side of the C7000v2 that might be hacked? How could the router even seen something from 192.168.100.x if none of the vlans are using that range?
I don't even know how to communicate to the modem now without doing a factory reset.
Should I replace this modem? Any good suggestions for a new modem that would still let me continue to use the router?
As I explained above, yes, I put the C7000v2 in modem only mode. I'm trying to figure out what caused traffic from 192.168.100.10 that is not in the address range used by the router.
Also, if there some inherent weakness in using the C7000v2 modem (such as not being able to update the firmware), what standalone modem would be recommended and work with Spectrum.
mtiede wrote:
... what standalone modem would be recommended and work with Spectrum.
Ask Spectrum.
It is in the best position to know which modems work in its network.
Spectrum has the C7000v2 on their list. But if it has some problem, I want a different one. I was hoping someone with experience could recommend the best one versus picking one from the dozens that Spectrum says are compatible.
Here's the list for 400mbps:
- Arris SB6183
- Arris SB6190
- Arris SBG10
- Arris SBG6950AC2
- Arris SBG7400AC2
- Arris SBG7580
- Arris SBG7580-AC
- Arris SBG7600AC2
- ASUS CM-32
- ASUS CM-32_AC2600
- Linksys CG7500
- Linksys CM3016
- Linksys CM3024
- Motorola MB7621
- Motorola MG7700
- Netgear C6230
- Netgear C6300
- Netgear C6300v2
- Netgear C6900
- Netgear C7000
- Netgear C7000v2
- Netgear C7500
- Netgear Cable Orbi CBR40 or CBK40
- Netgear CM500-100NAS
- Netgear CM600
- Netgear CM700
- Netgear CM1000
- TP-Link CR1900
Only IP address that would be accessible is 192.168.100.1 thats the modems IP address for accessing that side of the units web page and when in modem model as well. Nothing else would be coming from the modem in modem mode.
mtiede wrote:
As I explained above, yes, I put the C7000v2 in modem only mode. I'm trying to figure out what caused traffic from 192.168.100.10 that is not in the address range used by the router.
FURRYe38 wrote:
Only IP address that would be accessible is 192.168.100.1 thats the modems IP address for accessing that side of the units web page and when in modem model as well. Nothing else would be coming from the modem in modem mode.
That was my guess.
I didn't step in because I read the manual, which was misleading! (I suspect that mtiede did the same thing.) There I read:
"When your modem router is in bridge mode, use http://192.168.0.1 to
log in to your modem router."It is only by reading earlier messages here, that I knew that the manual can be misleading. And not for the first time.
That address is, of course, the IP address of the device in modem/router mode.
Manuals for some another cable modem/router does list "http://192.168.100.1".
I tried to go to 192.168.100.1 today. I see that my new router blocked that access of that address.
"ET POLICY Reserved Internal IP Traffic"
So I allowed it, and I was able to login to the old Netgear modem/router.
I see the modem is active and the wifi is turned off.
And I can see how to turn it back into modem/router mode if I wanted to do that.
And since I see that the new router saw the traffic where I logged into the old modem/router, I'm back to the original question again. Why was the modem apparently trying to get DNS information using the 192.168.100.10 address? Why would it get DNS information at all?
"Nothing else would be coming from the modem in modem mode."
And yet, Threat Prevention sees traffic from 192.168.100.10 to 8.8.8.8. Which is what caused me to come here to ask about it in the first place.
I still have no clue what is going on there. UNLESS, something has managed to wedge its way onto the modem and is trying to do things there.
I also don't understand if it IS something on the modem, how was the router able to see it? Unless maybe ALL traffic goes through the router, even it started on the modem.
Or is maybe something in my network spoofing a 192.168.100.10 address somehow.
