Still factory default, manual fw, factory default. If its a bug, it gets past it. Can you packet capture and see if its a bunch of retransmits? Id be curious if netgear could pull logs to see if its sending them the wrong firmware for the model, failing, then initiating again. Maybe malicious code isnt allowing a vulnerability patch.
On Thu, Jun 20, 2019, 3:43 PM Mark - Myakka Technologies <m...@mailmt.com> wrote: > Steve, > > OK just for shits and giggles I typed in the bad ip address > https://72.246.60.96 and got this from my browser > > "Websites prove their identity via certificates. Firefox does not trust > this site because it uses a certificate that is not valid for 72.246.60.96. > The certificate is only valid for the following names: > www.downloads.netgear.com, updates1.netgear.com, > http.fw.updates1.netgear.com, arloupdates.netgear.com, updates.netgear.com, > acupdatesdl2.netgear.com, acdownload.netgear.com, updates.arlo.com, > kb1.netgear.com, acupdatesdl.netgear.com" > > So, I'm going with my first guess that the netgear router is screwed. > > -- > Best regards, > Mark mailto:m...@mailmt.com <m...@mailmt.com> > > Myakka Technologies, Inc. > www.Myakka.com > > ------ > > Thursday, June 20, 2019, 4:19:32 PM, you wrote: > > > probably hacked. Isolate it. factory reset it, FW update it > manually.factory reset it again > > On Thu, Jun 20, 2019 at 3:16 PM Mark - Myakka Technologies < > m...@mailmt.com> wrote: > > Just an update on this. I have isolated the IP address. I have > confirmed that something on his system is requesting the data. > TCP/443. I have blocked all packets leaving his system going to that > IP address. That has stopped the download of course, but it is > continuously requesting data. We powered off all devices and it still > continued. Of course powering off router killed the traffic. > > What are the chances that it is the Netgear router? It is a Netgear > (R7000P-100NAS) Nighthawk AC2300 router. The usage spike started the > day he installed the router. Could it be in some type of FW download > loop? > > > -- > Best regards, > Mark mailto:m...@mailmt.com > > Myakka Technologies, Inc. > www.Myakka.com > > ------ > > Monday, June 17, 2019, 11:53:27 AM, you wrote: > > MMT> Anyone have a akamai contact. I have a customer getting a steady > MMT> stream of data from an IP address that resolves back to them. > MMT> Currently blocking the address for the customer, but that is not a > MMT> long term solution. Would like to figure out who or what at akamai is > MMT> using that address. > > MMT> Tried calling them, but got nowhere fast. > > > MMT> -- > > MMT> Thanks, > MMT> Mark mailto:m...@mailmt.com > > MMT> Myakka Technologies, Inc. > MMT> www.Myakka.com > > > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
