Recent content by spacemanspiff

Oops sorry! Thanka @RMerlin I guess I was auto-added to watched replies and didn’t see I was in a different thread!

Good posting @bennor - @siena please don't reply any further here - you've hijacked and derailed my thread and your queries are off-topic. If you have further replies or questions, please carry on in a new thread or one of the appropriate threads that @bennor linked.

101.100.xxx.xxx is my ip address, I was just obfuscating the address since it's static and I didn't want to publicly post it. I'll DM it to you though. I was having my friend who is a network security professional in the USA run nmap on my IP. He's not familiar with Merlin or Asus routers and...

Thanks @ColinTaylor - nmap has completed and the only thing was that port 53 being open....that's ok, too? Just wondering why it shows open on 53.

So just circling back after a few days to see if everything is ok. Having someone rescan my IP via TCP and UDP. TCP comes back the way I expect. However, running this nmap -sS -sU -T4 -A -v 101.100.xxx.xxx/32 And have gotten this response on Port 53. Why is it not responding with a ICMP...

Have gone ahead and restored to factory and reconfigured manually. The person who pointed this out to me is a pretty experience networking guy and he said he was definitely able to use my IP address as an unauthenticated proxy before I reconfigured and they are 100% sure the router was...

tmp filters out here - https://pastebin.com/CanSDWY3 Seems to be a lot of -A INPUT entries, but I ran the other commands and received this output - https://pastebin.com/133pKd7a This is a little over my head so not sure if that is what I should expect to be seeing. There is nothing in JFFS...

Firewall page shows it is enabled, but I can still run dig remotely from external networks (testing from a remote session from my worksite computer).

That could be it. If the firewall is not running does that mean the router would have port 53 open and answer to public DNS queries?

Thanks @RMerlin and @dave14305 - something seems strange. Why is my router/IP answer DNS queries? I'm happy to PM the IP address if you want to test yourself. Here's the IPtables output - https://pastebin.com/1QyQ5gg4 Also I have SSH disabled in the GUI, but I can confirm even with this...

Someone scanned me using shodan and then found that my ip is answering public DNS queries. I was also unable to access my router via SSH until a reboot. That person suggested I was compromised. If not, why is port 53 open on my IP and why am I answering public DNS queries? I will post full...

I've just become aware that my Asus RT-AX86U which is running the latest Merlin firmware (3004.388.9) might be compromised. Potentially by TheMoon malware or Alogin. I was made aware that port 53 is open, however, I don't have any port forwards enabled for 53 so I can't see why it would be...

I was using this setup and the custom script to get this working with NameCheap DDNS, but I've recently switched to using DNS-O-Matic and I cannot get the Let's Encrypt certificate issued now. I've created a ddns-start script for DNS-O-Matic and that seems be working just fine and I can get it...

Not quite sure what is going on all of sudden, but the last week, most of the times I try to login to my Asus RT-AX86U which is running 3004.388.6_2 I get the HTTP login lock error and have to wait up to 5m to login to my router's admin page. When I get in, I can see tons of log entries across...

Definitely. Again, it works when plugged into 1Gbe ports….it wouldn’t work if it was off in the BIOS