Menu
What's new
By:
Filters Better Search

AiProtection - Two-way IPS ?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Netbug

Netbug

Regular Contributor
Hi,

On the tab AiProtection -> Two-way IPS

Under top client it show's a MAC address with 15 hits. Is the MAC address suppose to be something on my network, ie a potential malicious device/app on a device or something similar connecting out or is it the MAC address where the attack came from? i can't find that mac address anywhere on my network, it's not my devices. Just a bit confused.

Also according it Two-Way IPS i've had a total of 18 high severity hits. Majority coming from same IP. Checking Alient Vault it says malicious host, actively malicious.

Security threats were:
EXPLOT Netcore Router Back Door Access
EXPLOT Remote Command Execution via Shell SCript -2

Checking the first part of mac address online just says Juniper Networks.

Cheers.
 
It can't be the originating source of the attack because MAC addresses don't travel outside the local network. It's probably your ISP's equipment connected downstream of your WAN interface.
 
ColinTaylor said:
It can't be the originating source of the attack because MAC addresses don't travel outside the local network. It's probably your ISP's equipment connected downstream of your WAN interface.
Click to expand...

doh have dumb am i, it's not the MAC of my modem, router or devices so must be although i don't why it shows MAC address if it going to be the same one. slightly confusing i think, i dont see no point or get why it's there, maybe it logs MAC address for suspected malicious devices on local network.

Surprised when i saw 15 high severity attacks. Gives an insight to be fair into what people/bots are up to.

Thank you.
 
Netbug said:
doh have dumb am i, it's not the MAC of my modem, router or devices so must be although i don't why it shows MAC address if it going to be the same one. slightly confusing i think, i dont see no point or get why it's there, maybe it logs MAC address for suspected malicious devices on local network.

Surprised when i saw 15 high severity attacks. Gives an insight to be fair into what people/bots are up to.

Thank you.
Click to expand...

The keyword listed that you have to trust is source "external". Listing a [foreign] MAC makes it appear to be internal and hence, overly alarming, imo. ASUS, if the external MAC is useless information, why bother the user with it... just call it 'external' and leave it at that.

OE
 
You must log in or register to reply here.

Similar threads

J
TWO WAY IPS AIPROTECTION - Whitelist ?
Replies
4
Views
655
jmbinette
J
R
Solved Help finding workarounds for a WiFi bridge repeater that doesn't support VLANs
Replies
3
Views
460
robca
R
D
Solved Skynet Blocked Devices Question
Replies
2
Views
1K
DJones
D
P
ASUS AiProtection impacting download speeds
Replies
18
Views
6K
drinkingbird
drinkingbird
YrbkMgr
AI Protection Alerts Coming From LAN Client
2
Replies
21
Views
3K
YrbkMgr
YrbkMgr
Similar threads
Thread starter Title Forum Replies Date
4 AiProtection & router-based VPN are incompatible ASUS Wireless 8

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 602 (members: 19, guests: 583)
Top