×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Orbi WiFi 7 RBE973
Reply

Re: RBK40 black list external IPs

Stimar
Tutor

RBK40 black list external IPs

Hi All,

I'm wondering is it possible to black list external IP addresses ?

In my router logs i can see a lot of "failed login" attempts (in hundreds). I can stop the remote management funtion, but it is good to have it working.

Also a can see a lot of DoS attacks.

 

Thnaks.

 

Message 1 of 9
CrimpOn
Guru

Re: RBK40 black list external IPs

I am not aware of any mechanism to blacklist specific IP addresses.  Even if there were, my guess is that this would be similar to me blocking robocalls.  Since they spoof telephone numbers, I can add a block after every call that comes in and they just keep picking new telephone numbers to spoof.

 

I take solace that the log is reporting attempts that the Orbi detected and repulsed.  It's just a reminder that we do not want our devices exposed to the internet if we can help it.

Message 2 of 9
FURRYe38
Guru

Re: RBK40 black list external IPs

What Firmware is currently loaded?
What is the Mfr and model# of the ISP modem the NG router is connected too?

 

Most routers firewall are good enough to block problems like this. The logs are just reporting that the firewall is doing it's job. 

 

Contact your ISP and have them help you change the WAN IP address that is given to you by your ISP. 

 

Besure that respond to WAN pings is disabled. 

Do you have Remote Management enabled on the RBR? If you don't need this, disable this feature. 

Message 3 of 9
Stimar
Tutor

Re: RBK40 black list external IPs

Hi All,


My  Orbi FW is the lattest one, my IP is dynamic one. I'm haveing one small ISP router (which is spliting the internet and the TV) before Orbi on which i don't have access anyway.

I'm concerned about the DoS attack, the problem here is that someone is trying to brute force my password. That's why we can see so much failed login attempts and the goal here is to have remote access to my switch, but to be able to block external IPs.

Message 4 of 9
FURRYe38
Guru

Re: RBK40 black list external IPs

Contact your ISP and have them help you change the WAN IP address that is given to you by your ISP. if you don't have access to there device, then they need to help you with this. 

Message 5 of 9
CrimpOn
Guru

Re: RBK40 black list external IPs


@Stimar wrote:

I'm wondering is it possible to black list external IP addresses ?

In my router logs i can see a lot of "failed login" attempts (in hundreds). I can stop the remote management funtion, but it is good to have it working.

 


There are two alternative ways to manage an Orbi remotely, which will eliminate the "failed login" attempts:

  1. The Orbi "app" provides the typical "cloud" pathway where the Orbi opens a link to Netgear's cloud system and the app uses this link to reach the Orbi.  This is what is used for the bulk of the Internet of Things (IoT).  For me, although the "app" is shiny and modern, I find that most of what I want to do on the Orbi requires either web or telnet access.
  2. Set up VPN.  Once a Dynamic DNS and VPN (they go together) are configured, it is possible to reach the Orbi from the internet through the VPN and access the web interface or telnet into the Orbi.  This is not a trivial exercise

One of my "suggestions" to Netgear is to show what password was entered in the failed attempt so that the user can determine what sort of attack is being conducted.  i.e. Is it a list of common passwords?  Are they enumerating all possible passwords starting with "aaaaa"?  In my case, my 25 character string of words, numbers, and punctuation is likely to withstand attack well into the next century.

Message 6 of 9
Stimar
Tutor

Re: RBK40 black list external IPs

Hi All 

@CrimpOnThanks for the suggestion that you made, about the strong password - this is correct but sometime attackers are exploiting vulnerabilities which are independent from the password it self. Most time problems come from within. IoT devices for example are more prone to attacks since they are not regularly updated or no updated at all which pose a risks.

 

The question would be - will NetGear add new feature - blacklist, which will be firewall improvement.

Message 7 of 9
CrimpOn
Guru

Re: RBK40 black list external IPs


@Stimar wrote:

Hi All 

@CrimpOnThanks for the suggestion that you made, about the strong password - this is correct but sometime attackers are exploiting vulnerabilities which are independent from the password it self. Most time problems come from within. IoT devices for example are more prone to attacks since they are not regularly updated or no updated at all which pose a risks.

 

The question would be - will NetGear add new feature - blacklist, which will be firewall improvement.


Netgear has an "Idea Exchange" where customers propose features. https://community.netgear.com/t5/Idea-Exchange-For-Home/idb-p/idea-exchange-for-home 

This is just an opinion, but my feeling is that Netgear may think that "Armor" is their solution to enhanced security.  I, personally, have not activated Armor, and have not spent much time learning what it does.

Message 8 of 9
Divamatrix
Tutor

Re: RBK40 black list external IPs

I don't know how many devices you have but if it's feasible, have you tried to login to the web interface....not the app...and turn on whitelist connections only? You simply whitelist all your normal devices' Mac ID and then by default everything else is blacklisted. Again, this is web login...i.e. http://192.168.1.1 . This works for me..
Message 9 of 9
Top Contributors
Discussion stats
  • 8 replies
  • 1537 views
  • 2 kudos
  • 4 in conversation
Announcements

Orbi WiFi 7