What's new

AiProtection - Two-Way IPS - false positives?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

MCS

New Around Here
Hi,

I have an RT-AC88U router and activated AiProtection - Two-Way IPS

I'm getting what looks to be a number of false positives with my MythTV linux server / Media PC:

Type: Client Device Infected
Source: 192.168.5.100
Destination: Myth
Alert: SSH Brute Force Login

The problem in the above is that 192.168.5.100 IS Myth, and is actually set to Manual, rather than DHCP in the client list.

I've been through the logs on the server side, and can't seem to find anything that correlates, but I'm guessing it may be MySQL / MythTV / Kodi related. I also have a few other services running on there (Apache / Samba / PHP / Security Cameras). If I could find the offending process I could maybe change it from using the DNS name to the IP address, but is there anything on the router side I can use to either further diagnose the offending connection, or set a whitelist?

thanks
 
Simply click the provided link in the itemised event list , that will tell you more and allow you to whitelist if you wish,
 
That's what I was looking for, but in AiProtection - Two-Way IPS screen the "Details" table does not have any links.
 
I guess the bigger question is why the server is asking the router to resolve its own name. I'll fix that at the server end, and reduce the traffic to the router in the process.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top