1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

AiProtection on Asus routers

Discussion in 'General Network Security' started by H.Z., Oct 23, 2018.

  1. H.Z.

    H.Z. Occasional Visitor

    Joined:
    Oct 26, 2017
    Messages:
    20
    I'm looking for help to use AiProtection's logs/reports. I've tried to ask Asus support's help about two month ago, but there is no answer from them... (naturally :( )
    Today I've tried to contact to Trend Micro's support on live chat, but when I wrote words Asus and AiProtection, the support dropped chat... (thanks :( )
    Is the any way, to get usable information from the logs of two-way-IPS? There are many unknown MAC addresses in the "Security event" window, as "top clients" and I can't find any documentation about this log's content.
     
    Last edited: Oct 24, 2018
  2. AndreiV

    AndreiV Very Senior Member

    Joined:
    Aug 25, 2015
    Messages:
    546
    Location:
    UK
    " Details of a Successfully Protected Event " ....... you see that at the top of the list of events?

    Means blocked/protected, there is nothing to worry/think about.

    Most of what AiProtection lists there are exploits (old ones) that would bounce off your router's firewall anyway.
     
  3. H.Z.

    H.Z. Occasional Visitor

    Joined:
    Oct 26, 2017
    Messages:
    20
    Thanks, but it doesn't help me... :(
    I don't worry about the "blocked" attacks(??), but I'd like to know, what are the many unknown MAC addresses in the Security Event/Top Clients box.
    For example:
    I have no devices with these MAC addresses...
     
  4. AndreiV

    AndreiV Very Senior Member

    Joined:
    Aug 25, 2015
    Messages:
    546
    Location:
    UK
    Not surprising, those are the "incoming" MAC addresses, probably the kit used by the ISP or a data centre between the " attacking" source and your device.

    Most of those reported events are simply bots looking for vulnerable / unpatched routers, if the events are blocked there is nothing to worry about, do you check every single IP address that the router firewall log shows as blocked ? All that matters is the packets were dropped.

    AiProtection used to do its job without providing any details , since they included the GUI with all the data people panic ........