Menu
What's new
By:
Filters Better Search

cannot add domain to router URL filter

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

TanyaC

TanyaC

Regular Contributor
I have found that I'm getting incoming traffic from a domain called naj.sk, a site I've never used
I can't seem to block it's IP address 185.64.219.37. The services rule adds ok for my RT-AC88u with latest merlin firmware
But if I try and add a URL filter it says applying changes but doesn't actually add naj.sk to the list

The website is connecting to local port 25360 and is constantly sending me 6bps

I can't seem to block it.

I installed netlimiter as a test and I was able to block it there but then another domain just replaced naj.sk. I've since uninstalled netlimiter.

I am using OpenVPN and netstat -ab shows that the connection is to openVPN. And Thunderbird. And Firefox. And PotPlayer.
Port 25360 is OpenVPNs management interface port offset. I Posted on the OpenVPN forum but cannot get any response.

I've done multiple virus scans and nothing is found.

How can I block this inbound traffic?
 
TanyaC said:
I have found that I'm getting incoming traffic from a domain called naj.sk, a site I've never used
I can't seem to block it's IP address 185.64.219.37. The services rule adds ok for my RT-AC88u with latest merlin firmware
But if I try and add a URL filter it says applying changes but doesn't actually add naj.sk to the list

The website is connecting to local port 25360 and is constantly sending me 6bps

I can't seem to block it.

I installed netlimiter as a test and I was able to block it there but then another domain just replaced naj.sk. I've since uninstalled netlimiter.

I am using OpenVPN and netstat -ab shows that the connection is to openVPN. And Thunderbird. And Firefox. And PotPlayer.
Port 25360 is OpenVPNs management interface port offset. I Posted on the OpenVPN forum but cannot get any response.

I've done multiple virus scans and nothing is found.

How can I block this inbound traffic?
Click to expand...
Use Skynet
 
Are you using OpenVPN as a client or server? If server have you changed the default port? Have you disabled UPnP?
 
bbunge said:
Are you using OpenVPN as a client or server? If server have you changed the default port? Have you disabled UPnP?
Click to expand...
Client.

25360 is a setting in OpenVPN client software for management interface port offset
I can't seem to close the port. OpenVPN might be opening it when it starts at boot overriding any windows firewall config I might have created.
 
I think you were responding to my post while I was editing it :)

Reading the amtm step-by-step post https://www.snbforums.com/threads/amtm-step-by-step-install-guide-l-ld.56237/

it states "Set 'Enable SSH Brute Force Protection' to 'Yes'"
I don't have an option to enable that. Is that going to be an issue?

The link on the post for putty is broken. I assume this one is ok: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

When I run putty and attempt to log in I get "The remote site unexpectedly closed the connection. Subsequent attempts to log in to putty timeout with the network error: connection refused
 
TanyaC said:
I think you were responding to my post while I was editing it :)

Reading the amtm step-by-step post https://www.snbforums.com/threads/amtm-step-by-step-install-guide-l-ld.56237/

it states "Set 'Enable SSH Brute Force Protection' to 'Yes'"
I don't have an option to enable that. Is that going to be an issue?

The link on the post for putty is broken. I assume this one is ok: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

When I run putty and attempt to log in I get access denied. I am using the username and password I use to log into the router.
Click to expand...
I have never seen this bruteforce option.

You can use any putty. You can even use CMD in windows and ssh from there.
ssh admin@192.168.50.1 -p sshport

If you want to make it easier (and more secure) you can add ssh keys to all this. You use a public key on the router, and then using a private key where you ssh from. And thus you can skip the password prompt alltogeather and have a faster and more secure login.

How to Set up SSH and Generate an SSH Key on Windows 11 (for Use With GitHub)

In this tutorial I explain how to set up SSH on Windows and how to generate an SSH key. I also show how to use this SSH key for GitHub.
davidaugustat.com davidaugustat.com

learn.microsoft.com

Windows Terminal SSH

In this tutorial, learn how to set up an SSH connection in Windows Terminal.
learn.microsoft.com
 
TanyaC said:
I am using OpenVPN and netstat -ab shows that the connection is to openVPN. And Thunderbird. And Firefox. And PotPlayer.
Port 25360 is OpenVPNs management interface port offset. I Posted on the OpenVPN forum but cannot get any response.
Click to expand...
The OpenVPN management port is bound to 127.0.0.1 (unless you've changed that). So it is impossible for a different host to connect to that port as 127.0.0.1 is not a routable address.
 
Last edited:
ColinTaylor said:
The OpenVPN management port is bound to 127.0.0.1 (unless you've changed that). So it is impossible for a different host to connect to that port as 127.0.0.1 is not a routable address.
Click to expand...
I wouldn't even know how to change that. And yes, I do see it as 127.0.0.1. I'll need to reinstall netlimiter so I can post a screen shot of what I'm seeing. I'll also post the netstat -ab results too. I'll post back shortly.
 
netstat -ab
Code: 
C:\Users\Tanya>netstat -ab

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            pipe:0                 LISTENING
  RpcEptMapper
 [svchost.exe]
  TCP    0.0.0.0:445            pipe:0                 LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:1024           pipe:0                 LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:5357           pipe:0                 LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:49664          pipe:0                 LISTENING
 [lsass.exe]
  TCP    0.0.0.0:49665          pipe:0                 LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:49666          pipe:0                 LISTENING
  EventLog
 [svchost.exe]
  TCP    0.0.0.0:49667          pipe:0                 LISTENING
  Schedule
 [svchost.exe]
  TCP    0.0.0.0:49668          pipe:0                 LISTENING
 [spoolsv.exe]
  TCP    10.8.3.4:139           pipe:0                 LISTENING
 Can not obtain ownership information
  TCP    10.8.3.4:14745         209:https              ESTABLISHED
 [firefox.exe]
  TCP    10.8.3.4:14746         93:https               ESTABLISHED
 [firefox.exe]
  TCP    10.8.3.4:14748         server-18-155-129-29:https  TIME_WAIT
  TCP    10.8.3.4:14750         server-52-84-174-68:https  ESTABLISHED
 [firefox.exe]
  TCP    10.8.3.4:14751         server-52-84-174-68:https  TIME_WAIT
  TCP    10.8.3.4:14752         server-13-249-9-42:https  ESTABLISHED
 [firefox.exe]
  TCP    10.8.3.4:14755         173:https              TIME_WAIT
  TCP    10.8.3.4:14756         173:https              ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:1025         www:1026               ESTABLISHED
 [thunderbird.exe]
  TCP    127.0.0.1:1026         www:1025               ESTABLISHED
 [thunderbird.exe]
  TCP    127.0.0.1:1027         www:25360              ESTABLISHED
 [openvpn-gui.exe]
  TCP    127.0.0.1:14714        www:14715              ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:14715        www:14714              ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:14716        www:14717              ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:14717        www:14716              ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:14718        www:14719              ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:14719        www:14718              ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:14720        www:14721              ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:14721        www:14720              ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:14727        www:14728              ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:14728        www:14727              ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:25360        pipe:0                 LISTENING
 [openvpn.exe]
  TCP    127.0.0.1:25360        www:1027               ESTABLISHED
 [openvpn.exe]
  TCP    192.168.1.2:139        pipe:0                 LISTENING
 Can not obtain ownership information
  TCP    192.168.1.2:5652       SERVER:microsoft-ds    ESTABLISHED
 Can not obtain ownership information
  TCP    [::]:135               Tanya-PC:0             LISTENING
  RpcEptMapper
 [svchost.exe]
  TCP    [::]:445               Tanya-PC:0             LISTENING
 Can not obtain ownership information
  TCP    [::]:1024              Tanya-PC:0             LISTENING
 Can not obtain ownership information
  TCP    [::]:5357              Tanya-PC:0             LISTENING
 Can not obtain ownership information
  TCP    [::]:49664             Tanya-PC:0             LISTENING
 [lsass.exe]
  TCP    [::]:49665             Tanya-PC:0             LISTENING
 Can not obtain ownership information
  TCP    [::]:49666             Tanya-PC:0             LISTENING
  EventLog
 [svchost.exe]
  TCP    [::]:49667             Tanya-PC:0             LISTENING
  Schedule
 [svchost.exe]
  TCP    [::]:49668             Tanya-PC:0             LISTENING
 [spoolsv.exe]
  UDP    0.0.0.0:3702           *:*
  FDResPub
 [svchost.exe]
  UDP    0.0.0.0:3702           *:*
  FDResPub
 [svchost.exe]
  UDP    0.0.0.0:5353           *:*
  Dnscache
 [svchost.exe]
  UDP    0.0.0.0:49666          *:*
  FDResPub
 [svchost.exe]
  UDP    0.0.0.0:49668          *:*
 [openvpn.exe]
  UDP    0.0.0.0:50233          *:*
 [firefox.exe]
  UDP    0.0.0.0:50234          *:*
 [firefox.exe]
  UDP    0.0.0.0:50235          *:*
 [firefox.exe]
  UDP    0.0.0.0:52639          *:*
 [firefox.exe]
  UDP    10.8.3.4:137           *:*
 Can not obtain ownership information
  UDP    10.8.3.4:138           *:*
 Can not obtain ownership information
  UDP    192.168.1.2:137        *:*
 Can not obtain ownership information
  UDP    192.168.1.2:138        *:*
 Can not obtain ownership information
  UDP    [::]:3702              *:*
  FDResPub
 [svchost.exe]
  UDP    [::]:3702              *:*
  FDResPub
 [svchost.exe]
  UDP    [::]:49667             *:*
  FDResPub
 [svchost.exe]

Netlimiter.
 

Attachments

  • nl1.png
    nl1.png
    153.4 KB · Views: 10
There is nothing suspicious in your output.

openvpn-gui.exe is connecting to the openvpn.exe management port (127.0.0.1:1027>127.0.0.1:25360).

The only thing that's confusing is your PC's name resolution is returning nonsense. It's saying that IP address 127.0.0.1 is naj.sk, www.bing.com and www. That looks like you're using an ad-blocker that returns 127.0.0.1 for blocked domains.
 
Ok, so the constant 6bps incoming data is not an issue.

I wouldn't even know how to configure uBlock to return 127.0.0.1 for blocked domains. I install uBlock, on some websites I might add a global or local rule for a domain, but that's about all.

Why do I see Thunderbird connected to port 25360, and at times potplayer, Firefox and others?

I'd rather not get into a long protracted debate about the hosts file, other than to say I use 127.0.0.1 as the address for all hosts file entries. I've changed it to 0.0.0.0 to see how that reacts.

I don't have an entry in the hosts file for naj.sk, as that is only for outbound traffic and my issue (I thought was inbound).

But getting back to my original question. Why can't I save the naj.sk domain name in the URL filter on the router?
 
TanyaC said:
But getting back to my original question. Why can't I save the naj.sk domain name in the URL filter on the router?
Click to expand...
No idea. It works for me.

Maybe you have a browser extension that is interfering with things?
 
I would think if that were true I couldn't add other domains as well. I can, it's just this one it won't let me add.
I thought also I might be at the limit of number of entries, so I deleted one and tried again. Same.
But, a good point, I'll open the browser in safe mode and try again.
 
You must log in or register to reply here.

Similar threads

M
Firewall rule to allow only a specific domain name
Replies
13
Views
811
ColinTaylor
C
M
OpenVPN clients cannot connect to LAN computers.
Replies
0
Views
127
MNBob
M
U
XD5 Firewall URL filtering question / options
Replies
0
Views
96
upgrade
U
M
OpenVPN / site to site with special security/routing constraints
Replies
7
Views
333
elorimer
E
E
OpenVPN TAP internet access problem
Replies
0
Views
83
elorimer
E
Similar threads
Thread starter Title Forum Replies Date
M OpenVPN clients cannot connect to LAN computers. Asuswrt-Merlin 0
muffintastic Cannot Stream from Router - Samba Problem Asuswrt-Merlin 2
U Solved Cannot upload self-signed cert for web UI Asuswrt-Merlin 6
M Cannot connect to a website Asuswrt-Merlin 5
E Cannot flash DSL-AX82U with GNUton firmware Asuswrt-Merlin 18
Robert Tickle My laptops cannot “see” the new printer Asuswrt-Merlin 4
P Error compiling for AX58U: cannot find crt1.o crti.o crtbegin.o Asuswrt-Merlin 4
B Cannot connect to Wireguard VPN Server Asuswrt-Merlin 5
S Cannot ping/skynet will not work while Firewall is Enabled. Asuswrt-Merlin 2
H Temporary Loss Of WiFi And Log Full Of "acs_start eth7 cannot select chanspec with the wrong info" Asuswrt-Merlin 22

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 980 (members: 34, guests: 946)
Top