NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

PyroDog's avatar
PyroDog
Apprentice
Jan 29, 2018
Solved

Firmware auto update domain

I was running firmware 2.0.0.74 on my Orbi system with NVRAM set to disable updates. Everything was running prefect as that firmware is rock steady for me. Today I found my system had self updated to...
Troubleshooting
  • rhester72's avatar
    rhester72
    Feb 02, 2018

    Kept digging on this and learned the following:

     

    TCP port 443 (HTTPS): http.fw.updates1.netgear.com

     

    TCP port 21 (FTP): updates1.netgear.com

     

    I believe those two are all that's necessary to block.  Orbi tries HTTPS first, then FTP.

rhester72's avatar
rhester72
Virtuoso
Jan 29, 2018

I suspect this will be very hard to block.

 

When I just checked, Orbi did an A-record lookup for:

 

A1599ER83NVYL8.iot.us-west-2.amazonaws.com

rhester72's avatar
rhester72
Virtuoso
Feb 02, 2018

Kept digging on this and learned the following:

 

TCP port 443 (HTTPS): http.fw.updates1.netgear.com

 

TCP port 21 (FTP): updates1.netgear.com

 

I believe those two are all that's necessary to block.  Orbi tries HTTPS first, then FTP.

  • PyroDog's avatar
    PyroDog
    Apprentice
    Feb 02, 2018

    Thank you! 

  • Mayhugh1's avatar
    Mayhugh1
    Apprentice
    Feb 02, 2018

    Does that keep them out of the Orbi or just out of the computers on the LAN behind the Orbi ?

     

    • rhester72's avatar
      rhester72
      Virtuoso
      Feb 02, 2018

      It should prevent the Orbi from finding any updates to the firmware.

      • PyroDog's avatar
        PyroDog
        Apprentice
        Feb 06, 2018

        I want to thank you for your posts. I went a step further and blocked all internet access for the Orbi units using my firewall. I'm pleased to see this workaround works great at preventing forced updates.