×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Orbi RBR50 Constantly dropping connection fixed at long last

RobrtM
Follower
Follower
‎2022-01-28 12:20 PM
‎2022-01-28 12:20 PM

Orbi RBR50 Constantly dropping connection fixed at long last

I noticed in the log several DoS attacks. Seemingly random but some occurred every few seconds. Sometimes two or three from different IPs. These coincided with my network going down soon after.

After may searches and reading hundreds of posts on various forums, updating firmware, checking connections, rechecking connections, reconfiguring, etc I think I stumbled onto a solution.

 

Whois search for each IP initiating the attack showed almost all have already been reported for abuse.

A Google search for DoS attacks gives a lot of info for who is doing it and why it is happening.

 

In a nutshell, from what I can gather there's some consensus among some tech people that Netgear and Amazon have somewhat more network vulnerabilities than other tech firms.  And because of that, bots that search across the Internet target the IPs of those using Netgear and Amazon services. I fall into that category.

What's happening is that bots are hitting my IP and pinging any and all ports and asking for acknowledgement. When several bots do this constantly, it overwhelms the system, slows it and eventually crashes it. This is a typical DoS attack.

 

Its worth noting that my main connection is Xfinity which hardly ever goes down and stays up when Orbi is down and/or rebooting itself. The Orbi is set up as a router.

Xfinity has protection in place to stop DoS attacks. They don't allow ping nor acknowledgment.

 

Changes done are as follows.

Step one, block the IPs showing in the log in my Windows firewall.

Step two,  Orbi setting for WAN, check the box next to Disable Port Scan and DoS Protection.

This seems counter intuitive but blocking Port Scan is what I think is the key.

Step three reboot Orbi.

 

Since doing this my network has been up and stable with no outages whatsoever.

 

If the changes I made end up making things worse or break everything, so be it. For now I'm happy with a network that doesn't cut off 10 times a day.

You can and should do your own research---FIRST---to see if any of this may help you.

If you destroy your system because you tried any of the above, I repeat, You can and should do your own research---FIRST---to see if any of this may help you.

 

If this info has been posted before, I apologize for the repost

 

 

 

 

Message 1 of 3
0 Kudos
Reply
FURRYe38
Guru Guru
Guru
‎2022-01-28 02:58 PM
‎2022-01-28 02:58 PM

Re: Orbi RBR50 Constantly dropping connection fixed at long last

What FW is currently loaded?

What brand ISP modem/ONT is the Orbi connected too?

 

Message 2 of 3
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2022-01-28 03:25 PM
‎2022-01-28 03:25 PM

Re: Orbi RBR50 Constantly dropping connection fixed at long last

@RobrtM wrote:

And because of that, bots that search across the Internet target the IPs of those using Netgear and Amazon services.

 

Xfinity has protection in place to stop DoS attacks. They don't allow ping nor acknowledgment.

 

Changes done are as follows.

Step one, block the IPs showing in the log in my Windows firewall.

Step two,  Orbi setting for WAN, check the box next to Disable Port Scan and DoS Protection.

This seems counter intuitive but blocking Port Scan is what I think is the key.

Step three reboot Orbi.

An interesting presentation.  Great if it has made your system stable.  Some parts lead me to questions:

  • Netgear and Amazon services.  What mechanism would a bot use to learn which IP's are connecting to Netgear and Amazon services? Individual IP's open connections directly to Netgear and Amazon URL's.  If ISP routers are compromised, then perhaps someone could snoop on connections, but short of that I see no way that a computer somewhere on the internet can know that I have some product that uses AWS and my neighbor does not.
  • The Windows Firewall is inside the Orbi LAN, and thus protected from connection attempts from those IP addresses.  The Windows Fireall, like the Orbi itself, does not accept incomming connection requests.  I cannot see how anything done to the Winidows Firwall will have any effect on this situation at all.
  • Xfinity is upstream of the Orbi.  If Xfinity is blocking DoS attacks, they should not reach the Orbi.  It is not clear what the point is of mentioning Xfinity.
  • Disabling Port Scan and DoS Protection has been mentioned in terms of conserving the processor cycles that would be consumed by that analysis.  It has nothing to do with the Orbi firewall basic settings.   Outgoing connections are allowed and incomming connections are rejected. If these DoS scans actually overpower the Orbi processor, there might be consequences.

This phenomenon of Orbi routers spontaneously rebooting has been reported and I cannot recall discussion of a definite conclusion for what could be causing it. If it happend to all Orbi routers, all of the time, there would be a tremendous Hue and Cry on the internet.

 

I think of Denial of Service as a concerted effort to block a specific web activity. i.e. keep people from being able to connect to some web site, or from being able to send email.  It seems a bit much to think that someone has decided, "I'll pick a random IP address out in the world and make their router stop."

Message 3 of 3
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 2 replies
  • ‎2022-01-28 12:20 PM
  • 746 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi WiFi 7