What's new

AIProtection: Daily external Attack

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

mighty_scoop

New Around Here
Hi all,

got a new Asus GT-AXE16000 and installed the current asuswrt-merlin version (386.8).
Last friday i installed diversion via amtm. Since then (i don't know if it really is corresponding in time) i get daily (~20per day) alarms from AIProtection - Two Way IPS:

EXPLOIT Remote Command exec ution via Shell Script -2

always from the same ip 37.44.238.167

First i restarted my router to get a new IP: no change.
Then I tried to disable Diversion. No change.
Lastly I resetted my router via administration->restore ... no change.

I am a bit worried even if all these attacks are labled as blocked.

Does anybody know what this kind of attack means.
Can i block that IP somewhere?

Thanks in advance

Dominic
 

Attachments

  • Screenshot_20220905-071130.png
    Screenshot_20220905-071130.png
    97.1 KB · Views: 148
It's just a normal bot scanner, ignore it.


To be safe make sure you have disabled SSH WAN access and Web Access from WAN (Administration - System).

Hi Colin,

thanks for your reply. Yes, i disabled both options.
What makes me wonder is that the same IP (bot) "attacks" me even after resetting the router and/or getting a new IP. Is this normal or is mac-adress used to "find me". Sorry if this is a stupdi question ... i don't know much about internet security and possible attacks.
Was the close time connection between diversion installation and the attack just a coincidence?

Again thanks!
 
This is normal - welcome to the internet.

The problem with AiProtection is that it reports lots of scary sounding things that would otherwise just be dropped silently. This makes people think that this is something new or something that is specifically aimed at them. It isn't, it's just that any other router (or your router if you turn off AiProtection) wouldn't report it.

Was the close time connection between diversion installation and the attack just a coincidence?
Yes, just coincidence.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top