× Introducing the Orbi 970 Series Mesh System with WiFi 7 technology. For more information visit the NETGEAR Press Room.
Orbi WiFi 7 RBE973
Reply

New - RS700S Firmware Version 1.0.7.80 Released

FURRYe38
Guru

New - RS700S Firmware Version 1.0.7.80 Released

Enhancements: 11/21/2023

  • Removes Korea/Japan/Singapore/India on supported country list.
  • Stability enhancement.
  • Galaxy Z Fold4 IOT performance enhancement.
  • DFS mechanism enhancement.

Bug Fixes:

  • Fixes case of NAT loopback.
  • Fixes case of setup loop over GUI via WiFi.
  • Fixes case of USB drive detection.
  • Fixes case of no LinkRate and Connection type information for clients on NH APP.

Security Fixes:

 

Download Link: https://www.netgear.com/support/product/rs700s

 

Firmware Update Instructions:

To update your product’s firmware, follow the instructions in your product’s user manual. To find your user manual, visit https://www.netgear.com/support/, enter your model number in the search box, and click the Documenta...

 

NOTE: Nighthawk app or the routers web page may not report seeing new FW updates. NG may not push this to there auto update services immediately and may activate the newer FW update being seen on there auto update services at a later time. User will have the choice to manually update if you want too.

 

To Manually update FW on the router if this isn't seen on the routers web page:

https://kb.netgear.com/23960/How-do-I-manually-update-the-firmware-on-my-NETGEAR-router

 

NOTE: Use a wired PC and web browser to update router FW. If continued problems are seen after a FW update, it's recommended to try a >factory reset and setup from scratch with out loading any saved configurations from backup files.

https://kb.netgear.com/9665/How-do-I-perform-a-factory-reset-on-my-NETGEAR-router

After setting up from scratch and the system is working well, be sure to save a new backup configuration to file for safe keeping and save time if another factory reset needs to be done. Saves time here:

https://kb.netgear.com/24231/How-do-I-back-up-the-router-configuration-settings-on-my-Nighthawk-rout...

 

 

This article applies to:

 

Let us know how it works for you...

Message 1 of 15
TeamCorvette
Aspirant

Re: New - RS700S Firmware Version 1.0.7.80 Released

Hi I just got this Netgear RS700 and had no issues with DoS attacks

untill 2 days ago when there was a firmware update Firmware Version V1.0.7.80_2.0.79

Small network like 15 total PCs and devices in private home where most times maybe half of these are on so router is mostly idle

As soon as this was updated these DoS attacks began and never stop

I tried blocking UDP services for ports like 4-19 but that did nothing at all to stop this

What is this sudden cause and how to correct ?

Thanks for the help.  JR

 

Small example:

[DoS attack: RST Scan] from source 54.197.98.98,port 443 Thursday, Nov 30, 2023 20:18:56
[DHCP IP: (192.168.1.9)] to MAC address AC:E0:10:4E:60:DE, Thursday, Nov 30, 2023 20:17:26
[DoS attack: snmpQueryDrop] from source 147.203.255.20,port 58342 Thursday, Nov 30, 2023 19:57:05
[DoS attack: Fraggle Attack] from source 10.9.144.1,port 67 Thursday, Nov 30, 2023 19:55:12
[DoS attack: Fraggle Attack] from source 10.9.144.1,port 67 Thursday, Nov 30, 2023 19:54:57
[DoS attack: Fraggle Attack] from source 10.9.144.1,port 67 Thursday, Nov 30, 2023 19:54:55
[DoS attack: RST Scan] from source 95.100.155.249,port 443 Thursday, Nov 30, 2023 19:46:19
[DoS attack: RST Scan] from source 95.100.155.249,port 443 Thursday, Nov 30, 2023 19:34:19
[DHCP IP: (192.168.1.9)] to MAC address AC:E0:10:4E:60:DE, Thursday, Nov 30, 2023 19:26:11

Message 2 of 15
ShadowMario3
Apprentice

Re: New - RS700S Firmware Version 1.0.7.80 Released

I have the same issue with DoS attacks appearing in the logs even few seconds. From what support told me, it seems they are false positives. For now, I have disabled "Known DoS attacks and Port Scans" under "Include in Log" so it won't overflow the log:

 

ShadowMario3_1-1701400966681.png

 

Luckily, it doesn't seem to interfere with my port forwarding or internet speed.

 

Message 3 of 15
TeamCorvette
Aspirant

Re: New - RS700S Firmware Version 1.0.7.80 Released

Thanks for the quick reply

What they are saying is hide the fact in logs that this new firmware is not blocking DoS at a high rate per second, so really masking the problem and not knowing if those attacks are affecting the PCs and devices on my network

 

As it is these are coming from many different TCP/IP addresses

Did they say they are working on a fix and when that will happen

As I mentioned none of these occured with last firmware version

 

Thanks again . . JR

 

Message 4 of 15
TeamCorvette
Aspirant

Re: New - RS700S Firmware Version 1.0.7.80 Released

also I checked the address and shows it comes way over in Oregon and I am in Texas so clearly the DoS are not false positives I would think ?

 

[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:44:26
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:44:25
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:43:25
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:42:24
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:41:23
[DHCP IP: (192.168.1.9)] to MAC address AC:E0:10:4E:60:DE, Thursday, Nov 30, 2023 21:41:02
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:40:23
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:40:22
[DoS attack: RST Scan] from source 213.246.109.33,port 443 Thursday, Nov 30, 2023 21:30:25
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:30:17
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:30:11
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:29:38
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:29:37
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:28:37
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:28:36
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:27:36
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:26:35
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:24:14
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:24:13
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:23:13
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:22:13
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:22:12
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:21:12
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:20:09
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:19:42
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:19:35
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:19:12
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:18:49
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:17:36
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:17:35
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:16:35
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:16:34
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:16:13
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:15:22
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:15:13
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:14:29
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:14:12
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:14:08
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:13:57
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:13:12
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:13:11
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:08:21
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:07:21
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:07:20
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:04:19
[DoS attack: RST Scan] from source 52.89.243.158,port 443 Thursday, Nov 30, 2023 21:04:18
[DoS attack: RST Scan] from source 192.145.239.223,port 2096 Thursday, Nov 30, 2023 21:04:03
[DoS attack: RST Scan] from source 192.145.239.223,port 2096 Thursday, Nov 30, 2023 21:03:56
[Log Cleared] Thursday, Nov 30, 2023 21:03:38

Message 5 of 15
microchip8
Master

Re: New - RS700S Firmware Version 1.0.7.80 Released

It's a false positive, coming from Amazon. Regardless if it's in Oregon or somewhere else. Location doesn't matter.

Message 6 of 15
BH-C
NETGEAR Expert

Re: New - RS700S Firmware Version 1.0.7.80 Released

Without looking into details, we cannot tell if each individual case is a real attack or not.

What we can say is, after the NAT loopback issue from the previous releases (e.g. v1.0.7.66) is fixed, it introduced some false alarms in the DoS attack detection. We still work on the fix and will release the fixed firmware soon.

Message 7 of 15
TeamCorvette
Aspirant

Re: New - RS700S Firmware Version 1.0.7.80 Released

When I received this RS700 2 weeks ago I checked the Netgear website and said a firmware update was needed so I downloaded and installed it and show version was V1.0.7.66

 

For that 2 weeks not 1 DoS was shown in logs until

the auto firmware update 2 days ago and as I mentioned the IP addresses and DoS types are many different ones and several per second showing in logs

 

Great to see your looking to correct this ASAP as real or false still has to have a cost to the router as processer, memory, bandwidth, downstream to nodes, etc

 

 

Message 8 of 15
TeamCorvette
Aspirant

Re: New - RS700S Firmware Version 1.0.7.80 Released

It is now two full weeks since I reported this bug and Netgear if seems to think it is fine to hide the DoS attacks by turning the reporting of this OFF

 

That is not a fix and looks like Netgear cares little about all types of DoS attacks non stop and not doing a firmware fix 😞

 

Message 9 of 15
microchip8
Master

Re: New - RS700S Firmware Version 1.0.7.80 Released

Again, these are NOT DoS attacks but FALSE POSITIVES. You are not getting DoS'd or hacked! Why don't you listen? If you were getting DoS'd, you won't be able to get on the Internet as your device will completely choke up.

Message 10 of 15
TeamCorvette
Aspirant

Re: New - RS700S Firmware Version 1.0.7.80 Released

Keep the false postives for yourself, one thing of a $70 router, not a $700 one people are paying for

So false that Netgear said they would have to do a firmware fix

Last 2 firmware updates before this one did not have this problem so it is clear Netgear Q/A or engineering did not do the testing before releasing this firmware version

 

Workaround to just limit the size of the log files was to turm OFF DoS beng reported

The routers CPU, memory, whatever still has to be used to even your false positives taking that away from customers data throughput

 

 

Message 11 of 15
ShadowMario3
Apprentice

Re: New - RS700S Firmware Version 1.0.7.80 Released

Yeah, I had similar issues on this firmware. Last weekend, I noticed my internet drop while connected to the RS700. Wasn't able to confirm if it was due to the influx of false positive DoS attacks on the router (I did see I was no longer able to ping it), but I ended up reverting back to 1.0.7.66. Have had no issues since then, but hopefully an updated firmware that fixes this will arrive soon.

Message 12 of 15
TeamCorvette
Aspirant

Re: New - RS700S Firmware Version 1.0.7.80 Released

I also back rev'ed the firmware, when turning DoS back on for logs and seeing

DOS attacks with TCP/IP addresses coming from as far as the UK and China 😞

Clearly Netgear has no problems when a $700 router does this but a $70 one does not

 

Also with older firmware the data throughput from/to Internet is better

 

Message 13 of 15
schumaku
Guru

Re: New - RS700S Firmware Version 1.0.7.80 Released

Your 70 USD router does not even care about these - and nothing will be in the router logs anyway.

 

Even if you don't want to believe it: The majority of the DoS events are locally caused, from established TCP sessions,  for example a simple mobile roaming away (or roaming from the mobile network to your local WiFi) to the mobile network or a wireless notebook going to sleep, leaving dozens or hundreds of sessions in space. Virtually no real DoS will ever hit your router - the ISPs do much more than you can imagine. If you are DoS-ed from a high bandwidth or a distributed DoS attack, you will probably loose all your Internet connection. If the rare real attack attempts really happen, the DoS protection will jump in and also leave some log traces.

 

Yes, we (active community members, operators of many Netgear devices - most not average home users) know that the Netgear-implemented DoS detection tends to be over-sensible, leading to far to much false alerts. This is what Netgear is certainly working on, and this is what they are talking about.  Yes, each event is causing some traffic from logging and auditing. This is absolute normal industry standard. This is not exclusive to Netgear: Every network and service operator does see lots of events, collected in seconds, over hours and days. Most of these events and log entries can be explained if reviewed accordingly - mostly fully automated. And nobody is making any noise: This makes the big difference.

 

With the help of active intrusion prevention systems, it's easy to analyze. With the average but well collected DoS logs on the Netgear routers, many things can be explained - but by far not everything. This is all causing your big scare of DoS from other states, other countries, and the ubiquitous bad players. Almost every event is caused locally. Your computers, mobiles, applications, apps, cloud services and much more are active globally. It's not the big evil enemy - it's reality.

 

For reasons, no ISP provided consumer or SMB (and most business) routers don't tell us anything - including the 10 GbE Internet connection class.

Message 14 of 15
FURRYe38
Guru

Re: New - RS700S Firmware Version 1.0.7.80 Released

Message 15 of 15
Top Contributors
Discussion stats
  • 14 replies
  • 1561 views
  • 3 kudos
  • 6 in conversation
Announcements

Orbi WiFi 7