AiProtection Alert VP Victim

[shadrock]

So I just got an RT-AC87R, which I love so far, but something has me stumped. I've recently enabled AiProtection, and now it's alerting me, but it's something I dont understand. I've googled the terms in random order, and got nothing, so I thought I'd ask you folks. The message says:

"Event number : 1
Alert type : VP victim
Device : MYBOOKLIVE 00:90:A9:B7:69:AC
URL/IP access : by

Event number : 2
Alert type : VP victim
Device : MYBOOKLIVE 00:90:A9:B7:69:AC
URL/IP access : by

2014-12-05 19:38:36 00:90:A9:B7:69:AC is attacked by 192.168.1.214 via TCP 51686, this action has been blocked."

The issue is that the MAC address listed and the IP address listed are for the same device. Does that mean it's attacking itself? Also, I checked the MyBookLive to see if it was checking for updates and that was what the alert was for, but it showed that the firmware was up to date, and it seems to be a manual process to update anyway.

Any one know what a "vp victim" is? Is this something to worry about, or another instance of the "Dead loop on virtual device vlan2, fix it urgently!" problem/non-problem?

Any info you can give would be greatly appreciated.

 

[jtjbt20x]

Same here, anyone have any ideas?

 

[System Error Message]

seems like the usual loop bug issue. some attacks have the source and destination ip to be the same to create loops.

 

[maddbomber83]

I'm also having this

Hello; I'm having the same issue and can't seem to get it troubleshot.

My Wife's computer and Mine are configured nearly the same. Her computer keeps 'attacking' itself through the 80 port several times a day.

Any idea on how to resolve this? There seems to be very limited information on this from a web search.

 

[InspectHerGadget]

Hello; I'm having the same issue and can't seem to get it troubleshot.

My Wife's computer and Mine are configured nearly the same. Her computer keeps 'attacking' itself through the 80 port several times a day.

Any idea on how to resolve this? There seems to be very limited information on this from a web search.

I once saw a video of a dog attacking it's own paw. Insane.

http://youtu.be/2O15DXv3Vwg

 

[maddbomber83]

I once saw a video of a dog attacking it's own paw. Insane.

http://youtu.be/2O15DXv3Vwg

Hehe, that is always worth the re watch.

To add a bit more humor..... It happens when she opens up Facebook.

I can totally see Facebook attacking itself. Now to figure out what app she's added to her account that does this sort of thing.

 

[InspectHerGadget]

Hehe, that is always worth the re watch.

To add a bit more humor..... It happens when she opens up Facebook.

I can totally see Facebook attacking itself. Now to figure out what app she's added to her account that does this sort of thing.

Well, Spotswood on Team America said to Gary when he said "now I've seen everything" replied "have you seen a man eat his own head?"...

I guess this issue is similar really....

I got one warning on my AC87 which turned out to be Telstra but the others are items on web page advertising it doesn't like. This is a good thing overall as long as the router doesn't start disabling devices or stopping web site traffic unnecessarily. I use FB but haven't had issues with that.

 

[Puppa]

Yeah, same thing happens on the AC3200. Back when my AC87 ruled the network, AI was claiming my HP printer was infected because it was connecting to an IP address at HP and blocked it from the network. Turned it off, because I couldn't do without my printer and there's no whitelist. Then I turned it on for my AC3200 a couple of days ago, and it had this VP victim on one of my android phones. Another false alarm, and blocked from WIFI. Looks like it's still not quite ready for prime time...

 

[W4RH34D]

It also doesn't like internal DNS servers. A little tweakability would be nice, but it has caught serveral real threats. I'd much rather be blocked at the network then be blocked when it's already on my freakin computer.

 

[fax]

In the latest firmware (4950) you can select which warnings you would like to receive i.e. malicious site blocking, vulnerability protection, infected device prevention and blocking. As far as I can see the latter is the one creating these false positives. Of course, this will not solve the false positive... just avoid the e-mail

 

[howarddavidp@gmail.com]

Hello,

I have a ASUS RT-AC68U, and it has the same AI Protection feature. I just got my 1st email from AIProtection, and it reads like this:

Event number : 1
Alert type : VP victim
Device : 01:00:00:00:00:00
URL/IP access : 192.168.0.190

Event number : 2
Alert type : VP victim
Device : 01:00:00:00:00:00
URL/IP access : 192.168.0.190

Suggest action: Your client devices has been detected suspicious networking behavior and blocked connection with destination server to protect your sensitive information.
Based on our recommendation, you can
1. Remove app that access this site and don't visit this website to prevent any personal information leak.
2. Check your router security setting.
3. Update security patch for your client or new firmware for your router.
Please refer to attached log file for detail information. You also can link to trend micro website to download security trial software for your client device protection.

http://www.trendmicro.com/


Whats important to note:

a) .190 is the WAN port on my Vonage adapter
b) I have that IP, .190, specificed as the DMZ

I do have WAN access enabled with a user generated password on the VOnage device, maybe someone got into the Vonage device perhaps?

Any ideas is great, the text file attached says this:
2015-04-15 09:42:18 01:00:00:00:00:00 is attacked by 192.168.0.190 via UDP 39260, this action has been blocked.

 

[sol1109]

I had the same problems. A software engineer from Asus contacted me about my original post, had me run some commands and email him the log files. When firmware 4585 came out the problem stopped. He just contacted me the other day to ask if the problem was corrected.