- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Modem Router DDOS Vulnerability - help change settings
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Every day I get an email from my ISP warning that our internet service has been compromised and vulnerable to a DDOS attack. This happens even when we have had no devices attached to our home wifi. I've called my ISP several times and they have suggested that the problem lies with the settings within the router or perhaps in one of its settings. I've checked in my router logs and have seen nothing suspicious at all.
After reading lots of forums etc on the internet, I've changed my LAN IP address range, turned off the guest network and altered my router admin password. I don't know what else I can do to stop the daily emails and it is driving me crazy. Netgear won't give me any phone support as I bought the router in August 2016 so am past the 90 day free phone support, but the emails from my ISP only started in December.
I only have a couple of iPhones and Macbooks connected to the router. These have all been updated to latest operating systems and all updates applied. I've also updated the router firmware to V1.0.0.61_1.0.1 and frequently check for more updates but nothing new has shown up. I don't know what else to do.
The exact wording in my daily emails is:
We recently received an AISI report from the ACMA indicating that a
computer connected to your SkyMesh broadband service has been
compromised and might be infected with malicious software. The
following details were provided to us:
IP Address: (It lists the IP address assigned to us my our service provider)
Date: 2017-01-23 04:04:06 UTC (GMT+0)
Type: Vulnerable Service: DDoS Amplifier (DNS)
As a matter of urgency, please check all of your computers for malicious
software and disinfect any that have been compromised and infected.
I would be extremely grateful if anyone could help me fix the issue. It is really stressing me out. I'm to the point of chucking the D6000 router out and going and buying a cheaper (and maybe more stable) one. It was quite expensive and I bought it on recommendation from the guy in the shop who said it was really good quality.
Many thanks in advance.
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had the same problem is started with my ISP blocking my internet access when my modem failed there vulnerability test. Netgear support did help and the problem was recently solved by upgrading firmware to V1.0.0.64_1.0.1. I hope this works for you.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WNDR3700v2 Router Vulnerability
Hello pjudle_roany
If your not seeing anything in the logs of the D6000 then it could be some other device on the network sending these attacks out. Does the email not indicate what type of device maybe doing this?
DarrenM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WNDR3700v2 Router Vulnerability
Hi Darren,
Thanks for your reply.
The ISP says that they can't see inside the home network to any of the individual devices so can't even tell me if it is an iphone or a macbook that they are complaining about. But I've run malwarebytes on the Macbooks, and MobiShield on the iPhones and they have all come up clear.
Besides, I took all our devices off the internet 5 days ago, and have not used any wifi since 28th Jan. I got another email from my ISP today to say that the problem is still there, so I guess it must be the router itself. There doesn't seem to be any other explanation.
I'm thinking of taking the router back to where I bought it today and asking for a refund, or maybe exchanging for another brand. I only bought it last August (can't believe Netgear only give 90 days phone support!), so surely the shop will come to the party. It has all been such a waste of time and energy.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Modem Router DDOS Vulnerability - help change settings
I have this issue. My ISP, Skymesh, is obligated to forward emails from ACMA stating that my router is prone to being exploited in DDoS attacks. Exact email message:
SkyMesh participates in the Australian Internet Security Initiative (AISI) which is a service provided by the Australian Communications and Media Authority (ACMA) to assist in reducing spam and to improve the security level of the Australian Internet. We recently received an AISI report from the ACMA indicating that a computer connected to your SkyMesh broadband service has been compromised and might be infected with malicious software. The following details were provided to us: IP Address: ***.***.***.** Date: 2017-07-13 00:48:15 UTC (GMT+0) Type: Vulnerable Service: DDoS Amplifier (DNS)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Modem Router DDOS Vulnerability - help change settings
Using http://openresolver.com/ I get the result:
Open recursive resolver detected on ***.***.***.** IP address ***.***.***.** is vulnerable to DNS Amplification attacks.
I once contacted my ISP about this, and they told me to contact at you but that they'd never disable my service because of this issue.
Please help Netgear.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Modem Router DDOS Vulnerability - help change settings
Is ***.***.***.** the IP address assigned to your Netgear modem router? If yes, then it's a bad sign that http://openresolver.com/ has reported it vulnerable. Your modem router be used to launch DDoS attacks. Worse, if you have a data cap on your service, the attacks will count against it. It's the ultimate double whammy.
There have been other reports that some of Netgear's modem router have this DNS vulnerability but they were never substantiated. This is the closest thing to a smoking gun. You can further test this by running the following command from a Windows, Linux or Mac from outside your home network.
nslookup google.com ***.***.***.**
If this command succeeds, then the modem router is improperly responding to DNS queries from the Internet. 😞
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Modem Router DDOS Vulnerability - help change settings
Hi Jeckyll,
I was also with Skymesh and getting the same emails as you. The Skymesh help person told me that if I ignored their emails that they WOULD eventually suspend my account. I couldn't get any real help from anyone.
In the end, I threw the Netgear router out, and bought another brand. The Skymesh emails stopped immediately, and I haven't had any problems since.
Was an expensive fix, but worth it to stop the stress and anxiety that the Skymesh emails were giving me.
Good luck with it. Hope you have better luck than me, but if all else fails, I can recommend chucking your Netgear router away and starting again.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had the same problem is started with my ISP blocking my internet access when my modem failed there vulnerability test. Netgear support did help and the problem was recently solved by upgrading firmware to V1.0.0.64_1.0.1. I hope this works for you.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Modem Router DDOS Vulnerability - help change settings
I'm on firmware V1.0.0.61_1.0.1 - I am still experiencing this issue, so I can't call this post a 'solution'.
What was your router model?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Modem Router DDOS Vulnerability - help change settings
Hi Jeckyll
My modem Netgear D6000-AUS I loaded firmware version V1.0.0.64_1.0.1. to resolve the vulnerability problem.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Modem Router DDOS Vulnerability - help change settings
Oh, stupid mistake sorry, I see I upgraded to V1.0.0.61_1.0.1, not V1.0.0.64_1.0.1
Thanks for pointing this out!
Sadly I can't find a download for this firmware version either automatically via the router UI, nor from netgear's download centre. Latest version appears to be V1.0.0.64_1.0.1
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Modem Router DDOS Vulnerability - help change settings
The downloads for the D6000 are here. Unless the D6000-AUS is something special, provided by your ISP, this is probably the place to find firmware.
>>>>> D3600 | Product | Support | NETGEAR <<<<<
The D3600 and D6000 seem to be the same thing.
That shows that you have the latest firmware.
Where did you read about V1.0.0.64?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Modem Router DDOS Vulnerability - help change settings
Hi Michael
This version info was copied directly from my D6000 modem router configuration page
and pasted here:-
Router Firmware Version
V1.0.0.64_1.0.1
The modem updated and installed the firmware during configuration, I did not download it first, so I don't know where it came from. I have looked for the firmware version V1.0.0.64_1.0.1 at netgear.com but could not find it.
Your question regarding D3600 and D6000 modem routers I don't know if they are the same
I think the D6000-AUS is packaged for Australia I don't know if there are any internal modifications or it just comes with sockets and plug packs to suit Australia.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Modem Router DDOS Vulnerability - help change settings
Hi Michael
I have found another thread that refers to V1.0.0.64_1.0.1 and D3600 it looks like some users are having problems after installing this firmware version. This version solved the vulnerability problem for me but I might loose my router configuration if I reboot the router. If you do a search using "V1.0.0.64_1.0.1" you might get an answer to your question.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Modem Router DDOS Vulnerability - help change settings
@adee56 wrote:
If you do a search using "V1.0.0.64_1.0.1" you might get an answer to your question.
Happy to look at any link you can provide.
After all, you have been there before. You already know what my search found.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Modem Router DDOS Vulnerability - help change settings
Hi Michael
Here is the link:- https://www.netgear.com/search-netgear.aspx?q=V1.0.0.64_1.0.1
The tread is discussing D3600 & firmware V1.0.0.64_1.0.1
Hopefully someone in that thread will be able to help you locate the latest firmware.
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more