AiProtection Security Level: Ping from WAN vs Web Access from WAN

DiliMe

Occasional Visitor
Hi,
I'm confused about the way AiProtection calculates security risk and I'm looking for your opinion. Please check the 2 images below.
I see that "Ping from WAN" is considered a lower level (RED) of security compared to "Web access from WAN" (GREEN), while I would consider viceversa.
I consider that having the Asus Login page available from the WAN is riskier than having ICMP (ping) ON. ICMP could reveal that my IP is UP for port scanners and eventually somebody can put my device Down by forcing a DoS attack on my IP address.
I want/need to have "something" available from WAN side so that I can automatically monitor the uptime of my internet connection (I am using www.uptimerobot.com), either using ping or the availability of a 8443 port.
So I need to assume one risk: "Ping from WAN" vs "Web access from WAN".
What is your opinion?
IMG_8290.jpg
IMG_8289.jpg
 

Tech9

Part of the Furniture
What is your opinion?

For better security - stop using this mobile app. Disable both Ping and Web Access from WAN. Use VPN to access your router settings.
 

DiliMe

Occasional Visitor
I use OpenVPN for remote access, but I also need/want to monitor from outside and receive notifications about the status of my internet connection. But OpenVPN cannot be easily monitored on UDP or TCP port because it uses TLS-Auth.
For monitoring purposes I need/want to have open at least one port/protocol besides OpenVPN. Currently I am having ICMP open on the WAN side for the monitoring purposes with UptimeRobot.

I am intrigued by the way AiProtection labels ICMP a higher risk compared to HTTPS access for login page, which is strange to me.
I hope is a bug (or negligence from Asus side) in the way it labels risk.
 

visortgw

Very Senior Member
I use OpenVPN for remote access, but I also need/want to monitor from outside and receive notifications about the status of my internet connection. But OpenVPN cannot be easily monitored on UDP or TCP port because it uses TLS-Auth.
For monitoring purposes I need/want to have open at least one port/protocol besides OpenVPN. Currently I am having ICMP open on the WAN side for the monitoring purposes with UptimeRobot.

I am intrigued by the way AiProtection labels ICMP a higher risk compared to HTTPS access for login page, which is strange to me.
I hope is a bug (or negligence from Asus side) in the way it labels risk.
The assessment is spot on! There are numerous threads discussing routers that have been compromised due web access from WAN.
 

Tech9

Part of the Furniture
I am intrigued by the way AiProtection labels

At one point of Asuswrt evolution WPA3 was labeled insecure in AiProtection, when enabled.
 

RMerlin

Asuswrt-Merlin dev
At one point of Asuswrt evolution WPA3 was labeled insecure in AiProtection, when enabled.
That's not really related to AiProtection/Trend Micro, this was purely Javascript-based checks that wasn't updated to recognize WPA3. So if it wasn't WPA2, it would blindly report it as insecure.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top