What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Recent content by spacemanspiff

  1. spacemanspiff

    Asus EULA now requiring explicit user consent

    Oops sorry! Thanka @RMerlin I guess I was auto-added to watched replies and didn’t see I was in a different thread!
  2. spacemanspiff

    Asus EULA now requiring explicit user consent

    Good posting @bennor - @siena please don't reply any further here - you've hijacked and derailed my thread and your queries are off-topic. If you have further replies or questions, please carry on in a new thread or one of the appropriate threads that @bennor linked.
  3. spacemanspiff

    RT-AX86U running Merlin serving DNS - possible Malware infection

    101.100.xxx.xxx is my ip address, I was just obfuscating the address since it's static and I didn't want to publicly post it. I'll DM it to you though. I was having my friend who is a network security professional in the USA run nmap on my IP. He's not familiar with Merlin or Asus routers and...
  4. spacemanspiff

    RT-AX86U running Merlin serving DNS - possible Malware infection

    Thanks @ColinTaylor - nmap has completed and the only thing was that port 53 being open....that's ok, too? Just wondering why it shows open on 53.
  5. spacemanspiff

    RT-AX86U running Merlin serving DNS - possible Malware infection

    So just circling back after a few days to see if everything is ok. Having someone rescan my IP via TCP and UDP. TCP comes back the way I expect. However, running this nmap -sS -sU -T4 -A -v 101.100.xxx.xxx/32 And have gotten this response on Port 53. Why is it not responding with a ICMP...
  6. spacemanspiff

    RT-AX86U running Merlin serving DNS - possible Malware infection

    Have gone ahead and restored to factory and reconfigured manually. The person who pointed this out to me is a pretty experience networking guy and he said he was definitely able to use my IP address as an unauthenticated proxy before I reconfigured and they are 100% sure the router was...
  7. spacemanspiff

    RT-AX86U running Merlin serving DNS - possible Malware infection

    tmp filters out here - https://pastebin.com/CanSDWY3 Seems to be a lot of -A INPUT entries, but I ran the other commands and received this output - https://pastebin.com/133pKd7a This is a little over my head so not sure if that is what I should expect to be seeing. There is nothing in JFFS...
  8. spacemanspiff

    RT-AX86U running Merlin serving DNS - possible Malware infection

    Firewall page shows it is enabled, but I can still run dig remotely from external networks (testing from a remote session from my worksite computer).
  9. spacemanspiff

    RT-AX86U running Merlin serving DNS - possible Malware infection

    That could be it. If the firewall is not running does that mean the router would have port 53 open and answer to public DNS queries?
  10. spacemanspiff

    RT-AX86U running Merlin serving DNS - possible Malware infection

    Thanks @RMerlin and @dave14305 - something seems strange. Why is my router/IP answer DNS queries? I'm happy to PM the IP address if you want to test yourself. Here's the IPtables output - https://pastebin.com/1QyQ5gg4 Also I have SSH disabled in the GUI, but I can confirm even with this...
  11. spacemanspiff

    RT-AX86U running Merlin serving DNS - possible Malware infection

    Someone scanned me using shodan and then found that my ip is answering public DNS queries. I was also unable to access my router via SSH until a reboot. That person suggested I was compromised. If not, why is port 53 open on my IP and why am I answering public DNS queries? I will post full...
  12. spacemanspiff

    RT-AX86U running Merlin serving DNS - possible Malware infection

    I've just become aware that my Asus RT-AX86U which is running the latest Merlin firmware (3004.388.9) might be compromised. Potentially by TheMoon malware or Alogin. I was made aware that port 53 is open, however, I don't have any port forwards enabled for 53 so I can't see why it would be...
  13. spacemanspiff

    [AC68U] Problems with NameCheap DDNS

    I was using this setup and the custom script to get this working with NameCheap DDNS, but I've recently switched to using DNS-O-Matic and I cannot get the Let's Encrypt certificate issued now. I've created a ddns-start script for DNS-O-Matic and that seems be working just fine and I can get it...
  14. spacemanspiff

    Getting a lot of Abnormal Login HTTP locks - Chrome issue?

    Not quite sure what is going on all of sudden, but the last week, most of the times I try to login to my Asus RT-AX86U which is running 3004.388.6_2 I get the HTTP login lock error and have to wait up to 5m to login to my router's admin page. When I get in, I can see tons of log entries across...
  15. spacemanspiff

    RT-AX86U Wake On LAN doen't work on 2.5gbe port?

    Definitely. Again, it works when plugged into 1Gbe ports….it wouldn’t work if it was off in the BIOS
See more
Back
Top