Two security questions about suspicious behavior with cable modem/router

Person1 · ‎2016-09-13

Hi, I have two separate questions:

1) I got a new Nighthawk C7000 Cable Modem Router and set it all up and then mysteriously a few days later I notice under the "Attached Devices" screen there is listed a "ReadySHARE (Internal server)" with it's own unique IP address and MAC address. This device attached itself to my Nighthawk even though I had already previously set up the Access Control to "Block all new devices from connecting". So can this be explained? What is this server doing and why did it mysteriously become enabled on my system after several days of operation in which it was not attached?

2) I set up my Nighthawk with my ISP and during the activation phone call with the technician I noticed in the logs this entry:

"SW Download INIT - Via Config file

d11_m_c7000100nas_walledgarden_c01.cm"

Then, after my Nighthawk rebooted, that log entry just simply vanished! Thankfully I made a screenshot of the log entry so it's been recorded. So, isn't the point of a log to actually keep a log of activity and not for an entry to just simply mysteriously disappear after some unexplained software has been downloaded to my Nighthawk?

Person1 · ‎2016-09-13

I am curious to know if any of the forum administrators can explain to me why it is that my Nighthawk registered a [DoS attack: TCP- or UDP-based Port Scan] at 12:20 PST today, less than 4 hours after my original post. Should I not have come to the official Netgear community forums with my real IP? Did I need to fire up TOR or a VPN just to come here?

Seriously, it is extremely rare for me to register a Port Scan hit and I belong to many different forums and communities where I expose my real IP. I really don't think it is a coincidence that less than 4 hours after making the original post my Nighthawk registers a Port Scan. I'm not going to tell you the IP that it came from (although I'm pretty sure whoever did it probably wasn't using their real IP) but I will say at least that the Port Scan originated from the Seychelles which is in Africa.

Any of the forum moderators from the Seychelles? In any case, do you care to let me know the results of your Port Scan against me hm?

DarrenM · ‎2016-09-19

Hello Person1

No moderator would be doing port scans on your Ip. As for the Readyshare do you have any USB drives or printers hooked up to your modem?

DarrenM

Person1 · ‎2016-09-19

Okay thanks for responding. I guess it's just a real coincidence then (about the IP scan). I'm willing to ignore that. The answer to what you asked is: No I don't have any USB drives or printers hooked up to my modem at all. Not ever. About the other point I raised, do you have any feedback regarding the "SW download" to my modem and the subsequent disappearance of the log entry that recorded it?

DarrenM · ‎2016-09-23

Hello Person1

The only thing I could thing of with the download is the ISP was pushing some type of update to the modem to update the bootfile or the firmware.

DarrenM

Two security questions about suspicious behavior with cable modem/router

Two security questions about suspicious behavior with cable modem/router

Re: Two security questions about suspicious behavior with cable modem/router

Re: Two security questions about suspicious behavior with cable modem/router

Re: Two security questions about suspicious behavior with cable modem/router

Re: Two security questions about suspicious behavior with cable modem/router