AiProtection Alerts - Should I Be Concerned?

[YrbkMgr]

I have the Asus RT-AC3200 and have recently enabled AiProtection. I've gotten a boatload of "successfully blocked events". Like 120+ in 6 days. It lists a MAC address of a client I don't recognize and is not listed in the router's clients table. The MAC Lookup reveals Cadant as the Mfr. The events are one of two: Exploit Remote Command Execution via Shell Script -2, and Exploit Netcore Router Backdoor Access. Looks like someone keeps knocking (seems like a lot). Should I be concerned? And how do I find more information about the MAC Address - what device it is?

 

[AndreiV]

I have the Asus RT-AC3200 and have recently enabled AiProtection. I've gotten a boatload of "successfully blocked events". Like 120+ in 6 days. It lists a MAC address of a client I don't recognize and is not listed in the router's clients table. The MAC Lookup reveals Cadant as the Mfr. The events are one of two: Exploit Remote Command Execution via Shell Script -2, and Exploit Netcore Router Backdoor Access. Looks like someone keeps knocking (seems like a lot). Should I be concerned? And how do I find more information about the MAC Address - what device it is?

No, ignore them. That is just bots wandering the net and AiProtection has seen it then blocked it.

Exploit Netcore Router Backdoor Access

You aren't running a Netcore router so this is not relevant.

The MAC address shown is outside your network , the sending device.

Make sure you have the latest firmware on your router and the latest version of AiProtection.

 

[YrbkMgr]

No, ignore them. That is just bots wandering the net and AiProtection has seen it then blocked it.

You aren't running a Netcore router so this is not relevant.

The MAC address shown is outside your network , the sending device.

Make sure you have the latest firmware on your router and the latest version of AiProtection.

Thanks so much for the info! I'd like to just confirm my understanding so if you don't mind...
1. Am I vulnerable if I turn off AiProtection?
2. How comfortable should I be sharing my activity with Trend Micro?
3. How does one confirm that AiProtection is the latest version? I thought it was an activity passthrough from the router directly to Trend Micro's site?

Regardless, I DO thank you for setting my mind at ease, although I do wonder how vulnerable I've been when it wasn't enabled. Thoughts?

 

[AndreiV]

Thanks so much for the info! I'd like to just confirm my understanding so if you don't mind...
1. Am I vulnerable if I turn off AiProtection?
2. How comfortable should I be sharing my activity with Trend Micro?
3. How does one confirm that AiProtection is the latest version? I thought it was an activity passthrough from the router directly to Trend Micro's site?

Regardless, I DO thank you for setting my mind at ease, although I do wonder how vulnerable I've been when it wasn't enabled. Thoughts?

1) If your router firmware is up to date and firewall enabled you should be fine, many people don't use AiProtection. It is additional protection.

2) I have no worries about the "data" shared, it is not personally identifiable and very limited. Ignore the hysterical drivel from some that will tell you TrendMicro take your identity and passwords etc. it is false.

3) Make sure your firmware is current and check that the "signature " shown on the firmware upgrade page is up to date.

 

[YrbkMgr]

You totally rock, sir. Thank you!