Orbi WiFi 7 RBE973
Reply

Brute force password attack originating from RBR50

mschmid4
Aspirant

Brute force password attack originating from RBR50

I run a FreeNAS server on my home network and it alerted me that overnight there were over 800 ssh failed login attempts in a matter of a few seconds. Reviewing the logs it was clearly a brute force attack because the usernames being attempted were the obvious ones like root, admin, blank, etc. The source IP was my RBR50 at 192.168.1.1. I have no ports open to the public internet (even after a scan from https://www.whatismyip.com/port-scanner/), so I have no idea how this traffic was coming in. 

 

Regardless of how it got in, I feel like armor/bitdefender advertise that it protects against brute force attacks. Am I incorrect about this and should Armor have stopped this and notified me? 

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 1 of 3

Accepted Solutions
rinthos
Luminary

Re: Brute force password attack originating from RBR50

If you have Netgear Armor enabled, you're likely to see something like this occur once per week around the same time.  This is one of the features of Armor, vulnerability scanning.

 

So if your freeNAS box reported the Orbi, it's likely what's going on.

---


@mschmid4 wrote:

I run a FreeNAS server on my home network and it alerted me that overnight there were over 800 ssh failed login attempts in a matter of a few seconds. Reviewing the logs it was clearly a brute force attack because the usernames being attempted were the obvious ones like root, admin, blank, etc. The source IP was my RBR50 at 192.168.1.1. I have no ports open to the public internet (even after a scan from https://www.whatismyip.com/port-scanner/), so I have no idea how this traffic was coming in. 

 

Regardless of how it got in, I feel like armor/bitdefender advertise that it protects against brute force attacks. Am I incorrect about this and should Armor have stopped this and notified me? 


 

View solution in original post

Message 2 of 3

All Replies
rinthos
Luminary

Re: Brute force password attack originating from RBR50

If you have Netgear Armor enabled, you're likely to see something like this occur once per week around the same time.  This is one of the features of Armor, vulnerability scanning.

 

So if your freeNAS box reported the Orbi, it's likely what's going on.

---


@mschmid4 wrote:

I run a FreeNAS server on my home network and it alerted me that overnight there were over 800 ssh failed login attempts in a matter of a few seconds. Reviewing the logs it was clearly a brute force attack because the usernames being attempted were the obvious ones like root, admin, blank, etc. The source IP was my RBR50 at 192.168.1.1. I have no ports open to the public internet (even after a scan from https://www.whatismyip.com/port-scanner/), so I have no idea how this traffic was coming in. 

 

Regardless of how it got in, I feel like armor/bitdefender advertise that it protects against brute force attacks. Am I incorrect about this and should Armor have stopped this and notified me? 


 

Message 2 of 3
mschmid4
Aspirant

Re: Brute force password attack originating from RBR50

That is exactly what happened, thank you so much for the response. And I am no longer concerned about how someone got into my network, I have been changing all my passwords and hardening everything up!

Message 3 of 3
Top Contributors
Discussion stats
  • 2 replies
  • 2943 views
  • 1 kudo
  • 2 in conversation
Announcements

Orbi WiFi 7