Re: Should I be worried about my C7000v2 modem/router?

---

@mtiede wrote:

 

... I turned off the router portion of the C7000v2. 

 

---

How did you go about that?

Manuals are always a good place to start.

Visit the support pages:

Support | NETGEAR

Feed in your model number and check the documentation for your hardware.

Check the section in the manual Connect Your Modem Router to a Router After Installation and Activation

You may have done that already. I can't tell from your message.

That will also explain how you can access the C7000v2 when you have put it into modem only mode. But there isnlt much that you can do in that mode. You can't control anything useful – that's down to your router – and you certainly can't update the firmware.

In that mode, your router is in charge of your network and should be the defender of your security in the Internet. As a modem, the C7000v2 won't play the key role.

Whether or not this is good enough is down to your level of paranoia. Most owners of cable modems seem to survive. They can't control their firmware either. Only ISPs can do that.

What is the latest firmware version of my NETGEAR cable modem or modem router? | Answer | NETGEAR Su...

How did you go about that?

I downloaded the documentation PDF when I first got the C7000v2 as I do with all my devices.

per the documentation:

Select ADVANCED > Administration > Router Mode.
The Router Mode page displays.
Select the No radio button.
With this setting, the modem router works as a bridge and the router behind it obtains a
WAN IP address from the Internet service provider

Manuals are always a good place to start.

Yes, that is where I started.  FWIW, I've been doing computer stuff since 1966.

Visit the support pages:

Support | NETGEAR

Feed in your model number and check the documentation for your hardware.

Check the section in the manual Connect Your Modem Router to a Router After Installation and Activation

You may have done that already. I can't tell from your message.

As I believe I said, my router was already working with the C7000v2.

That will also explain how you can access the C7000v2 when you have put it into modem only mode. But there isnlt much that you can do in that mode. You can't control anything useful – that's down to your router – and you certainly can't update the firmware.

As I understand it, I can NEVER update the firmware on this device.  By the nature of the C7000v2 that can only be updated by the ISP (who has specifically said they will NEVER do that either.  Thanks Spectrum)

In that mode, your router is in charge of your network and should be the defender of your security in the Internet. As a modem, the C7000v2 won't play the key role.

I know, and yet the 192.168.100.10 is referenced in an event and my Synology router has no VLANs in that range.  It also introduced a GUEST network that used the 192.168.0.x addresses and so I would be unable to access the C7000v2 via 192.168.0.1.  So I am just guessing that the C7000v2 may have introduced some sort of DMZ with that address.  Or something nefarious is going on.

Whether or not this is good enough is down to your level of paranoia. Most owners of cable modems seem to survive. They can't control their firmware either. Only ISPs can do that.

My ISP will not do that.

What is the latest firmware version of my NETGEAR cable modem or modem router? | Answer | NETGEAR Su...

Yes, that is the place that started this whole adventure.  I saw that my C7000v2 was several versions behind.  And I couldn't update it and the ISP won't update it.

Got any other ideas about the origin of a 192.168.110.10 address?

---

@mtiede wrote:

 

Got any other ideas about the origin of a 192.168.110.10 address?

---

What does that mean? The origin of that address is the modem.

You want to access it? (Why?) Disconnect everything from the modem, connect it to a PC and aim the browser at that address.

By origin I mean what device could possible be using that IP?  Why would there be a device with that IP trying to access the DNS server?

Why is the modem doing anything with IPs now?  Shouldn't it just be bridging to my router and the ROUTER assigns IPs to devices?  My router has no vlan that is 192.168.100.x.  So it should not be assigning that IP to any device.  And yet there was traffic that generated a "Threat Prevention" event and caught by  the router.

I don't want to access it.  I want to know why it exists.

The only thing connected to the modem is the router.  And a pc connected to my router can not access 192.168.100.x.  That network does not exist for the router.

If the modem is only being used as a bridge, is it getting dns information?  Why?

IF you got a new different router, the C7000 should be put in to modem only mode.

---

@mtiede wrote:

I wanted to have Spectrum update the modem/router.  (I think previously Time Warner did at least one update)

 

But now Spectrum (who acquired Time Warner) just says, "We don't update customer equipment".  And *I* can't update it.

 

So I bought a separate router (Synology RT6600ax) and I turned off the router portion of the C7000v2.  Things are working, but I have some concerns.  In particular (although I've been using this combination for several months now), I just got a "Threat Prevention" event detected Source IP 192.168.100.10 communicating to the Target IP 8.8.8.8 and saw signature "ET INFO DYNAMIC_DNS Query to a *.dyndns .org Domain ".

 

192.168.100.x is not my router's IP range.  I can't ping 192.168.100.x from inside my lan.  Where is this coming from?  Has some sort of DMZ been set up?  Is there something in the modem side of the C7000v2 that might be hacked?  How could the router even seen something from 192.168.100.x if none of the vlans are using that range?

 

I don't even know how to communicate to the modem now without doing a factory reset.

 

Should I replace this modem?  Any good suggestions for a new modem that would still let me continue to use the router?

---

As I explained above, yes, I put the C7000v2 in modem only mode.  I'm trying to figure out what caused traffic from 192.168.100.10 that is not in the address range used by the router.

Also, if there some inherent weakness in using the C7000v2 modem (such as not being able to update the firmware), what standalone modem would be recommended and work with Spectrum.

---

@mtiede wrote:

... what standalone modem would be recommended and work with Spectrum.

---

Ask Spectrum.

It is in the best position to know which modems work in its network.

Spectrum has the C7000v2 on their list.  But if it has some problem, I want a different one.  I was hoping someone with experience could recommend the best one versus picking one from the dozens that Spectrum says are compatible.

Here's the list for 400mbps:

• Arris SB6183
• Arris SB6190
• Arris SBG10
• Arris SBG6950AC2
• Arris SBG7400AC2
• Arris SBG7580
• Arris SBG7580-AC
• Arris SBG7600AC2
• ASUS CM-32
• ASUS CM-32_AC2600
• Linksys CG7500
• Linksys CM3016
• Linksys CM3024
• Motorola MB7621
• Motorola MG7700
• Netgear C6230
• Netgear C6300
• Netgear C6300v2
• Netgear C6900
• Netgear C7000
• Netgear C7000v2
• Netgear C7500
• Netgear Cable Orbi CBR40 or CBK40
• Netgear CM500-100NAS
• Netgear CM600
• Netgear CM700
• Netgear CM1000
• TP-Link CR1900

Only IP address that would be accessible is 192.168.100.1 thats the modems IP address for accessing that side of the units web page and when in modem model as well. Nothing else would be coming from the modem in modem mode. 

---

@mtiede wrote:

As I explained above, yes, I put the C7000v2 in modem only mode.  I'm trying to figure out what caused traffic from 192.168.100.10 that is not in the address range used by the router.

---

---

@FURRYe38 wrote:

Only IP address that would be accessible is 192.168.100.1 thats the modems IP address for accessing that side of the units web page and when in modem model as well. Nothing else would be coming from the modem in modem mode. 

---

---

That was my guess.

I didn't step in because I read the manual, which was misleading! (I suspect that @mtiede did the same thing.) There I read:

"When your modem router is in bridge mode, use http://192.168.0.1 to
log in to your modem router."

It is only by reading earlier messages here, that I knew that the manual can be misleading. And not for the first time.

That address is, of course, the IP address of the device in modem/router mode.

Manuals for some another cable modem/router does list "http://192.168.100.1".

"Nothing else would be coming from the modem in modem mode."

And yet, Threat Prevention sees traffic from 192.168.100.10 to 8.8.8.8.  Which is what caused me to come here to ask about it in the first place.

I still have no clue what is going on there.  UNLESS, something has managed to wedge its way onto the modem and is trying to do things there.

I also don't understand if it IS something on the modem, how was the router able to see it?  Unless maybe ALL traffic goes through the router, even it started on the modem.

Or is maybe something in my network spoofing a 192.168.100.10 address somehow.

I tried to go to 192.168.100.1 today.  I see that my new router blocked that access of that address.

"ET POLICY Reserved Internal IP Traffic"

So I allowed it, and I was able to login to the old Netgear modem/router.

I see the modem is active and the wifi is turned off.

And I can see how to turn it back into modem/router mode if I wanted to do that.

And since I see that the new router saw the traffic where I logged into the old modem/router, I'm back to the original question again.  Why was the modem apparently trying to get DNS information using the 192.168.100.10 address?  Why would it get DNS information at all?

I happened to get another Surface Pro 9 and tried the same install steps I did with the first one.  This time I did not get the 192.168.100.10 attempted access. So I'm back to not knowing why apparently the disabled router was trying to get dns information.