Jump to content

XR500 Beta Feedback..


Recommended Posts

8 hours ago, Netduma Fraser said:

Yeah we really need to be able to reproduce that and it's quite important. Yes that's right, keep us posted afterwards on how it went and the NAT situation.

Hello Fraser! I just wanted to give you an update after trying that method of factory resetting.. It did not work.. 😕  I tried it a few times with no luck.. after each time I noticed that my QoS settings were all still present after each factory reset.. 

My biggest concern is with these Dos Attacks because it basically brings my Network to a complete halt.. Even when I go into WAN and disable Dos and Port scan protect my Network doesnt seem to recover..

Do you want me to see if my Xbox NAT type is still Open? I can report that back to you quick if need be.. Every time I had checked before it was always Open.. With no option enabled that would normally get one an Open NAT..

I will try to wait to hear back from you.. I know you maybe off already.. But if not let me know..

Thanks!

Zippy.

Link to comment
Share on other sites

  • Replies 80
  • Created
  • Last Reply

Also I did just try this again and I already have these Dos Attacks pilling up! Just took a quick look.. 

Zippy.

Link to comment
Share on other sites

  • Administrators

It was a long shot but thanks for letting me know! I have let the team know so they can continue to try reproducing it and hopefully come closer to a solution!

Did you manage to check that Windows update setting to see if that is causing it? Yes please, it would be good to know, it could indicate why you're getting the DoS attacks - it could somehow be bypassing the router - it does have a local IP from the XR right? Do you have any Traffic Controller rules active?

Link to comment
Share on other sites

I have just seen this post from Zippy about DOS Attacks... My log has been full of DOS Attacks aswell since i started using the Beta Version.  

Link to comment
Share on other sites

6 hours ago, Dialatech said:

I have just seen this post from Zippy about DOS Attacks... My log has been full of DOS Attacks aswell since i started using the Beta Version.  

Thanks for letting us know you're seeing it too, if you lookup the IP mentioned in the log entries online, where do they appear to be coming from? 

Link to comment
Share on other sites

1 hour ago, Netduma Liam said:

Thanks for letting us know you're seeing it too, if you lookup the IP mentioned in the log entries online, where do they appear to be coming from? 

I will PM you a list of IP address and what there are.

Link to comment
Share on other sites

1 hour ago, UK Sentinel said:

I was going to try the 120 firmware version for my XR500, but now not so sure, could I ask you to try https://www.grc.com/  (Shields Up)  (All Ports) and see if any of the ports are not in Stealth mode ?

Thanks 👍

All Passed. No issues 

Link to comment
Share on other sites

47 minutes ago, UK Sentinel said:

Thanks for checking,  I had hoped that was why you were experiencing high DOS attacks entries ?

Is the 120 firmware version usable in your view ?

Yeah its useable but i do think there is bugs in it. 

lots of the bugs i have had are in the older firmware's aswell tho 

Link to comment
Share on other sites

@Dialatech and @UK Sentinel My Dos Attacks weren't what I would say security threats but more of the problem of them being either filtered or blocked to known trusted sites.. So what would happen was it would slow down my network or basically bring it to an unusable state.. Ports to watch for are your basic ports like 443, 80, 53 and others that you know that are used on your own network.. There were other ports I noticed that were tied to my gaming as well.. Which made it impossible to game then.. Either I would get kicked from a game or the game was just unplayable..

With any beta firmware one does want to be careful and watch for things.. Id watch for these DOS Attacks and just check a few if you get any.. See what exactly they are.. If your getting large numbers then I would pay attention more to see if any of them occur during whatever your doing on your network.. Like gaming and or working from your laptop/computer..

Hopefully that helps! Feel free to share your thoughts or experiences with the new firmware.. Things that may seem off to you ect ect..

Thanks!

Zippy..

Link to comment
Share on other sites

On 3/21/2021 at 6:51 PM, Netduma Fraser said:

It was a long shot but thanks for letting me know! I have let the team know so they can continue to try reproducing it and hopefully come closer to a solution!

Did you manage to check that Windows update setting to see if that is causing it? Yes please, it would be good to know, it could indicate why you're getting the DoS attacks - it could somehow be bypassing the router - it does have a local IP from the XR right? Do you have any Traffic Controller rules active?

Hello Fraser! Wanted to give you a recap of my issues with the XR500.. 

All devices in our home had updates blocked by the XR500 in some sort or fashion. It wasn't just MS products.. It was also apple products like our IPhones as well and smart tvs.. In some cases there were multiple updates for some devices..

I did also check to see if my NAT type was still reporting Open even after the factory reset and everything was locked down.. Meaning no port forwarding, No DMZ, No port triggering, NAT type set to secure and my Xbox was still reporting open NAT.. That also was with just IPV4.. No IPV6 enabled.. I even hard reset my Xbox to make sure it wasnt miss reporting.. But it wasnt..

All devices and even the Xbox were reporting a Local IP that was assigned by the XR500.. The Xbox was using 192.168.1.3 and it was reporting an Open NAT under the circumstances I mentioned above..

I even noticed  DOS Attacks happening on my Xbox while playing a game.. The port number caught my eye because its one of the ports that game uses.. Along with the IP it was coming from.. Which started with a 52.. Which was a Azure MS server..

I even got DOS Attacks on my ISP DNS on port 53 and thats when things really got ugly.. Which would make total sense.. I watched my logs and notice since 53 was being blocked it kept trying other port numbers like 54 55 56 57 ect ect.. And everything was showing as being DOS Attack in the logs..

One of my biggest concerns was that my Xbox was reporting an Open NAT.. I felt uneasy about that because if my Xbox is showing that what other devices on my Network maybe exposed to a wide open NAT.. That was a security issue I was afraid of and didnt want to chance it.. 

Currently I have taken my XR500 out of my Network and am using the R2 atm.. I feel more comfortable with that.. Not to mention I dont get those DOS Attacks where my whole Network comes to a crawl.. Hopefully there is something from this that might help NG find a cause or solution.. 

Fraser if there is anything you or Liam have questions on please feel free to ask.. In case there are other questions that may help! Thats what im here to do is help out in anyway possible..

PS.. I had no Traffic Controller Rules..

Thanks again!

Zippy..

Link to comment
Share on other sites

  • Administrators

Thanks Zippy for the information. My main concern there is that it could be the firewall not functioning properly, of which there is nothing to change on the interface to rectify that. When did the DoS attacks start - with a particular firmware version?

Link to comment
Share on other sites

5 hours ago, Netduma Fraser said:

Thanks Zippy for the information. My main concern there is that it could be the firewall not functioning properly, of which there is nothing to change on the interface to rectify that. When did the DoS attacks start - with a particular firmware version?

Welcome Fraser! Yes that is what concerns me as well.. With an Open NAT under those circumstances makes one wonder if the firewall is enabling properly or at all.. That is why I went back to the R2 atm.. I didnt feel comfortable with the current operation of the XR500 in that sense and with what was going on with it.. Its very possible the firewall isnt loading or reloading properly..

As far as when this has taken place I would say its either this most current firmware .120 or the prior firmware.. That was the time frame it happened at.. But it wasnt until this most current firmware where I was getting those DOS Attacks like I have been on key ports.. Things really point to this most current firmware..

Do you happen to know who else is having this trouble with QoS on this firmware? It might not hurt to have them to try to see if they can get there NAT to do the same as mine..  See if there is a connection there.. Either way its something most might not even know is an issue because they assume an Open NAT is good to go when in this situation it might not be..

If you have any other questions Fraser im here! :) 

Thanks!

Zippy.

Link to comment
Share on other sites

@Netduma FraserI do have one question for you.. Do you see any reason that I shouldnt use the XR500 as a AP under my circumstance? I was thinking on putting it into AP mode and run that to the R2 for wifi.. Just your thoughts.. I would think that it would be safe to do that with out issue..

Thanks!

Zippy.

Link to comment
Share on other sites

  • Administrators

Thanks @Zippy I've passed this on to the XR lead as I think it will require further investigation on their part. I'll come back and let you know if any information is required/will keep you posted. AP mode should be fine as the R2 would be handling the routing to devices and has its firewall upstream.

Link to comment
Share on other sites

1 minute ago, Netduma Fraser said:

Thanks @Zippy I've passed this on to the XR lead as I think it will require further investigation on their part. I'll come back and let you know if any information is required/will keep you posted. AP mode should be fine as the R2 would be handling the routing to devices and has its firewall upstream.

Thanks Fraser! I do appreciate all your help.. If the lead XR needs any info or what not im here for you guys! I would think im likely not the only one experiencing this.. Specially if one is having a hard time getting a clean factory reset on the XR.. If I think of any other info I may have forgot or might help I will post here for you..

Thanks!

Zippy.

Link to comment
Share on other sites

Hi Fraser,

I have just seen this post from Zippy about DoS attacks.

Can you take a look at the screen shot below please.

Is this normal?
 

regards

 

8070706B-00C8-434D-A6D6-3199C8860432.png

8E13813A-5E4D-4DAC-B85B-A1005C3FCB27.png

Link to comment
Share on other sites

@Will That doesnt look normal.. You are showing some of the same DOS Attacks I had..  Specially if those are coming from known IPs.. It might be best to have Fraser take a peek.. 

After closer look you are also getting DOS Attacks on port 443.. I definetily would be careful at this point because you are showing very similar events taking place as myself..

Thanks!

Zippy.

Link to comment
Share on other sites

6 minutes ago, Will said:

Hi  Zippy,

I had a feeling this isn’t normal  let’s see what Fraser has to say. 
 

thanks mate

Thanks for sharing this! It will help alot that im likely not alone on this.. Not to mention it should help Netgear as well.. Fraser will know what to do..

Thanks Will

Zippy.

Link to comment
Share on other sites

7 hours ago, Netduma Fraser said:

Thanks @Zippy I've passed this on to the XR lead as I think it will require further investigation on their part. I'll come back and let you know if any information is required/will keep you posted. AP mode should be fine as the R2 would be handling the routing to devices and has its firewall upstream.

Hi all y'all.

Whilst I am new on this forum, I do have 25yrs+ in enterprise routing, firewalls and wifi.

Just letting you know that I successfully operate both an XR700(fw 1.0.1.36)  and XR500(fw 2.3.2.114) as Access Points (AP) wired from a FRITZ!box.

Both XRs as APs have been extremely reliable and available without issues.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...