NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

caseyf5's avatar
caseyf5
Aspirant
Mar 12, 2016
Solved

R8000 problem with security gateway.

Hello Help Center, I'm having problems with the (CUJO) security gateway. ARG and Metadata from this gateway are causing continuous MAC changes in my R8000 AC3200 Nighthawk AC3200 Tri-Band WiFi Route...
Arg
Hardware
metadata
R4500
R8000
Security
Troubleshooting
unusable network
  • TheEther's avatar
    TheEther
    Mar 13, 2016

    caseyf5,

     

    Thanks for clarifying things.  I know what ARP is and how it works.  I did some Googling and according to a few sources, the CUJO box uses aggressive ARP spoofing to intercept traffic from all devices.  It literally uses a textbook Man-In-The-Middle (MITM) attack to operate!  LOL.  Supposedly, the intercepted traffic is inspected and anonymized information is sent back to their servers.  What actual information is sent and what it's used for is unknown.  But if you aren't scared by what you've just read, you should be!

     

    Netgear's business-class switches use Dynamic ARP Inspection (DAI) to combat ARP spoofing.  It's possible that the R8000 has DAI, which would explain why it doesn't like the Cujo.  If I were you, I would toss Cujo into the trash!

TheEther's avatar
TheEther
Guru
Mar 12, 2016

Need clarification on a few terms.

 

ARG:  Did you mean ARP?  If not, what does ARG stand for?

 

Metadata: What metadata, specifically, are you referring to?

 

MAC changes: What do you mean by this?  Are you seeing a device change its MAC address?

  • caseyf5's avatar
    caseyf5
    Aspirant
    Mar 12, 2016

    Hello TheEther,

     

    Thank you for responding so quickly.  Sorry I misspelled ARP as ARG.  My bad typing and even worse proofreading.  Their gateway mode uses ARP to acquire metadata (don't know exactly what metadata) from my network and it looks like my R8000 router doesn't like this one bit. This is why I'm seeing constant MAC changes (ARP deals with MAC address management). Yes the device constantly changes the MAC addresses every few seconds if not at an even faster rate.  The only way to stop this was remove the CUJO security device!  I even tried this with an older Netscape router the R4500 with the exact same result!

    • TheEther's avatar
      TheEther
      Guru
      Mar 13, 2016

      caseyf5,

       

      Thanks for clarifying things.  I know what ARP is and how it works.  I did some Googling and according to a few sources, the CUJO box uses aggressive ARP spoofing to intercept traffic from all devices.  It literally uses a textbook Man-In-The-Middle (MITM) attack to operate!  LOL.  Supposedly, the intercepted traffic is inspected and anonymized information is sent back to their servers.  What actual information is sent and what it's used for is unknown.  But if you aren't scared by what you've just read, you should be!

       

      Netgear's business-class switches use Dynamic ARP Inspection (DAI) to combat ARP spoofing.  It's possible that the R8000 has DAI, which would explain why it doesn't like the Cujo.  If I were you, I would toss Cujo into the trash!