Orbi WiFi 7 RBE973
Reply

Re: Netgear Armor threat messages that tell me nothing

wfletchb99
Star

Netgear Armor threat messages that tell me nothing

Have been getting this message frequently over the last several months, sometimes multiple times per day.

 

Titled "RBR750 Threat" it says:

"We have detected and blocked a threat on RBR750.  Your device is protected and safe.  To learn more about this threat, please connect RBR750 to your Netgear router." (I added the emphasis).

 

My only installed router is my RBR750.  So, the last sentence in that warning tells me to connect my RBR750 to itself to learn more.  I can't find any other info about this warning in the app or in the router interface.   Any suggestions?

 

Note that I tried contacting support and they were even less helpful than the message...though their method was eerily similar; Orbi support would transfer me to Armor support who wanted to transfer me back to Orbi support.  I finally gave up on them.

 

Screenshot_20220131-213546_Orbi (1).jpg

Message 1 of 5
FURRYe38
Guru

Re: Netgear Armor threat messages that tell me nothing

What devices do you all have connected to the Orbi system? 

 

What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

Message 2 of 5
CrimpOn
Guru

Re: Netgear Armor threat messages that tell me nothing


@wfletchb99 wrote:

Note that I tried contacting support and they were even less helpful than the message...though their method was eerily similar; Orbi support would transfer me to Armor support who wanted to transfer me back to Orbi support.  I finally gave up on them.


Well, thank goodness you're not paying money for this feature........... oh, right. You are.

 

What I want to see is a flood of forum posts remarking on all the times Armor has prevented horrible things from happening and how glad customers are that they bought in.

Message 3 of 5
wfletchb99
Star

Re: Netgear Armor threat messages that tell me nothing

@FURRYe38 :

 

In terms of devices, there are a bunch and my setup is not entirely straightforward.  The modem is a Pace 5268AC (yes I do realize it's also a router).  The router functionality of the Pace device has been disabled as much as feasible (can't be totally eliminated) with only a single incoming IP address active and wifi disabled. I use Pi-Hole for DNS.  I've been using this setup for about 4 years with the only change being that I replaced an R7000 with the RBR750 and single RBS750 satellite early last year.

 

I recently updated my wifi password and made a list of connected devices that totaled 42.  We have four smart TV's, two Xbox consoles, 2 laptops, a desktop, 2 Android smart phones, 5 tablets (Apple and Android), Chromecast, Fire TV sticks, security system, smart outlets, and several exterior and interior cameras.  Not all of these are constantly active, but as of this moment there are 31 devices attached to the network.

 

The RBR750 and RBS750 are running firmware 4.6.5.14, but the Armor messages started appearing with prior firmware.  I believe it basically started happening about the time the DDOS reporting feature was added to Armor.

 

My thinking is that the "threat" could be originating with the Pace device since it is the point on contact with the outside world, but I cannot tell. I do admit that the "router" in the message could mean the Pace device even if it is essentially acting as a Fiber modem.  Even if it is what Armor is referring to as "your router," it is directly connected to the RBR750, so the threat message still does not inform.

 

After spending time on the phone multiple times with support in prior months, I just stopped trying to figure it out until today.  Aside from the threat messages, there is no issue with performance or connectivity with any device on the network or any evidence that anything is compromised.  I'm not worried that there is a looming disaster with this, just trying to find what Armor is detecting and, if it's something harmless that I can fix (e.g. software pinging for updates), I would.  Of course, if it's Vlad trying to get in, I'd like to address that, too.

 

Thanks,

 

Will

 

Message 4 of 5
wfletchb99
Star

Re: Netgear Armor threat messages that tell me nothing

@CrimpOn :

 

Yeah, I have to admit to being frustrated and confused about the layers of support for my issue. Me having both an Armor subscription and an Orbi service plan, the support folks just couldn't seem to decide who owned the hot potato.  My characterization is a little unfair in that they did listen and appeared to want me to get help.  It seemed that either they didn't know how to help me or felt the other team would have the answer.  Either way, in the end I just didn't believe I'd get any resolution from them...either "them."

 

As for Armor, I'm not in any way disappointed that it's looking out for me.  I just wish it could tell me what it's finding in more detail.  It's kind of like coming home to find police crime tape around my house and the police saying that everything is OK.  It's not that I don't trust the police in this example, but I'd just like to know whether someone died or if it's just the neighbor's cat stuck in a tree. 

 

My network is a little convoluted (see my response to @FURRYe38 ), so I'm not blaming Bitdefender/Armor or Netgear that I'm gettting a message, just that the message is not informative enough to act on.

 

Will

Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 2003 views
  • 1 kudo
  • 3 in conversation
Announcements

Orbi 770 Series