NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Person1's avatar
Person1
Aspirant
Sep 13, 2016

Two security questions about suspicious behavior with cable modem/router

Hi, I have two separate questions:

 

1)  I got a new Nighthawk C7000 Cable Modem Router and set it all up and then mysteriously a few days later I notice under the "Attached Devices" screen there is listed a "ReadySHARE (Internal server)" with it's own unique IP address and MAC address.  This device attached itself to my Nighthawk even though I had already previously set up the Access Control to "Block all new devices from connecting".  So can this be explained?  What is this server doing and why did it mysteriously become enabled on my system after several days of operation in which it was not attached?

 

2)  I set up my Nighthawk with my ISP and during the activation phone call with the technician I noticed in the logs this entry:

 

"SW Download INIT - Via Config file

d11_m_c7000100nas_walledgarden_c01.cm"

 

Then, after my Nighthawk rebooted, that log entry just simply vanished!  Thankfully I made a screenshot of the log entry so it's been recorded.  So, isn't the point of a log to actually keep a log of activity and not for an entry to just simply mysteriously disappear after some unexplained software has been downloaded to my Nighthawk?

Firmware
Installation
Security
Troubleshooting

4 Replies

  • Person1's avatar
    Person1
    Aspirant
    Sep 13, 2016

    I am curious to know if any of the forum administrators can explain to me why it is that my Nighthawk registered a [DoS attack: TCP- or UDP-based Port Scan] at 12:20 PST today, less than 4 hours after my original post.  Should I not have come to the official Netgear community forums with my real IP?  Did I need to fire up TOR or a VPN just to come here?

     

    Seriously, it is extremely rare for me to register a Port Scan hit and I belong to many different forums and communities where I expose my real IP.  I really don't think it is a coincidence that less than 4 hours after making the original post my Nighthawk registers a Port Scan.  I'm not going to tell you the IP that it came from (although I'm pretty sure whoever did it probably wasn't using their real IP) but I will say at least that the Port Scan originated from the Seychelles which is in Africa.

     

    Any of the forum moderators from the Seychelles?  In any case, do you care to let me know the results of your Port Scan against me hm?

    • DarrenM's avatar
      DarrenM
      Sr. NETGEAR Moderator
      Sep 19, 2016

      Hello Person1

       

      No moderator would be doing port scans on your Ip. As for the Readyshare do you have any USB drives or printers hooked up to your modem?

       

      DarrenM

      • Person1's avatar
        Person1
        Aspirant
        Sep 19, 2016
        Okay thanks for responding. I guess it's just a real coincidence then (about the IP scan). I'm willing to ignore that. The answer to what you asked is: No I don't have any USB drives or printers hooked up to my modem at all. Not ever. About the other point I raised, do you have any feedback regarding the "SW download" to my modem and the subsequent disappearance of the log entry that recorded it?