Custom firmware build for R7800 v. 1.0.2.74.4SF

[kokishin]

kamoj,

I executed via telnet:

nvram set nocloud=1
nvram set nokwilt=1
nvram commit

nvram set transmission_disable=1
nvram commit

and then rebooted the 7800.

(I disabled Transmission a month or so ago but I still re-ran the disable command shown above).

The NG downloader was already disabled.

I don't have any entries in the port forwarding/port triggering table. I did not see a way to explicitly disable it though.

I enabled Traffic Meter.

Ran Shields Up "All Service Ports" test and it failed.

Disabled Traffic Meter.

Ran Shields Up "All Service Ports" test and it passed.

<sigh>

EDIT:
Even when enabled, the Traffic Meter does not seem to be working. All rows are zero except for the last month row.

FYI: My saved off NETGEAR_R7800.cfg did not restore with 74.4SF. I had to set up my 7800 manually. Prior to setting it up, I reset the 7800 to factory defaults.

@kamoj @Tom_Batty @LeKeiser @microchip @NetBytes

I FOUND THE SOLUTION (workaround)!

I had to disable (uncheck) "Automatically adjust for daylight savings time" under NTP Settings.
See https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Traffic-Meter-not-working/m-p/1534108

Traffic Meter now works.

To get the time stamp on the logs correct, I had to set Time Zone to GMT-07:00 Arizona under NTP Settings.

Ran "All Service Ports" test and it passed.

For future reference, if I want to reenable ReadyCLOUD, Kwilt/hipplay, and/or Transmission, do I execute:

nvram set nocloud=0
nvram set nokwilt=0
nvram commit

nvram set transmission_disable=0
nvram commit

and then reboot?

Thank you folks for taking the time to provide feedback.

 

[kamoj]

I always have "Automatically adjust for daylight savings time" on, and I don't have your problem with Traffic Meter,
so there must be more into this...

Do you use the Kamoj add-on?
(It synchronizes time at boot even if ntp-server is not reachable.)

I had to disable (uncheck) "Automatically adjust for daylight savings time" under NTP Settings.

Traffic Meter now works.

Thank you folks for taking the time to provide feedback.

 

[kokishin]

I always have "Automatically adjust for daylight savings time" on, and I don't have your problem with Traffic Meter,
so there must be more into this...

Do you use the Kamoj add-on?
(It synchronizes time at boot even if ntp-server is not reachable.)

I'm not using your add-on.

I posted a link in my previous post that indicates that others have experienced the same issue with DST enabled and Traffic Meter not working, at least with NG firmware. I don't recall this ever being an issue with @Voxel firmware until now (and only my 7800?).

 

[LeKeiser]

I also have "Automatically adjust for daylight saving time" and I don't have your problem as well, @kokishin
Your problem is really weird.

 

[kokishin]

I also have "Automatically adjust for daylight saving time" and I don't have your problem as well, @kokishin
Your problem is really weird.

I agree!

 

[LeKeiser]

Weird thing here. I listen to TuneIn radio on my Google Homes and Amazon Echos. Was working well yesterday.
Then this morning, the GH and Alexas would take my "commands", but I wouldn't get the radio. I rebooted the devices nothing.
Had to reboot the R7800 and then it worked.

 

[kokishin]

I live in a high rise condo with lots of wifi channels being used by residents.

To get around the 5GHz radio congestion, I've been using a DFS channel at 80 MHz bandwidth for quite a while with no issues. Last night, the 7800 switched to channel 40 at 40 MHz bandwidth unbeknownst to me. I just happened to use a wifi analyzer on my cell phone and caught it. I realize that airport radar has priority over DFS channel assignments but I don't live very close to the airport, nor has it been an issue before.

I changed the 7800 back to a DFS channel.

Strange things happening to my 7800 since I installed 74.4SF.

Per Voxel's recommendation, I'm going to erase the overlay volume and netgear volume in the 7800's nvram and see if that clears up my issues.

I'd revert back to 74.1SF which was very stable but @Voxel implemented a CVE fix in 74.4SF so I think it's prudent to stick with 74.4SF.

Other recommendations appreciated.

 

[Luizk]

thank you voxel

 

[e38BimmerFN]

Let us know if it happens again after a factory reset and setup from scratch and set a manual channel.

I live in a high rise condo with lots of wifi channels being used by residents.

To get around the 5GHz radio congestion, I've been using a DFS channel at 80 MHz bandwidth for quite a while with no issues. Last night, the 7800 switched to channel 40 at 40 MHz bandwidth unbeknownst to me. I just happened to use a wifi analyzer on my cell phone and caught it. I realize that airport radar has priority over DFS channel assignments but I don't live very close to the airport, nor has it been an issue before.

I changed the 7800 back to a DFS channel.

Strange things happening to my 7800 since I installed 74.4SF.

Per Voxel's recommendation, I'm going to erase the overlay volume and netgear volume in the 7800's nvram and see if that clears up my issues.

I'd revert back to 74.1SF which was very stable but @Voxel implemented a CVE fix in 74.4SF so I think it's prudent to stick with 74.4SF.

Other recommendations appreciated.

 

[kokishin]

Let us know if it happens again after a factory reset and setup from scratch and set a manual channel.

I have not touched the 7800 since my last post.

The 7800 has maintained it's DFS channel setting since I changed it back from channel 40.

We're in corona virus lockdown here in Silicon Valley and I'm somewhat paranoid about messing with my 7800 since it seems stable for the moment. However, I will clear the nvram and factory reset it at some point.

BTW, I'm very bored.

 

[Voxel]

BTW, I'm very bored.

We have to realize that this is current reality and most of people (worldwide) could be infected. Just good that it is not so dangerous for our kids. Keep your aged relatives and friends... Good luck for all of us. Routers can wait.

Voxel.

 

[B-dog66]

Hi all,

Since I updated to 74.4SF I notice on my router logs that I'm receiving a lot of Dos attack,scan etc.
My question is it's possible to block those IP addresses from the log?

Part of the log:

"[admin login] from source 192.168.1.7, Friday, March 20, 2020 08:26:06
[DHCP IP: 192.168.1.8] to MAC address 98:e0:d9:94:2d:4b, Friday, March 20, 2020 07:58:59
[DHCP IP: 192.168.1.5] to MAC address 88:53:95:32:1c:35, Friday, March 20, 2020 07:58:15
[DoS Attack: SYN/ACK Scan] from source: 139.99.124.217, port 30120, Friday, March 20, 2020 07:54:53
[DHCP IP: 192.168.1.6] to MAC address e4:b2:fb:ac:cc:4c, Friday, March 20, 2020 07:53:29
[DHCP IP: 192.168.1.7] to MAC address 5e:43:58:b4:be:01, Friday, March 20, 2020 07:52:34
[DHCP IP: 192.168.1.7] to MAC address 5e:43:58:b4:be:01, Friday, March 20, 2020 07:52:32
[DoS Attack: TCP/UDP Chargen] from source: 122.228.19.79, port 49745, Friday, March 20, 2020 07:21:28
[DoS Attack: RST Scan] from source: 107.164.239.87, port 80, Friday, March 20, 2020 07:08:47
[DoS Attack: TCP/UDP Chargen] from source: 128.232.21.75, port 56731, Friday, March 20, 2020 06:06:44
[DoS Attack: SYN/ACK Scan] from source: 139.99.68.192, port 2002, Friday, March 20, 2020 05:45:19
[DoS Attack: SYN/ACK Scan] from source: 61.74.73.139, port 5465, Friday, March 20, 2020 03:45:52
[DHCP IP: 192.168.1.6] to MAC address e4:b2:fb:ac:cc:4c, Friday, March 20, 2020 03:13:35
[DHCP IP: 192.168.1.7] to MAC address 5e:43:58:b4:be:01, Friday, March 20, 2020 02:50:57
[DoS Attack: TCP/UDP Chargen] from source: 185.244.39.216, port 54093, Friday, March 20, 2020 02:39:47
[DoS Attack: SYN/ACK Scan] from source: 85.13.144.194, port 443, Friday, March 20, 2020 02:01:59
[DHCP IP: 192.168.1.8] to MAC address 98:e0:d9:94:2d:4b, Friday, March 20, 2020 01:47:08
[DoS Attack: RST Scan] from source: 86.59.181.53, port 64419, Friday, March 20, 2020 01:44:49
[DoS Attack: RST Scan] from source: 86.59.181.53, port 63923, Friday, March 20, 2020 01:41:23
[DoS Attack: RST Scan] from source: 86.59.181.53, port 63178, Friday, March 20, 2020 01:38:59
[DoS Attack: SYN/ACK Scan] from source: 34.92.233.170, port 443, Friday, March 20, 2020 00:47:03
[DoS Attack: SYN/ACK Scan] from source: 85.13.144.194, port 443, Friday, March 20, 2020 00:23:17
[DoS Attack: SYN/ACK Scan] from source: 34.92.233.170, port 443, Thursday, March 19, 2020 23:20:45
[DoS Attack: SYN/ACK Scan] from source: 45.76.3.244, port 53, Thursday, March 19, 2020 22:34:42
[DoS Attack: SYN/ACK Scan] from source: 45.77.66.120, port 53, Thursday, March 19, 2020 22:27:32
[DoS Attack: SYN/ACK Scan] from source: 139.99.124.49, port 888, Thursday, March 19, 2020 22:05:06
[DoS Attack: UDP Port Scan] from source: 164.68.115.214, port 5086, Thursday, March 19, 2020 21:40:07
[DoS Attack: SYN/ACK Scan] from source: 149.56.106.179, port 22, Thursday, March 19, 2020 21:28:01
[DoS Attack: SYN/ACK Scan] from source: 139.99.124.49, port 888, Thursday, March 19, 2020 21:08:53
[DoS Attack: SYN/ACK Scan] from source: 139.99.124.49, port 888, Thursday, March 19, 2020 21:03:35
[DHCP IP: 192.168.1.3] to MAC address 04:cf:8c:94:d9:bd, Thursday, March 19, 2020 20:57:35
[DHCP IP: 192.168.1.5] to MAC address 88:53:95:32:1c:35, Thursday, March 19, 2020 20:53:09
[DoS Attack: SYN/ACK Scan] from source: 34.92.233.170, port 443, Thursday, March 19, 2020 20:13:21
[DoS Attack: RST Scan] from source: 209.59.105.64, port 34484, Thursday, March 19, 2020 20:05:04
[DoS Attack: TCP/UDP Chargen] from source: 138.197.12.187, port 45921, Thursday, March 19, 2020 20:00:04
[DoS Attack: SYN/ACK Scan] from source: 79.119.71.238, port 51413, Thursday, March 19, 2020 19:04:01
[DoS Attack: RST Scan] from source: 209.59.105.64, port 46769, Thursday, March 19, 2020 18:35:04
[WLAN access rejected: incorrect security] from MAC address 84:98:66:61:21:e7, Thursday, March 19, 2020 18:28:59
[WLAN access rejected: incorrect security] from MAC address 84:98:66:61:21:e7, Thursday, March 19, 2020 18:28:56
[WLAN access rejected: incorrect security] from MAC address 84:98:66:61:21:e7, Thursday, March 19, 2020 18:20:44
[WLAN access rejected: incorrect security] from MAC address 84:98:66:61:21:e7, Thursday, March 19, 2020 18:20:41
[DoS Attack: SYN/ACK Scan] from source: 51.91.221.26, port 7001, Thursday, March 19, 2020 18:19:26
[DoS Attack: RST Scan] from source: 209.59.105.64, port 46337, Thursday, March 19, 2020 18:05:08
[DoS Attack: ACK Scan] from source: 45.82.121.172, port 80, Thursday, March 19, 2020 17:51:46
[DoS Attack: TCP/UDP Chargen] from source: 83.97.20.49, port 56880, Thursday, March 19, 2020 16:20:03
[DoS Attack: SYN/ACK Scan] from source: 151.80.47.217, port 25565, Thursday, March 19, 2020 16:01:18
[DoS Attack: ACK Scan] from source: 157.240.14.53, port 80, Thursday, March 19, 2020 15:34:51
[DHCP IP: 192.168.1.6] to MAC address e4:b2:fb:ac:cc:4c, Thursday, March 19, 2020 15:13:34"

Regards,

 

[kamoj]

They are blocked. That's why they are in the log.
If you not want that log see this thread:
https://www.snbforums.com/threads/script-to-block-dos-ip-addresses-reported-in-the-log.55587/

Hi all,

Since I updated to 74.4SF I notice on my router logs that I'm receiving a lot of Dos attack,scan etc.
My question is it's possible to block those IP addresses from the log?

Part of the log:

"[admin login] from source 192.168.1.7, Friday, March 20, 2020 08:26:06
[DHCP IP: 192.168.1.8] to MAC address 98:e0:d9:94:2d:4b, Friday, March 20, 2020 07:58:59
[DHCP IP: 192.168.1.5] to MAC address 88:53:95:32:1c:35, Friday, March 20, 2020 07:58:15
[DoS Attack: SYN/ACK Scan] from source: 139.99.124.217, port 30120, Friday, March 20, 2020 07:54:53
[DHCP IP: 192.168.1.6] to MAC address e4:b2:fb:ac:cc:4c, Friday, March 20, 2020 07:53:29
[DHCP IP: 192.168.1.7] to MAC address 5e:43:58:b4:be:01, Friday, March 20, 2020 07:52:34
[DHCP IP: 192.168.1.7] to MAC address 5e:43:58:b4:be:01, Friday, March 20, 2020 07:52:32
[DoS Attack: TCP/UDP Chargen] from source: 122.228.19.79, port 49745, Friday, March 20, 2020 07:21:28
[DoS Attack: RST Scan] from source: 107.164.239.87, port 80, Friday, March 20, 2020 07:08:47
[DoS Attack: TCP/UDP Chargen] from source: 128.232.21.75, port 56731, Friday, March 20, 2020 06:06:44
[DoS Attack: SYN/ACK Scan] from source: 139.99.68.192, port 2002, Friday, March 20, 2020 05:45:19
[DoS Attack: SYN/ACK Scan] from source: 61.74.73.139, port 5465, Friday, March 20, 2020 03:45:52
[DHCP IP: 192.168.1.6] to MAC address e4:b2:fb:ac:cc:4c, Friday, March 20, 2020 03:13:35
[DHCP IP: 192.168.1.7] to MAC address 5e:43:58:b4:be:01, Friday, March 20, 2020 02:50:57
[DoS Attack: TCP/UDP Chargen] from source: 185.244.39.216, port 54093, Friday, March 20, 2020 02:39:47
[DoS Attack: SYN/ACK Scan] from source: 85.13.144.194, port 443, Friday, March 20, 2020 02:01:59
[DHCP IP: 192.168.1.8] to MAC address 98:e0:d9:94:2d:4b, Friday, March 20, 2020 01:47:08
[DoS Attack: RST Scan] from source: 86.59.181.53, port 64419, Friday, March 20, 2020 01:44:49
[DoS Attack: RST Scan] from source: 86.59.181.53, port 63923, Friday, March 20, 2020 01:41:23
[DoS Attack: RST Scan] from source: 86.59.181.53, port 63178, Friday, March 20, 2020 01:38:59
[DoS Attack: SYN/ACK Scan] from source: 34.92.233.170, port 443, Friday, March 20, 2020 00:47:03
[DoS Attack: SYN/ACK Scan] from source: 85.13.144.194, port 443, Friday, March 20, 2020 00:23:17
[DoS Attack: SYN/ACK Scan] from source: 34.92.233.170, port 443, Thursday, March 19, 2020 23:20:45
[DoS Attack: SYN/ACK Scan] from source: 45.76.3.244, port 53, Thursday, March 19, 2020 22:34:42
[DoS Attack: SYN/ACK Scan] from source: 45.77.66.120, port 53, Thursday, March 19, 2020 22:27:32
[DoS Attack: SYN/ACK Scan] from source: 139.99.124.49, port 888, Thursday, March 19, 2020 22:05:06
[DoS Attack: UDP Port Scan] from source: 164.68.115.214, port 5086, Thursday, March 19, 2020 21:40:07
[DoS Attack: SYN/ACK Scan] from source: 149.56.106.179, port 22, Thursday, March 19, 2020 21:28:01
[DoS Attack: SYN/ACK Scan] from source: 139.99.124.49, port 888, Thursday, March 19, 2020 21:08:53
[DoS Attack: SYN/ACK Scan] from source: 139.99.124.49, port 888, Thursday, March 19, 2020 21:03:35
[DHCP IP: 192.168.1.3] to MAC address 04:cf:8c:94:d9:bd, Thursday, March 19, 2020 20:57:35
[DHCP IP: 192.168.1.5] to MAC address 88:53:95:32:1c:35, Thursday, March 19, 2020 20:53:09
[DoS Attack: SYN/ACK Scan] from source: 34.92.233.170, port 443, Thursday, March 19, 2020 20:13:21
[DoS Attack: RST Scan] from source: 209.59.105.64, port 34484, Thursday, March 19, 2020 20:05:04
[DoS Attack: TCP/UDP Chargen] from source: 138.197.12.187, port 45921, Thursday, March 19, 2020 20:00:04
[DoS Attack: SYN/ACK Scan] from source: 79.119.71.238, port 51413, Thursday, March 19, 2020 19:04:01
[DoS Attack: RST Scan] from source: 209.59.105.64, port 46769, Thursday, March 19, 2020 18:35:04
[WLAN access rejected: incorrect security] from MAC address 84:98:66:61:21:e7, Thursday, March 19, 2020 18:28:59
[WLAN access rejected: incorrect security] from MAC address 84:98:66:61:21:e7, Thursday, March 19, 2020 18:28:56
[WLAN access rejected: incorrect security] from MAC address 84:98:66:61:21:e7, Thursday, March 19, 2020 18:20:44
[WLAN access rejected: incorrect security] from MAC address 84:98:66:61:21:e7, Thursday, March 19, 2020 18:20:41
[DoS Attack: SYN/ACK Scan] from source: 51.91.221.26, port 7001, Thursday, March 19, 2020 18:19:26
[DoS Attack: RST Scan] from source: 209.59.105.64, port 46337, Thursday, March 19, 2020 18:05:08
[DoS Attack: ACK Scan] from source: 45.82.121.172, port 80, Thursday, March 19, 2020 17:51:46
[DoS Attack: TCP/UDP Chargen] from source: 83.97.20.49, port 56880, Thursday, March 19, 2020 16:20:03
[DoS Attack: SYN/ACK Scan] from source: 151.80.47.217, port 25565, Thursday, March 19, 2020 16:01:18
[DoS Attack: ACK Scan] from source: 157.240.14.53, port 80, Thursday, March 19, 2020 15:34:51
[DHCP IP: 192.168.1.6] to MAC address e4:b2:fb:ac:cc:4c, Thursday, March 19, 2020 15:13:34"

Regards,

 

[B-dog66]

Thanks Kamoj, I know how to disable the log just I was thinking that there is something else what I can or must do. One thing what is pissing me off is that when it's more attack continuously my internet simply slowing down, like someone pull up the handbrake for the car.
Anyway thanks for the quick response!

PS. You guys doing an awesome job!

 

[violetaruth]

Just updated - thanks for your hard work

 

[e38BimmerFN]

Same here. Great FW and great router as well. Put my R7800 online last Friday. Been a great having it online again. OPEN NAT for gaming is so nice.

 

[thegr8anand]

Same here. Great FW and great router as well. Put my R7800 online last Friday. Been a great having it online again. OPEN NAT for gaming is so nice.

Why is open nat good for gaming? How do you change that?

 

[e38BimmerFN]

OPEN NAT is preferred for most all online gaming configurations. Moderate or Strict NAT seems to cause chat or gaming performance problems.

You have to first make sure that your ISP Modem doesn't have any built in router here already. Connecting any kind of external router behind this modem combo will cause NAT issues.
https://kb.netgear.com/30186/What-is-Double-NAT
https://kb.netgear.com/30187/How-to-fix-issues-with-Double-NAT
http://computer.howstuffworks.com/nat.htm
http://www.practicallynetworked.com/networking/fixing_double_nat.htm
https://community.netgear.com/t5/Ca...able-Modem-and-Cable-Modem/m-p/1864698#M21950
Stand alone modems are preferred with any kind of external router.

For single PC or game consoles playing online should mostly see OPEN NAT already.

For two or more game consoles online at the same time playing same game at the same time, changing NAT Filter to OPEN helps here.
Background Info:
https://badmodems.com/Forum/viewtopic.php?f=6&t=21

Why is open nat good for gaming? How do you change that?

 

[thegr8anand]

OPEN NAT is preferred for most all online gaming configurations. Moderate or Strict NAT seems to cause chat or gaming performance problems.

You have to first make sure that your ISP Modem doesn't have any built in router here already. Connecting any kind of external router behind this modem combo will cause NAT issues.
https://kb.netgear.com/30186/What-is-Double-NAT
https://kb.netgear.com/30187/How-to-fix-issues-with-Double-NAT
http://computer.howstuffworks.com/nat.htm
http://www.practicallynetworked.com/networking/fixing_double_nat.htm
https://community.netgear.com/t5/Ca...able-Modem-and-Cable-Modem/m-p/1864698#M21950
Stand alone modems are preferred with any kind of external router.

For single PC or game consoles playing online should mostly see OPEN NAT already.

For two or more game consoles online at the same time playing same game at the same time, changing NAT Filter to OPEN helps here.
Background Info:
https://badmodems.com/Forum/viewtopic.php?f=6&t=21

Never bothered with it and a few times i checked on xbox live settings it used to fail then on fixing it strict.

I set nat to open on r7800 but it only changed to moderate. Was unable to change the nat settings on isp router as it didn't allow bridge mode and disabling nat stopped internet to work.

After reading your articles and other articles. another option was using DMZ and luckily the router has an easy dmz mode and finally got Open Nat.

Thanks!

 

[e38BimmerFN]

Yes, DMZ on the host router will fix NAT issues with a 2nd router behind it.
Glad that worked. Enjoy.