1

Topic: Netgear WPN824 WiFi Access Point / Router / Network Switch --- boo.

So I have an interesting thing to share with everyone.

I just got off the phone with a customer who is trying to use a Netgear WPN824 to provide wireless network connectivity between his customer's laptop computer and a single NION.

First, it should be noted that when the computer and NION are both plugged into the 4-port network switch, everything is great! Everything works as expected.

However, once the computer is moved to the wireless 802.11 network, he can not see the NION. This is understandable as there is now a router between the NION and computer, thus the multicast discovery packets will not pass.

So, we modify the pandad.cfg.xml file in the NWare root directory to automatically provide the remote link through the router. Again, this is not a problem, both machines have fixed IP addresses.

Now everything works great... for a while.

After some indeterminite amount of time, the router software in the Netgear WPN824 cuts off the NION, and we can no longer establish communications with it. However... (and this is the interesting part) the NION will still receive and respond to pings from the laptop... while the laptop is still on the WiFi network across the router... and the router does not have an entry in its list of connected devices for the NION. I found this to be quite bizarre until I started reading the manual for this multifunction network device:

wpn824_ref_manual.pdf wrote:

A Powerful, True Firewall with Content Filtering

Unlike simple Internet sharing NAT routers, the WPN824 is a true firewall, using stateful packet
inspection to defend against hacker attacks. Its firewall features include:
• Denial of Service (DoS) protection.
Automatically detects and thwarts DoS attacks such as Ping of Death, SYN Flood, LAND
Attack, and IP Spoofing.
• Blocks unwanted traffic from the Internet to your LAN.
• Blocks access from your LAN to Internet locations or services that you specify as off-limits.

So, does this mean that this router will recognize all the standard NION network traffic as a DoS attack of some sort and just disconnect it from the network?

Does anyone have any thoughts about this or any ideas on how to configure this handy little multifunction network appliance to do what we want?

I know it is not pro grade, but the budget for this system will likely not support a "professional" WiFi interface.

fwiw, I have not had this issue with my Linksys WRT-54G router with which I attempted the same thing.

The manual for the Netgear WPN824 is here if anyone would like to take a look:
http://kb.netgear.com/app/answers/detail/a_id/2198

Your thoughts are appreciated!

Thanks!

Josh Millward
Burnt Orange Studios

2

Re: Netgear WPN824 WiFi Access Point / Router / Network Switch --- boo.

JoshM wrote:

So, does this mean that this router will recognize all the standard NION network traffic as a DoS attack of some sort and just disconnect it from the network?

That statement relies on a lot of assumed definitions. Things such as what and how does the device determine that said traffic is DoS related. I'm pretty sure the router has no concept as to what 'standard Nion' traffic is, however it does know about unicast and multicast IP.

I would suggest that this may be a good opportunity to fire up Wireshark and see what, or more precisely, what's not going on. From your description, it appears the device still routes IP traffic between the subnets, hence the correct operation of ICMP echo(aka ping). Do the echo responses make it back to the laptop? Monitor the Nion's LAN port(you can port mirror, right?) and see what stops when you lose comms.

3

Re: Netgear WPN824 WiFi Access Point / Router / Network Switch --- boo.

Or contact Netgear, explain the situation, and ask them what their device is doing.

Nihilism is best done by professionals

4

Re: Netgear WPN824 WiFi Access Point / Router / Network Switch --- boo.

Funny, this goes back to another discussion in the forum regarding 'default settings' of switches (I know this one isn't a switch). 

One of the settings we typically find set 'incorrectly' from the 'factory' is Broadcast Storm Control (some manufactures call it different names) which is the basis of the DOS attacks.  Typically in cheaper and/or residential products there is no setting for throttling or controlling the parameters that control this feature.  I hope I'm wrong in this case... please let us know!

Thanks,

Joe