Reply

Woke up to weird sound. Fragile, DDOS attack and remote access all in my AX6000 router log.

Devilstrider
Aspirant

Woke up to weird sound. Fragile, DDOS attack and remote access all in my AX6000 router log.

So I picked up an RX80 used and I'm getting a lot of DDOS scans, access from remote and a little fragile. I had an R7000 previously that I also have connected to in the back area of the house. So I completely factory reset the RX80 when I got it and updated the firmware. I've also done this multiple times since I've had it because my connection would tank. So I started looking up some of these IPs and some were from Digital Ocean ISP in India, one was from an ISP Tele Asia Limited in Lithuania, VolumeDrive in Kansas US. So I tried multiple techniques to fix the problem and it just kept happening. No matter what I did this would always happen.

 

Well I was sleep on the couch today and something weirded woke me up. I thought it was my kids laptop but I don't think that was it. His headphones was still plugged in so it shouldn't have been that loud. I woke up to just the sound of noise, like room noise. When I sat up it stopped but the I heard like the windows sound of when you hit the wrong key. His laptop was right beside me the whole night closed and they were sleep. But there is an amazon echo show here that I used to video chat from time to time. That was right in front of me as well. These type of sounds are not something I would dream about and I was awake when I heard the windows sound. 

 

I've never had these issues with the R7000. So I took down the RX80 and put the R7000 back up and I have none of these issue anymore. All the same equipment are on the network. I scanned computer for malware and stuff to find nothing. Something tells me that router has been tampered with.

Model: RAX80|Nighthawk AX8 8-Stream WiFi Router
Message 1 of 11
Devilstrider
Aspirant

Re: Woke up to weird sound. Fragile, DDOS attack and remote access all in my AX6000 router log.

Update. Back on the R7000 and not one of those items in the logs 

Message 2 of 11
Christian_R
NETGEAR Employee Retired

Re: Woke up to weird sound. Fragile, DDOS attack and remote access all in my AX6000 router log.

Hello Devilstrider,

 

If you recently purchased the device I would recommend contacting our support team as newly purchased devices are provided with 90 days of complimentary support. You may open a ticket by registering your device using the link below. 

 

https://www.netgear.com/support/contact.aspx

 

Christian 

Message 3 of 11
antinode
Guru

Re: Woke up to weird sound. Fragile, DDOS attack and remote access all in my AX6000 router log.

> [...] I picked up an RX80 used [...]

 

> [...] newly purchased devices are provided with 90 days of
> complimentary support. [...]

 

   What's wrong with this picture?

 

   Back in 2015, when I was trying to get an explanation for why a
DGND3700v2 didn't work as the pre-sales agent claimed that it would, I
got someone to open a support case, but was instructed to supply a proof
of purchase.  I told the agent that it was a used/Ebay item, but was
again instructed to supply a proof of purchase.  So I did.  I was then
informed that this item "is not eligible for warranty coverage".
Imagine my amazement.  This kind of attention to detail can waste
considerable time.

Message 4 of 11
Devilstrider
Aspirant

Re: Woke up to weird sound. Fragile, DDOS attack and remote access all in my AX6000 router log.

Exactly. That's why I didn't even respond to it.
Message 5 of 11
Razor512
Virtuoso

Re: Woke up to weird sound. Fragile, DDOS attack and remote access all in my AX6000 router log.

Newer routers will flassify more types of traffic detected. Pretty much all of the DOS related stuff can be ignored unless you see the log being flooded rapidly and internet traffic performing worse than dialup.

 

Due to how many infected systems are out there, as well as how many bot networks are out there, they are constantly checking through every IP address in an endless loop. A common term to refer to it is internet background radiation. It is simply unwanted traffic that everyone receives because out of billions of people on earth, there are still a few million that believe a browser toolbar will give them free movies, or some app will "fix" their registry or update their drivers or boost performance.

 

Older routers will not add traffic to a log that the firmware never contined thhe code needed to identify the traffic.

 

Beyond that there are still systems online running windows XP and even windows 98 that are infected, and still trying to spread Nimda

Message 6 of 11
Devilstrider
Aspirant

Re: Woke up to weird sound. Fragile, DDOS attack and remote access all in my AX6000 router log.

I just don't like how the connection drops or gets extremely slow. Doesn't happen at all on the R7000.
Message 7 of 11
Razor512
Virtuoso

Re: Woke up to weird sound. Fragile, DDOS attack and remote access all in my AX6000 router log.

As for any strange noises, the router would not make any beyond probably slight noises from inductors and other coils when sending data to multiple WiFi clients.

 

Alexa enabled devices can sometimes make noises if they encounter anything similar to the wake word, or even random combinations of noise. Since Alexa doesn't constantly transmit audio to a remote server for processing when it comes to basic commands, instead it uses a special tyle of frequency pattern recognition where it will respond to its name, but also various other sounds, including super high pitched noise. The reason is that it is not truly listening to the words, instead it is analyzing an FFT. It is also why ads can say the wake words without triggering it, by simply processing the audio with a notch filter somewhere in the 3000-6000Hz range depending on the voice saying the wake word. It distrupts the pattern enough to make it not recognize it as a wake word. Though strange things can activate the wake word. For example, if I place my alexa device too close to the HVAC system and the air conditioning comes on while during the startup sequence the hot water heater also comes on which triggers the draft inducer fan to come on, it will make the echo device think the wake word was said, even though it sounds 100% nothing like the wake word.

 

Message 8 of 11
Devilstrider
Aspirant

Re: Woke up to weird sound. Fragile, DDOS attack and remote access all in my AX6000 router log.

That's very interesting. I never thought of that
Message 9 of 11
Razor512
Virtuoso

Re: Woke up to weird sound. Fragile, DDOS attack and remote access all in my AX6000 router log.

For slowdowns, that needs to be investigated, for example, when it happens, is it slow for wired devices as well as wireless?

 

Usuallly it is impossible for a router to do much about DOS attack, since the purpose of one is not to attack the router itself (with the exception of extremely rare cases such as devices with remote access enabled and unsecured), but instead to saturate the last mile of your WAN connection, and fill any buffers as rapidly as possible so all legit traffic gets dropped. For example, a user has a 100mbit connection, but they are hit with a DDOS at 10+Gbps, only 100Mbps of junk will make it through the last mile, but somewhere within the ISPs network, the excess traffic will start getting dropped as buffers filll, and the user's connection becomes useless during the attack. It is uncommon for it to ever happen to a home user, with the exception of some toxic gaming communities where if they can ge ta hold of someone's WAN IP they may do a DOS attack during a match, or if they find that the user is on comcast or some other ISP with a data cap, they will do a DOS attack over night as a way of burning through their data cap since ISPs like comcast and many other capped ones log traffic based on what is directed towards your WAN IP regardless of what reaches you, thus someone can have a 200mbit connection, but a 10Gbps DOS attack will eat through their cap at 10Gbps even though only a tiny fraction of that data will actually reach the user.

 

Overall for home users, that is about as bas as a DOS attack will get.

Message 10 of 11
Devilstrider
Aspirant

Re: Woke up to weird sound. Fragile, DDOS attack and remote access all in my AX6000 router log.

I'm going shelf the router or trash it. Won't be buying another Netgear product after reading about how terrible they've become. Everyone is having issues with this thing
Message 11 of 11
Top Contributors
Discussion stats
  • 10 replies
  • 1029 views
  • 1 kudo
  • 4 in conversation
Announcements

Orbi WiFi 6E