#1  
Old October 18th, 2007, 07:04 PM
rfulkerson's Avatar
rfulkerson rfulkerson is offline
Junior Member
NETGEAR Newbie
 
Join Date: Oct 2007
Posts: 7
rfulkerson is on a distinguished road
Exclamation Netgear Smart Wizard SPAMMING

I just discovered that the Netgear Smart Wizard (the 'preferred' WG311T management tool) has been the source of countless MX requests to my DNS server. This application would request an MX record at least every 10 seconds from either google.com, microsoft.com, yahoo.com, or intel.com. This has resulted in thousands of entries per hour appearing in my DNS logs.

I have been working on this for several days, and have found others on the web who have as well, as we all believed the source was a virus or rootkit.

Has anyone else seen this with the Netgear Smart Wizard? If you do not have access to your DNS logs, please take a look at your network packets using Wireshark (formerly ethereal). I am very curious to know if just some of us suffered from an infected download, or if this is typical of the Smart Wizard.

Thanks,
Ron
__________________
Play free card games @ www.evver.com
Reply With Quote
  #2  
Old October 19th, 2007, 03:20 AM
beisser's Avatar
beisser beisser is offline
Moderator
NETGEAR Prophet
 
Join Date: Nov 2006
Location: Near Munich, Germany
Posts: 3,620
beisser is on a distinguished road
Default Re: Netgear Smart Wizard SPAMMING

yeah the netgear software does that. apparantly to check of you are connected to the internet. overkill in my eyes but in no way harmful.
__________________
Forum Rules
How to contact Techsupport using various methods!
How to contact Techsupport by phone!
How to contact Techsupport online!
IPSEC-VPN, Tips and Tricks and Howto's
How to get proper access to the Enterprise-Forum!

"Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook

EVA1: EVA9000 -> 32" Samsung LCD
EVA2: EVAx000 -> 32" Samsung LCD
NAS: ReadyNAS Pro RNDP6610
Reply With Quote
  #3  
Old October 19th, 2007, 10:58 AM
wb2dyb wb2dyb is offline
Junior Member
NETGEAR Newbie
 
Join Date: Oct 2007
Posts: 1
wb2dyb is on a distinguished road
Default Re: Netgear Smart Wizard SPAMMING

Having the same problem. That is intended? Wow. That's a bad idea. That thing is making nameserver log files huge with an additional 24 lines per minute. Does Netgear officially document that anywhere? If not, it would be a good idea, I've been searching the net for four months trying to find this. Thanks for the VERY useful comment! -GeorgeC
Reply With Quote
  #4  
Old October 19th, 2007, 04:06 PM
fordem fordem is offline
Senior Member
NETGEAR Fanatic
 
Join Date: Nov 2006
Posts: 7,218
fordem is on a distinguished road
Default Re: Netgear Smart Wizard SPAMMING

Techically speaking - that is not SPAM
Reply With Quote
  #5  
Old October 19th, 2007, 04:37 PM
rfulkerson's Avatar
rfulkerson rfulkerson is offline
Junior Member
NETGEAR Newbie
 
Join Date: Oct 2007
Posts: 7
rfulkerson is on a distinguished road
Default Re: Netgear Smart Wizard SPAMMING

Whoever designed this wasn't "technically" thinking.
__________________
Play free card games @ www.evver.com
Reply With Quote
  #6  
Old October 23rd, 2007, 05:51 AM
3Phase 3Phase is offline
Junior Member
NETGEAR Newbie
 
Join Date: Oct 2007
Posts: 1
3Phase is on a distinguished road
Default Re: Netgear Smart Wizard SPAMMING

Quote:
Originally Posted by rfulkerson View Post
Whoever designed this wasn't "technically" thinking.
I agree with you about the thinking part -- state management al la several someones' DNS bandwidth?

Something was interfering with the power management settings on my machine by sending a shipload of DNS queries that overflowed my firewall log. The system wouldn't go into any automatic power conservation mode whilst the connection was 'in use' and writing to the firewall log every ten seconds, and my firewall log was useless.

Eventually, I tracked it down to wlancfg5.exe so I only run it to establish the connection and then close it. There have been no more overflowed logs, and power management works.

Regards,

Scott
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 06:26 PM.