Menu
What's new
By:
Filters Better Search

Ai Cloud app and Ai Protection conflict? or Ai Cloud app compromised?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

E

eastavin

Senior Member
384.3_alpha2-g5b8da38
Two inquiries:

1) Some odd behaviour from AI Cloud app on Android. Keeps logging in endlessly. One log in should be enough?

upload_2018-1-27_16-56-48.png

upload_2018-1-27_16-58-11.png

upload_2018-1-27_16-59-13.png


2)
Noticed an AI Protection 2-way IPS Alert on TrendMicro. Looks like the router or client on the router is attacking the NAS on the LAN. No mac address given or at least it shows as all zeros. Does the Ai Cloud Android app have an infection? How does one interpret this?
upload_2018-1-27_16-38-0.png


However this is the exact time I tried AI Cloud app on my Android Smartphone on the LAN Wifi to access an Ethernet wired NAS.

Jan 27 07:13:58 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:13:59 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:06 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:15 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:15 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:16 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:16 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:16 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:17 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:17 webdav: Download samba file /192.168.1.100/xxxxx/can-flag.gif from ip 192.168.1.127
Jan 27 07:14:17 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:17 webdav: Download samba file /192.168.1.100/xxxxx/can-flag.gif from ip 192.168.1.127
Jan 27 07:14:17 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:17 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:17 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:17 webdav: Download samba file /192.168.1.100/xxxxx/xxxxx.gif from ip 192.168.1.127
Jan 27 07:14:17 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:17 webdav: Download samba file /192.168.1.100/xxxxx/xxxxx.gif from ip 192.168.1.127
Jan 27 07:14:38 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:38 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:38 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:42 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:42 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:42 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:58 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:14:58 webdav: Download samba file /192.168.1.100/xxxxx/French stuff/xxxxx/ReadMe.txt from ip 192.168.1.127
Jan 27 07:15:08 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:15:08 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:15:08 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:15:08 webdav: Download samba file /192.168.1.100/xxxxx/trillium.gif from ip 192.168.1.127
Jan 27 07:15:08 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:15:08 webdav: Download samba file /192.168.1.100/xxxxx/trillium.gif from ip 192.168.1.127
Jan 27 07:15:09 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:15:09 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:15:09 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:15:09 webdav: Download samba file /192.168.1.100/xxxxx/xxxxx_00000.jpg from ip 192.168.1.127
Jan 27 07:15:09 webdav: User login 192.168.1.100 from ip 192.168.1.127
Jan 27 07:15:09 webdav: Download samba file /192.168.1.100/xxxxx/xxxxx_00000.jpg from ip 192.168.1.127
Jan 27 07:15:10 webdav: User admin login from ip 192.168.1.127
Jan 27 07:15:10 webdav: User admin login from ip 192.168.1.127
Jan 27 07:15:31 webdav: User admin login from ip 192.168.1.127
Jan 27 07:15:31 webdav: User admin login from ip 192.168.1.127

app terminated.
 
I don't know anything about AI Cloud or the app but the message about SMB brute force attempt sounds like "normal" Windows behaviour.

I see from your other posts that you were having problems setting up Samba user accounts. Note that if you point Windows Explorer at a Samba share it will "spam" the server with login attempts using the current Windows user name and password. Is 192.168.1.100 a Windows PC or the router?

To "fix" this create Samba accounts on the router with exactly the same name and password as the Windows local accounts. (Note that you need to be logged into the PC with local account, not a Microsoft account).
 
Hi. Thanks for the reply. Well I suppose its not so much problems as I have never used the USB share feature or the AiCloud before on this router. So thats the cause of my dumb questions. I tried reading Asus documentation and faq but its not that helpful and the links to all 13 of their videos on AiCloud and other feature set up are broken.

To answer your other questions:

The flow chart here is an AI cloud app equipped Android phone passing through the ASUS router at 1.1 to access a public folder on a Linux NAS (equipped with Samba/FTP/WebDAV/afp, but both WebDAV and AFP are deactivated) at 1.100 and download a file.

Does the above add anything? No windows in this picture.

you wrote <<To "fix" this create Samba accounts on the router with exactly the same name and password as the Windows local accounts.>> I will have to give this some thought as there is no windows in the picture and the target file was public.

And why does Ai Protection report Ai Cloud as a dangerous app? Aren't both Asus features developed to stringent standards and fully tested by the manufacturer? Ideally they should work together?
 
Last edited:
eastavin said:
Does the above add anything? No windows in this picture.
Click to expand...
OK, you're not using the setup I had imagined so you can ignore everything I said :). As for the error messages I can't offer any advice as I've never used Ai Cloud or Ai Protection :(.
 
You must log in or register to reply here.

Similar threads

Neo-ST
Can't get AX86U to work with bridged router (Link DOWN)
Replies
18
Views
852
Neo-ST
Neo-ST
W
GT-AX11000 on 388.1 - Wireguard and OpenVPN pro - IPTV Disconnects
Replies
0
Views
822
wizin
W
S
XT12 router mode frequent reboot by unknown reason
Replies
2
Views
1K
Subaru
S
T
CakeQOS Cake Stops for No Apparent Reason
Replies
1
Views
1K
TonyK132
T
E
5ghz just presumedly 'dead'
Replies
4
Views
688
L&LD
L&LD
Similar threads
Thread starter Title Forum Replies Date
A WireGuard tunnel interferes with Tapo cloud app (blocks it) Asuswrt-Merlin 13
Sunny786 How to add Wireguard VPN Server to Asus Merlin running on GT-AX11000 router? Wireguard is running on Oracle Cloud. Asuswrt-Merlin 1
eddiec repeater mode and samba share/cloud disk questions Asuswrt-Merlin 1
D IPTV - VPN via Router does not work, App does Asuswrt-Merlin 2
D Open VPN App No Longer Working Asuswrt-Merlin 3
M ASUS iOS app not finding router in bridge mode Asuswrt-Merlin 3
Q [Feature Request] Schedule DoS Protection state and/or whitelist option Asuswrt-Merlin 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 642 (members: 13, guests: 629)
Top