NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

test4321's avatar
test4321
Aspirant
May 02, 2019
Solved

R7000 - hard reset overnight

Hey guys,

 

Router: R7000

Firmware: V1.0.9.64_10.2.64

 

I walked into the office today with a surpise waiting for me - a completely reset router. I asked around and nobody in the office has touched the router (they don't have much IT knowledge).

 

The router was factory reset to 0. Any ideas what that could be?

 

I also saw some attacks in logs:

 

[DoS attack: FIN Scan] (1) attack packets in last 20 sec from ip [209.52.156.161], Wednesday, Dec 26,2018 12:15:10

[DoS attack: FIN Scan] (1) attack packets in last 20 sec from ip [35.170.206.231], Wednesday, Dec 26,2018 12:14:14
[DoS attack: FIN Scan] (1) attack packets in last 20 sec from ip [35.233.232.96], Wednesday, Dec 26,2018 12:14:02

[DoS attack: ACK Scan] (1) attack packets in last 20 sec from ip [72.21.91.29], Thursday, May 02,2019 07:41:18

[DoS attack: FIN Scan] (1) attack packets in last 20 sec from ip [172.217.14.202], Thursday, May 02,2019 07:42:31

 

Could this be related?

 

 

 

  • IrvSp's avatar
    IrvSp
    May 07, 2019

    DavidStewart, you've got a different router and it could very well be where you have the router and ventilation on the unit.

     

    test4321, well first I doubt the log entries. One reason being if the ROUTER truely was reset or even rebooted, all logging is lost so you don't know what happened before the reboot if there was any information in the log that might point a finger at something? Matter of fact, the first few lines in the log would verify if you had a reboot. They usually will log entried with old dates first then the real date and time. Like this:

     

    [Time synchronized with NTP server] Tuesday, Apr 30,2019 17:57:20
[Internet connected] IP address: xxx.xxx.xxx.xxx, Tuesday, Oct 09,2018 16:43:00
[Initialized, firmware version: V1.0.4.28_10.1.54] Thursday, Jan 01,2015 00:00:13

     

    Also, on the Browser Genie when logged into the router, select the ADVANCED TAB. In the INTERNET box, select SHOW STATISTICS. That LAST column will show UPTIME. If there was a reboot you can then tell how many hours ago.

     

    However, I'm quite SURE this isn't the problem! This is, "Firmware: V1.0.9.64_10.2.64". If you search the forum here, you'll find many many problems with this firmware, even probably what you are experiencing.

     

    Basically that release and the one before it are just unreliable to put it nicely. You need to do two things:

     

    1. Revert to firmware version V1.0.9.42 (Support at top menu, enter R7000, press enter, select DOWNLOADS, at the bottom of the list expand PRIOR VERSIONS, select and expand V1.0.9.42 and click on the README. Follow direction in that documents (including the link to get) and backlevel the firmware. DO NOT reload from a saved configuration your settings. Test first, and if you still have a problem, RESET (see manual if you are unsure how to do it) TO FACTORY SETTINGS and MANUALLY enter them. Suggest you take screenshots of those you changed so you know what to set them to.
    2. After DOING #1, on the ROUTER UPDATE page, TURN OFF AUTOMATIC UPDATES.

    Doing the above should get you working again. However turning off updates will stop ALL future updates. Versions .60 and .64 did have some 'fixes' (and breaks in .60 probably fixed in .64) that might be needed. A future release might come out that you need. So either keep watching in the forum for a new release or use the router CHECK FOR UPDATE function. When it is newer reported than the .64 release check back to see if it is worth installing. If so, install that.

6 Replies

  • DavidStewart's avatar
    DavidStewart
    Aspirant
    May 02, 2019

    I had exactly the same issue a couple of weeks ago. It's interesting to see your attack log. How can I find out if the same thing happened to me?

    • test4321's avatar
      test4321
      Aspirant
      May 02, 2019

      The logs are located in:

       

      Advanced->Administration->Logs.

       

      Those logs are very short so you might not know what happened. 

       

      You might want to backup your settings in case it happens again - so it's easier to recover.

       

       

       

      I'm kind of annoyed that this happened. Maybe there is a security hole in software?

       

      The admin password was secure, and device was connected to UPS. 

       

      The current Firmware version is buggy - I had to roll back R7000 in access point mode (second router in the office) to a previous version because it would randomly restart.

      • DavidStewart's avatar
        DavidStewart
        Aspirant
        May 07, 2019

        Something worth mentioning is that my R7000 used to keep re-booting regularly and at random throughout the day. It was absolutely infuriating, and it seems that lots of posters around here have experienced it, though none has come up with a solution to the problem which made a difference. I have.

         

        Over time it occurred to me that the re-booting happened more often during warm weather. I tried putting an ice pack from the freezer on top of the unit, with encouraging results. Now I've stuck a little 40mm fan next to the vent on the side, and the problem has disappeared completely!