Does AiProtection really work?

[Terepin]

Yay, I'm special! I'm happy with the model, I have two of them connected via ethernet, and I cover the entire 75m2 flat with steel-concrete walls.

 

[Terepin]

Btw, this is not limited just to BD4:

Can't get 2.5Gbps on RT-AX88U Pro

Hey everyone, I'm new here. I looked for a specific Asus forum and this seems to be the best one for helping me. I checked for similar discussions, but none seem to match my situation or a similar case. I have an RT-AX88U Pro, and a 2.5G FTTH fiber connection that ACTUALLY reaches 2.2-2.3Gbps...

rog-forum.asus.com

 

[RMerlin]

It does on mine. And it should, because it does IP inspection and type of IP inspection disables NAT Acceleration.

It only disable a portion of it, not the entire NAT acceleration functionality. That`s why you only see a 100 Mbps drop, otherwise your max speed would drop to somewhere around 400-500 Mbps. I have no problem saturating my 1 Gbps FTTH with AiProtection enabled with my routers.

It`s able to work with part of hardware acceleration still enabled because it's implemented at the kernel level as a module, rather than as userspace or as a Netfilter component.

 

[Terepin]

I see. So I shouldn't worry about the increased CPU usage?

 

[Clark Griswald]

Casa Griswald experiences zero issues with speed when AiProtection is enabled.

 

[ColinTaylor]

Casa Griswald experiences zero issues with speed when AiProtection is enabled.

View attachment 66555View attachment 66556View attachment 66557

As your screenshot shows your download speed at 2.5Mbps that's hardly surprising.

 

[NoLight]

When i was using a RT-AC68U with AiProtection on my 940m connection would only get around ~820m. With my current RT-AX86U-Pro I get the full 940m with AiProtection on.

 

[RMerlin]

When i was using a RT-AC68U with AiProtection on my 940m connection would only get around ~820m. With my current RT-AX86U-Pro I get the full 940m with AiProtection on.

That's about what I would expect.

So I shouldn't worry about the increased CPU usage?

More work will lead to more CPU usage, that's totally fine.

 

[Terepin]

I am more worried about hitting CPU bottleneck. Also, keep in mind that I have "only" a gigabit connection. I shudder to think what would happen to that poor thing if I tried to test 2.5 Gbps connection... *insert penguins from Madagascar boom meme*

 

[Tech9]

because it does IP inspection

It doesn't. AiProtection can't see perhaps >80% of the traffic, end-to-end encrypted. It mostly does URL filtering. Your browsers do better with Safe Browsing engine and block malicious content before AiProtection. It's some sort of protection, but don't count on it. True packet inspection needs: 1) more CPU than home routers have; 2) SSL proxy to decrypt and re-encrypt the traffic.

 

[Treadler]

Casa Griswald experiences zero issues with speed when AiProtection is enabled.

View attachment 66555View attachment 66556View attachment 66557

Amazed at your Aiprotect hits!

I ran it for some years & never got so much as one hit. Leave it turned off now.

 

[Tech9]

Trend Micro engine works really well... for Trend Micro. They have commercial products and user data from few million home networks with all the devices on them coming in regularly is quite useful. I don't mind though, they give something back... a little. Signatures update once per month won't protect from anything current. Did AiProtection detect or prevent any of the recent malware attacks targeting AiCloud?

I run similarly ineffective for encrypted traffic IDS/IPS (Suricata based), but at least signatures are updated daily.

 

[Clark Griswald]

@ColinTaylor Everyone in the house was asleep when I took the screenshot, so very little network activity. We have no issues saturating our comcrap 1gig/40
@Treadler We had a High School/College Graduation celebration and those hits are from that event, and "guest" are now on GNP and isolated to Guest Network.

 

[ColinTaylor]

@ColinTaylor Everyone in the house was asleep when I took the screenshot, so very little network activity. We have no issues saturating our comcrap 1gig/40

I've no doubt you can saturate your internet link but it would have been more relevant if you had posted your CPU graph whilst doing that.

 

[Clark Griswald]

I will post your requested cpu graph later today

 

[RMerlin]

Years ago, I had a PC on my LAN that was reachable from the outside over RDP as a temporary setup. At one point, AiProtection listed a bunch of "Brute force RDP attacks blocked" in its log. That's the only time I've seen the IPS/IDP portion report anything.

The Malicious Website blocking does work pretty well, it blocks some stuff now and then for me. That's the same protection used by their enterprise solution, so that one is pretty good, adding a second layer on top of the blocking already done by Chrome.

 

[Clark Griswald]

@ColinTaylor

 

[Tech9]

GT-AX6000 can do >Gigabit with AiProtection enabled. I had one RT-AX86U Pro for testing, it has the same CPU, reached the maximum 990Mbps on my Gigabit ISP line. Don't remember the exact CPU load, but it wasn't at 100%.

 

[Terepin]

Years ago, I had a PC on my LAN that was reachable from the outside over RDP as a temporary setup. At one point, AiProtection listed a bunch of "Brute force RDP attacks blocked" in its log. That's the only time I've seen the IPS/IDP portion report anything.

The Malicious Website blocking does work pretty well, it blocks some stuff now and then for me. That's the same protection used by their enterprise solution, so that one is pretty good, adding a second layer on top of the blocking already done by Chrome.

I wonder if AiProtection is worth the tradeoff when I'm using paid AdGuard app to block all the crap.

 

[Igs]

I wonder if AiProtection is worth the tradeoff when I'm using paid AdGuard app to block all the crap.

Probably you have also AV software... Too many layers can slow down your pages loading. I mean, those filtering processes are adding latency.