× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973

Re: RAXE500 no longer get attack warnings

GChuck
Aspirant

RAXE500 no longer get attack warnings

I've never been so unhappy after purchasing a router as I have been with this RAXE500.  But I'll have to live with it now that I've spent the $600 to get it!

 

Yesterday I upgraded the firmware from V1.0.11.94 to V1.2.13.100.  Prior to the upgrade, I kept seeing numerous "attacks" on my network.  After the upgrade, no more attacks show up in my logs.  So either router is lying or the Internet has suddenly become a much nicer and kinder place?  Has anybody  else seen this problem with this release.

 

In addition to the above problem, prior to the firmware upgrade, devices that connected on the 6G network showed their "Connection Type" as "6G Wireless" but now they show up as just a "-".  The 5G and 2.4G devices still show up as their respective types.

 

Can I roll back this firmware version to either my previous version or to V1.2.12.96 without losing all my settings?

 

I now want to comment on Netgear's useless, underpowered app that they continue to hype as the end-all and be-all of router configuration.  It is just plain crap and shoulld be avoided at all costs.  Lastly, for the amount that I paid for this router, you would think that security would be built in instead of having to purchase it on a yearly subscription model.  If I could get my money back on this device,  I would do so in a heartbeat.

 

GChuck

 

 

Message 1 of 21

Accepted Solutions
Killhippie
Prodigy

Re: RAXE500 no longer get attack warnings

@michaelkenward Netgear have changed the attack logging so I apologise as I was surprised its so different, but it is the way its meant to be now on The RAXE500 as you guessed.

 I was given this reply via Netgear. "Engineering comments: Understood and we changed the DoS attack determination rules since there are a lot of false alarms in previous version. It’s the enhancement in v1.2.13.100.
I don’t think it is an issue."

Also there is a trial version to cure option 60-61 missing but users with that issue would need to contact Netgear.

View solution in original post

Message 20 of 21

All Replies

Re: RAXE500 no longer get attack warnings



@GChuck wrote:

Yesterday I upgraded the firmware from V1.0.11.94 to V1.2.13.100.  Prior to the upgrade, I kept seeing numerous "attacks" on my network.  After the upgrade, no more attacks show up in my logs.  So either router is lying or the Internet has suddenly become a much nicer and kinder place?  Has anybody  else seen this problem with this release.


If you mean DosAttacks, perhaps your experience is a sign of progress and that Netgear is finally getting its act together.

 

Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.

 

Search - NETGEAR Communities – DoS attacks

 

Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.

 

Here is a useful tool for that task:

 

IPNetInfo: Retrieve IP Address Information from WHOIS servers

 


I now want to comment on Netgear's useless, underpowered app that they continue to hype as the end-all and be-all of router configuration.  It is just plain crap and shoulld be avoided at all costs. 

 


Most people follow your advice. The Nighthawk app is there for people who want a simple life, especially when setting up a new device, and then want to use local and Anywhere Access to manage a few basic operations with a mobile device.

 


Can I roll back this firmware version to either my previous version or to V1.2.12.96 without losing all my settings?

 


Yes, if you don't reset the router.

 

If you haven't found it yet, this is a useful tool when playing with a router:

 

How do I back up the configuration settings on my Orbi WiFi System? - NETGEAR Support

 

A lot of this is in the manuals.

 

Visit the support pages:

Support | NETGEAR

Feed in your model number and check the documentation for your hardware.

Message 2 of 21
GChuck
Aspirant

Re: RAXE500 no longer get attack warnings

Thank you for the response regarding the DOS attack messages.  

 

Now I have one further question.  Are these DOS type messages generated by the firmware in the router, or by the Armor software.  I reset to factory my router and then reconfigured it but I did not use the Nighthawk app (so hopefully did not enable the Armor software).  I did this to allow me to use the “Access Control” settings in the router, which were unavailable as long as the Armor software was enabled.  By the way, I did purchase a year’s worth of Armor, but don’t want to enable it until I can figure out if it is useful or not.

 

GChuck

Message 3 of 21

Re: RAXE500 no longer get attack warnings


@GChuck wrote:

 

Now I have one further question.  Are these DOS type messages generated by the firmware in the router, or by the Armor software.  


We see regular reports here of logs loaded with DOS Attacks even when the router has never seen a whiff of Armor.

 


By the way, I did purchase a year’s worth of Armor, but don’t want to enable it until I can figure out if it is useful or not.

 


That's for you to decide. I know nothing about Armor. I don't pay for things that I can't see the need for.

Message 4 of 21
Killhippie
Prodigy

Re: RAXE500 no longer get attack warnings

I have the same issue, but when there are no port scans showing (there are every day) I used Gibsons very old firewall scanner which always sets off that warning, nope. all attack warnings no longer appear, now while its nice not to see Netgears paranoid firewall throwing up them, they do happen and this firmware has introduced a bug where they don't show up at all, and yes that's after a factory reset as well.

 

 Also what happened to all the DHCP 60-61 issues people where having, if you search it on Google it shows up, but there is no link when clicked on, like its been removed? This firmware seems a bit of a mess, and the last one had issues for almost a year. Not great whatsoever.

Message 5 of 21
GChuck
Aspirant

Re: RAXE500 no longer get attack warnings

Thanks for that answer.  It's what I thought.  I think I might revert my router back to my previous version (1.0.10.86) and then upgrade it to V1.0.12.96 to see what else breaks.  This is my first (and probably last) Netgear  router.  Can't say I'm impressed!

 

GChuck

Message 6 of 21
Killhippie
Prodigy

Re: RAXE500 no longer get attack warnings

All routers have bugs, don't let this put you off, the RAXE500 is a capable router, speedtest over PPPoE was broken in V1.0.12.96 and you cant use 40Mhz on 2.4Ghz (which you should not be anyway) I had no issues with that firmware for a year. I'm staying on this latest one, I've seen this bug on the RAX120 years back and with some of the other issues Netgear will get this fixed, but if you want run V1.0.12.96 just keep an eye out for possible security updates that means running 1.2.13.100. Also the router is blocking port scans and etc its just not logging them and many people turn the logging of that event off as its annoying but you still have the protection, after all its only a log. The router is still working as it should to protect you and this version although with a few bugs has a lot of fixes too. Id rather stay up to date for security than roll back and be vulnerable. the version you were running was quite old, its best to stay up to date for your own protection if possible. Netgear are aware of the issues. If they pulled the posts to option 60-61 not working (not saying they did) I would say these told people to roll back who use that option and will get it fixed. 

Message 7 of 21
GChuck
Aspirant

Re: RAXE500 no longer get attack warnings

Thanks for that reply.  I have decided to stay with version 1.2.13.100 for a while just to see how long it take Netgear to fix the two issues I'm seeing (not logging attacks and 6G devices not showing). 

 

I also seem a little more comfortable with the router now that I have removed the Armor portion.  I can again see (and control) who gets access to my network without having to try and get it to work with the underpowered and basically useless Armor app.

 

I do like the speed though.  Getting gigabit throughput on both my desktops.  One running an Intel AX-201 and the other an Intel AX-210.  I did think I would get better throughput on the 210, but both machines getting about the same!

 

Will keep experimenting  with the device settings to see what else it is capable of doing.

 

Thanks again.

 

GChuck

Message 8 of 21

Re: RAXE500 no longer get attack warnings


@GChuck wrote:

I have decided to stay with version 1.2.13.100 for a while just to see how long it take Netgear to fix the two issues I'm seeing (not logging attacks and 6G devices not showing). 

 

Which issue is that?

 

The one about "not logging attacks" is not an "issue". The problem was that it logged attacks that weren't real. So, that is a fixed issue for many people. Are you saying that you want to see those false reports?

 

As to 6 GHz devices, what is the issue there? Are they connected and not visible? Or can you see them and they don't say "6 GHz"?

 

 

Message 9 of 21
GChuck
Aspirant

Re: RAXE500 no longer get attack warnings

The first issue is that the logs are empty.  With the exception of seeing my admin login entries, time synchronization and updates to Access Control, I saw no "attack" entries and found that unusual.  But as I am new to this router, I never really experienced the full gamut of false positives that I keep hearing about.  So this is probably a non-issue.

 

The second issue I'm seeing is that when I look at the "Attached Devices", I see the "Connection Type" displayed as "Wired" or "5G Wireless" or "2.4G Wireless", but for my 6G devices, they show up as only "--".  In the previous firmware that I was using (V1.0.10.86), these devices did show up as "6G Wireless".  Not a big deal, but if the small stuff is missed, then I sure hope that important stuff is not!

 

It would be nice too if the documentation matched the device.

 

GChuck

Message 10 of 21

Re: RAXE500 no longer get attack warnings


@GChuck wrote:

The second issue I'm seeing is that when I look at the "Attached Devices", I see the "Connection Type" displayed as "Wired" or "5G Wireless" or "2.4G Wireless", but for my 6G devices, they show up as only "--".  In the previous firmware that I was using (V1.0.10.86), these devices did show up as "6G Wireless".  Not a big deal, but if the small stuff is missed, then I sure hope that important stuff is not!

 


Not a big deal, maybe, but definitely a bug. My MR90 router seems to think that 6 GHz is 5 GHz, but that may be down to something else.

 


It would be nice too if the documentation matched the device.

 


Netgear is famously useless at documentation. It transfers bits of boilerplate text from one manual to another without carefully checking it. And updates are rare.

 

Are you saying that the combined manual from April 2021 for the RAXE450 and RAX500E is wrong?

Message 11 of 21
GChuck
Aspirant

Re: RAXE500 no longer get attack warnings

No, not entirely.  But the only version of the manual that I have been able to find is one published in February 2023 with a document id of 202-12212-03 and pertaining to both the RAXE450 and RAXE500.

 

There are some differences between what the manual says, and what I see when using the Web interface. 

 

I guess I'm just an "old school" guy who was used to workin with big iron (IBM 370's) and mini's (DEC PDPs and Vaxen) where in both cases, the documentors wrote the manuals, then the software guys wrote the code to match the manuals.  Of course, then along came Microcrap who wrote no documentation and made the use guess what was going on!

 

GCHuck

Message 12 of 21

Re: RAXE500 no longer get attack warnings


@GChuck wrote:

 

I guess I'm just an "old school" guy who was used to working with big iron (IBM 370's)


I was at the London press launch of the 360s in the 1970s.

 

I also have fond memories of a later IBM press trip to NYC, on the way to Yorktown Heights and the Thomas J. Watson Research Center, to listen to Rolf Landauer getting excited about a prototype PC card for speech recognition. (The IBM PC was still a new kid on the block.) Massive thing. Probably not as powerful as the software in today's mobile phones.

 


There are some differences between what the manual says, and what I see when using the Web interface. 

 

The trouble there is that new firmware can change the GUI in many ways. Trying to keep up wit those can't be easy, especially with devices that have been through different generations of firmware going back many years. Keeping up with the KnowledgeBase articles is about the best we can hope for.

 

Message 13 of 21
Killhippie
Prodigy

Re: RAXE500 no longer get attack warnings

The logging issue is a problem. I know Netgear logs are so paranoid its untrue but now there are none whatsoever, I did a port scan of the router and that should show up in the logs and it did not, so the logging for known attacks is not functioning at all. That's not a fix thats a bug, if you dont want to see the attack logs you can turn them off, but on this firmware those logs are not happening at all, and port scanning happens to all routers every day, so seeing nothing at all is wrong.

 

 Also what happened to DHCP option 60-61 users, that was said to be missing but when searched for its been removed, Google found that post but its not here in the forums, so did Netgear mess up on option 60-61or did the unit need a factory reset for those users? 6Ghz devices should show up as they did in previous firmware not as symbols, so there are GUI bugs in this router, they have changed the GUI for logging window in the GUI, well at least on Firefox. I saw the attack logs vanish on one firmware of the RAX120, its not Netgear have fixed them, its they are just not showing which in itself is not a major issue but if users want to see the logs then this firmware has messed that up. Also some but not all users were having 6E issues, so not sure whats fixed whats broken and whats mended at this time with this firmware.

Message 14 of 21
GChuck
Aspirant

Re: RAXE500 no longer get attack warnings

I thought that I should still see some "attack" signatures happening on the router if it was logging them.  This is what I saw on my previous router; not a ton of attacks, but a consistent and continuous number.  As for the DHCP option 60 & 61, I run my own DHCP server so the router's DHCP has been turned off and therefore I never noticed (nor needed) those options.

 

But having the router show my devices "connection type" would be nice.  That way at a glance, I can see how each device has connected and the fix those devices that connect at a less than ideal rate.

 

I guess the big question is whether or not to downgrade the router to a previous version and then if so, to what version.  If version 1.2.13.100 has all the needed security updates, then that is probably the best version to stay on; even with it's shortcomings.  From what I hear, Netgear is not very quick in fixing problems with the firmware.

 

Thanks

 

GChuck

Message 15 of 21

Re: RAXE500 no longer get attack warnings


@GChuck wrote:

I thought that I should still see some "attack" signatures happening on the router if it was logging them.

 


It was logging events that did not happen. Why would is show fake signatures after Netgear fixed this defect?

 

A bigger problem would be if the logs did not show real events.

 

Can you think of events that your logs no longer show?

 

Maybe an empty log means that nothing happened.

 

In my case, the logs for an MR90 show:

 

[admin login]
[DHCP IP: (192.168.1.9)]
[Dynamic DNS]
[Time synchronized with NTP server]
[Internet connected]
[Internet disconnected]
[email sent to: logs@xxxxxx.net]

 

I have it set to log the whole caboodle.

Message 16 of 21
Killhippie
Prodigy

Re: RAXE500 no longer get attack warnings

When you do a scan of the ports on the router that shows up as a port scan in the firewall logs, well it should but Its not. Whilst I agree that Netgears firewall logs show a load of garbage they should show a basic port scan and they are not. The router is not logging those attack logs as it should. As to DHCP since I use the Netgear routers DHCP server all appears as it should, with some new icons for printers and their connections show fine so maybe thats an issue with other other posters own DHCP server and this new firmware.

 I'm not sure what's happening to people not using the DHCP server or what happened to option 60- and 61 for sky users as those posts just vanished. I use address reservation,and all is working as it should in that department. I think as always some issues can be cleared up by a factory reset, which is a total pain, but the router does have a few bugs in this release.

 I agree its nice not to see the flood of false attacks but routers are port scanned daily, even Asus routers show that, The RAXE500 having gone from a myriad of false smtp query drop logs, and is now devoid of any attack logs or port probes and as I said using Gibson's old port scanner always shows as a port scan, because it is! Its not showing up in the logs but the router is using stealth, even though thats no guarantee of safety as any attacker would know that a router is sitting there hiding by using stealth, but that's beside the point. This firmware has some small bugs, if people have just bought the router they should contact Netgear. I cannot be bothered to downgrade to a version with other bugs thats a year old, but it seems like this router is not pruning logs after a week or so as it used to either, time will tell on that one as maybe it will when the log gets bigger.

 

 

Message 17 of 21

Re: RAXE500 no longer get attack warnings


@Killhippie wrote:

When you do a scan of the ports on the router that shows up as a port scan in the firewall logs, well it should but Its not.

 


Firewall logs? I haven't seen that term used for those logs before.

 

 

Message 18 of 21
Killhippie
Prodigy

Re: RAXE500 no longer get attack warnings

The logs produced show attacks on the firewall along with all the other things ticked and as we know some are not attacks at all, but some are just logs from incoming communication with the routers firewall that Netgear's routers have always seemed  paranoid about as most are not attacks and it would be nice to have it fixed so it does not show false positives like Amazon or Apple etc. When a port scan is done against the routers firewall it is shown in the logs these are firewall logs mixed in with the other logs we have selected in the routers GUI. As of now the logging system is not showing logs from the firewall like the port scan I did on the router, and it should. So this is a bug.

 

 

 

Message 19 of 21
Killhippie
Prodigy

Re: RAXE500 no longer get attack warnings

@michaelkenward Netgear have changed the attack logging so I apologise as I was surprised its so different, but it is the way its meant to be now on The RAXE500 as you guessed.

 I was given this reply via Netgear. "Engineering comments: Understood and we changed the DoS attack determination rules since there are a lot of false alarms in previous version. It’s the enhancement in v1.2.13.100.
I don’t think it is an issue."

Also there is a trial version to cure option 60-61 missing but users with that issue would need to contact Netgear.

Message 20 of 21

Re: RAXE500 no longer get attack warnings


@Killhippie wrote:

@michaelkenward Netgear have changed the attack logging so I apologise as I was surprised its so different, but it is the way its meant to be now on The RAXE500 as you guessed.


Thanks for the update. Congratulations on getting an answer from Netgear.

 

 

Message 21 of 21
Top Contributors
Discussion stats
  • 20 replies
  • 2623 views
  • 2 kudos
  • 3 in conversation
Announcements

Orbi WiFi 7