NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

thisiskav's avatar
thisiskav
Aspirant
Sep 26, 2025

Protection Engine and Stealth ports

Hello,

 

Recently, I purchased a Nighthawk RS100 Router. After configuring it, I tested my setup using Shields Up .  All my ports reported as Stealth and the router log was clean of anything serious.

 

This week I repeated the test and noticed many of my ports are no longer Stealth, but Closed!  What's strange is that which ports are Closed or Stealth seems to change randomly every time I rerun the Shields Up test :

Green = Port is Stealth . Blue = Port is Closed


At the same time, my router's log now shows many entries of ports being scanned.  I looked up the IPs scanning my ports and they're from around the world :

[DoS Attack: RST Scan] from source: 160.30.156.213, port 3389, Thursday, September 25, 2025 08:57:14
[DoS Attack: SYN/ACK Scan] from source: 160.30.156.213, port 3389, Thursday, September 25, 2025 08:57:02

 

Thanks to this forum, I've learned that disabling the Protection Engine will return my ports from Closed to Stealth. Side note, I suspect the Protection Engine is adaptive based on the changing test results over time.

 

Anyway, I'd really prefer to return my ports to Stealth without disabling the Protection Engine.  Has anybody discovered a method for keeping the ports Stealth while simultaneously keeping the Protection Engine enabled?

 

Model: Nighthawk RS100

FW: V1.1.5.12.

 

Thank you!

rs100

3 Replies

  • thisiskav's avatar
    thisiskav
    Aspirant
    Sep 26, 2025

    Thank you kindly for your replies!

     

    I agree with you, CrmipOn, Stealth is the way to go!

    My plan is to disable to PE for the time being and repeat the test after each release of the router firmware.

  • FURRYe38's avatar
    FURRYe38
    Guru - Experienced User
    Sep 26, 2025

    You'll need to either keep PE disabled if you want all stealth ports to be seen otherwise leave it as is. Something we've already passed on to NG for review. No idea IF or when they will make adjustments. All up to them. Nothing else we can do. 

     

     

  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User
    Sep 26, 2025

    My sense is that these are incompatible goals:

    • Not responding to connection requests (stealth) is a method to prevent attacks.  However,
    • Netgear's Protection Engine cannot analyze internet activities unless it acknowledges connection requests.

    Your choice as to which offers a better environment.

     

    Personally, stealth is the "way to go".  i.e. "nothing to see here.  go look somewhere else."