- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
RBR50 Problem
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Team
I found the following entries in my Log:
[remote login failure] from source 185.210.217.244, Friday, December 21, 2018 05:08:33
[remote login failure] from source 62.173.145.228, Monday, December 24, 2018 19:31:15
[remote login failure] from source 141.105.70.50, Wednesday, December 26, 2018 20:14:02
and so on...several times. What's that? The Orbi's works as AccessPoints.
kind regards!
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This shows that someone reached to the public IP address and port of Orbi admin page (via the ISP main router) and tried to login but failed, likely because of wrong password.
I also see many of those all the time. If you have a long secure admin password then you should be fine.
The only way to completely get rid of this is to disable Remote Management.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR50 Problem
What FW is currently loaded?
What is the Mfr and model# of the ISP modem the NG router is connected too?
See who owns those IP addresses at whois.domaintools.com
Might start with any blocking features at the host router or modem. Contact your ISP for help if there modem has a built in router.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This shows that someone reached to the public IP address and port of Orbi admin page (via the ISP main router) and tried to login but failed, likely because of wrong password.
I also see many of those all the time. If you have a long secure admin password then you should be fine.
The only way to completely get rid of this is to disable Remote Management.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR50 Problem
Do you have remote adminstration turned on?
On the surface, looks like someone was trying to log onto your router to remotely administer it but couldnt get username/pw correct.
That's the good news.
The bad news is that someone was clearly trying to get into your router.
If you only remote from specific machines, I would add those to the "Only accept connections from..." fields.
If you dont administer your router remotely, turn off that function to minimize your exposure/risk.
@FURRYe38 gives good advice to figure out where those IP addresses are located which will give you a clue of who is knocking on your door trying to snoop around.
If this was my network I would be sure to udpate all virus & malware software, scan each machine and be increasingly vigilant.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR50 Problem
Hi Team
Many thx for the replies. I think deactivating the Remoteaccess (in the App) will be the savest way.
kind regards and greets from Switzerland!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR50 Problem
@Chuck_M wrote:
........... figure out where those IP addresses are located which will give you a clue of who is knocking on your door trying to snoop around.
...........
Those IP addresses are usually coming from all over the world. I saw addresses from Europe, UAS, Asia,...., so yes it's nice to know where this comes from but....
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR50 Problem
I would have checked them from here, but the DoD would have probably asked me what the heck!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR50 Problem
@dali70 wrote:
I think deactivating the Remoteaccess (in the App) will be the savest way.
I think you are wrong: Remote Access in the App is not the same as the Remote Management access as configured in the Web based access.
The Remote Access does allow the device to link into a Netgear cloud system, here the App can connect to using Remote Access. This is _not_ what is causing the log entries you have shown.
You have to disable the Remote Management in the Orbi (or Nighthawk, or whatever Netgear router) in the Advanced settings on the Web UI. this is what does expose the router management port to the wild Internet.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR50 Problem
Hi
But I can not disable it as long it is in the AP-Mode...
So I will check the log day by day...
kind regards!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR50 Problem
@dali70 wrote:
But I can not disable it as long it is in the AP-Mode...
In AP mode there is no interface of the Orbi on the WAN/Internet - so nothing to disable therefore, absolutely correct.
If you still get incoming connections from the Internet to the Orbi AP, double check and disable NAT port forwarding on your router to the Orbi AP LAN IP.
Edit: Can't speak for the Orbi and Orbi App ... for the Nighthawk App or the Genie App access - I find no (!!!) login information in the log, neither for local nor for remote. Very poor...
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more