×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Security

tbdbitl
Follower
Follower
‎2019-10-15 10:36 PM
‎2019-10-15 10:36 PM

Security

My ISP has on several occasions dropped my connection claiming that they have founf malware coming from a device in my network.  They cannot tell me which device.  I am trying to determine which device has the problem.  It has been suggested that perhaps I need to be looking at the traffic coming through the router - which means I need to turn on logging, and then capture the data, and see if I can see anything funny going on.  

 

Is this something that is doable?

 

Please note - I suspect nothing to be wrong with my Orbi, I am only looking here to see if I can find information on where the malware may reside. 

 

In Case anyone asks, my network supports:

 

1 Intel Laptop with Norton Anti Virus Software - which says there are no problems on the machine

 

1 iMac - not used often - mostly it sleeps.  (much more than my dog)

 

2 iPhones

 

2 iPads

 

Nest doorbell camers

 

Security camera

 

 

Western Digital MyCloud backup devices

 

TV with network access

 

Dish Network access

 

Whereever possible, I change the admin login passwords but not all of them can be changed. 

 

Thanks in advance

Jerry

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 1 of 2
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2019-10-15 11:14 PM
‎2019-10-15 11:14 PM

Re: Security

They cannot tell you which device because the router uses Network Address Translation (NAT) to make it appear that everything from your network comes from the public IP address, only with different port numbers.  It would be very helpful if they could tell you which IP address (on the internet) appears to be attacked.  There is a simple command that will show all of the "open ports" through the Orbi, i.e. from one internal IP address to a specific external IP address.

 

You would telnet into the Orbi router and enter this command:

Cat /proc/net/ip_conntrack

 

On the Orbi debug page (http://<ip of Orbi>/debug.htm) it is possible to have the Orbi record all packets that pass through the public side of the Orbi - the Wide Area Network (WAN).  Basically, the user tells the Orbi to "Enable LAN/WAN Capture", and then to "Start Capture".  After a while, stop the capture and then save the debug file to your PC.  It is a zip file.  The LAN and WAN captures can be opened with a program such as Wireshark (free).

 

I used the "open connections" to figure out which Cloud Services all my Internet of Things (IoT) devices were connecting to.

 

If they would give you at least a hint of what they are detecting, the Orbi provides the resources to track it back to the offending device.

 

Message 2 of 2
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 1 reply
  • ‎2019-10-15 10:36 PM
  • 348 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 7