Orbi WiFi 7 RBE973
Reply

R8000 problem with security gateway.

caseyf5
Aspirant

R8000 problem with security gateway.

Hello Help Center,

I'm having problems with the (CUJO) security gateway. ARG and Metadata from this gateway are causing continuous MAC changes in my R8000 AC3200 Nighthawk AC3200 Tri-Band WiFi Router which makes the network unstable and almost unusable.  I also have the Netgear R4500 which has the same problem.  I have contacted them and they are not as familiar with this model as they would like and they are doing research into getting this problem fixed.  I am hoping that someone here has the answer / answers so I can assist them in resolving the problem.  Any and all help would be gratefully appreciated.  

Message 1 of 4

Accepted Solutions
TheEther
Guru

Re: R8000 problem with security gateway.

caseyf5,

 

Thanks for clarifying things.  I know what ARP is and how it works.  I did some Googling and according to a few sources, the CUJO box uses aggressive ARP spoofing to intercept traffic from all devices.  It literally uses a textbook Man-In-The-Middle (MITM) attack to operate!  LOL.  Supposedly, the intercepted traffic is inspected and anonymized information is sent back to their servers.  What actual information is sent and what it's used for is unknown.  But if you aren't scared by what you've just read, you should be!

 

Netgear's business-class switches use Dynamic ARP Inspection (DAI) to combat ARP spoofing.  It's possible that the R8000 has DAI, which would explain why it doesn't like the Cujo.  If I were you, I would toss Cujo into the trash!

View solution in original post

Message 4 of 4

All Replies
TheEther
Guru

Re: R8000 problem with security gateway.

Need clarification on a few terms.

 

ARG:  Did you mean ARP?  If not, what does ARG stand for?

 

Metadata: What metadata, specifically, are you referring to?

 

MAC changes: What do you mean by this?  Are you seeing a device change its MAC address?

Message 2 of 4
caseyf5
Aspirant

Re: R8000 problem with security gateway.

Hello TheEther,

 

Thank you for responding so quickly.  Sorry I misspelled ARP as ARG.  My bad typing and even worse proofreading.  Their gateway mode uses ARP to acquire metadata (don't know exactly what metadata) from my network and it looks like my R8000 router doesn't like this one bit. This is why I'm seeing constant MAC changes (ARP deals with MAC address management). Yes the device constantly changes the MAC addresses every few seconds if not at an even faster rate.  The only way to stop this was remove the CUJO security device!  I even tried this with an older Netscape router the R4500 with the exact same result!

Message 3 of 4
TheEther
Guru

Re: R8000 problem with security gateway.

caseyf5,

 

Thanks for clarifying things.  I know what ARP is and how it works.  I did some Googling and according to a few sources, the CUJO box uses aggressive ARP spoofing to intercept traffic from all devices.  It literally uses a textbook Man-In-The-Middle (MITM) attack to operate!  LOL.  Supposedly, the intercepted traffic is inspected and anonymized information is sent back to their servers.  What actual information is sent and what it's used for is unknown.  But if you aren't scared by what you've just read, you should be!

 

Netgear's business-class switches use Dynamic ARP Inspection (DAI) to combat ARP spoofing.  It's possible that the R8000 has DAI, which would explain why it doesn't like the Cujo.  If I were you, I would toss Cujo into the trash!

Message 4 of 4
Top Contributors
Discussion stats
  • 3 replies
  • 3241 views
  • 1 kudo
  • 2 in conversation
Announcements

Orbi WiFi 7