1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Novice user unsure of what to do about an issue, any advice welcomed.

Discussion in 'Asuswrt-Merlin' started by Skeptical.me, Jul 11, 2018.

  1. Skeptical.me

    Skeptical.me Regular Contributor

    Joined:
    Sep 22, 2016
    Messages:
    138
    Location:
    Australia
    Hi,

    ASUS RT-AC87U WRT-Merlin 384.5

    These "attacks" keep happening, I don't really know what they are trying to accomplish, and I have no idea what do about it. Please see the images. Any advice from people who understand this stiff is welcomed, Thanks for your time :)

    [​IMG]

    These are my security settings in the router ...

    [​IMG]
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,754
    Location:
    Canada
    These are records of blocks made. It is really just saying "look what I caught so far."
     
  4. kfp

    kfp Very Senior Member

    Joined:
    Jun 26, 2014
    Messages:
    708
    Do you have port forwarding rules for that one client (the one that ends in 2) that seems to be the target? UPnP enabled? What’s running on that client?
     
    Skeptical.me and skeal like this.
  5. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,754
    Location:
    Canada
    Just make sure of two things. Do not expose the ssh access to WAN or expose webui to WAN. These are no, no's. If you need help making sure this is so, just ask my friend.
     
    Skeptical.me likes this.
  6. Skeptical.me

    Skeptical.me Regular Contributor

    Joined:
    Sep 22, 2016
    Messages:
    138
    Location:
    Australia
    Hey, thanks for replying.

    I see, so it's the router saying I've caught and prevented these attacks. So I guess there's nothing much to worry about?
     
  7. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,754
    Location:
    Canada
    Thats right however the posts on this thread are all great advice. Try to implement them in your configuration.
     
  8. Skeptical.me

    Skeptical.me Regular Contributor

    Joined:
    Sep 22, 2016
    Messages:
    138
    Location:
    Australia
    Thanks!

    The Web UI is definitely not open to the WAN, no port forwarding or anything like that. The second picture shows that. I'll check the device the attacks are aimed at and see whats going on there. I don't thinks its my QNAP NAS, and nothing in the NAS is exposed to the WAN, not even Plex.
     
  9. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,754
    Location:
    Canada
    If security is your main concern I would look towards installing Skynet and AB-Solution. You could also install Dnscrypt. Have a look at this stuff and use AMTM (asus-merlin terminal menu) it will help getting you up and running. Again ask for help if you need it.
     
    EventPhotoMan likes this.
  10. Skeptical.me

    Skeptical.me Regular Contributor

    Joined:
    Sep 22, 2016
    Messages:
    138
    Location:
    Australia
    Will do, thank you very much for the advice. I'll get on to it.
     
  11. kfp

    kfp Very Senior Member

    Joined:
    Jun 26, 2014
    Messages:
    708
    If you don’t have port forwarding rules set up, I’d suggest checking UPnP and if any ports were opened by it.

    I’m unfamiliar with how AiProtection displays info, is that IP under Top Clients a local IP or your WAN IP?
     
  12. Skeptical.me

    Skeptical.me Regular Contributor

    Joined:
    Sep 22, 2016
    Messages:
    138
    Location:
    Australia
    It's the MAC Address of a client, I'm not sure which one, however. I'm going to look through all the MAC Addresses and see what it is. I've disabled UPnP in the router and NAS. I disable all things I don't really have a good understanding of, I try to be as cautious as possible about things I'm not well versed in. That's why I don't use port forwarding or access my LAN from the WAN because I want to have a good understanding of how best to do it securely, if you get what I mean. I'm learning slowly. its enjoyable :)
     
  13. kfp

    kfp Very Senior Member

    Joined:
    Jun 26, 2014
    Messages:
    708
    Network Map > View List
     
    Skeptical.me likes this.
  14. wiz

    wiz Regular Contributor

    Joined:
    Feb 15, 2013
    Messages:
    123
    Location:
    the Netherlands
    based on the exploits I think it is the mac address on the wan port. Be aware though that trend micro sees all your devices, and if they think there's something strange going on they will capture all data for analyzing (whole emails / screens, and they gather data on all devices attached to your router).
     
  15. kfp

    kfp Very Senior Member

    Joined:
    Jun 26, 2014
    Messages:
    708
    So can your ISP.

    While I don’t like and don’t use AiProtection myself, there is no need for this kind of fear-mongering.
     
    skeal likes this.
  16. Skeptical.me

    Skeptical.me Regular Contributor

    Joined:
    Sep 22, 2016
    Messages:
    138
    Location:
    Australia
    I was actually wondering what their privacy policy is. I don't use Google products and service because of the personal data collection so this doesn't make me very happy. You can't escape it, can you?
     
  17. kfp

    kfp Very Senior Member

    Joined:
    Jun 26, 2014
    Messages:
    708
    You just have to stop using AiProtect and QoS.
     
  18. Skeptical.me

    Skeptical.me Regular Contributor

    Joined:
    Sep 22, 2016
    Messages:
    138
    Location:
    Australia
    I use ProtonVPN and AirVPN on my router as well as select devices. My ISP only see's the IP addresses of the VPN companies. I also configured Little Snitch as a Kill Switch on my iMac. In Australia the Government collects all of your meta-data and holds that in data centers for 2 years. I don't engage in nefarious activities online but that type of surveillance of an entire nation doesn't make me feel very comfortable.
     
    jerry6 likes this.
  19. Skeptical.me

    Skeptical.me Regular Contributor

    Joined:
    Sep 22, 2016
    Messages:
    138
    Location:
    Australia
    Yeah, true. Is there any way I can analyze or get warned of attacks or intrusion attempts without those services?
     
  20. kfp

    kfp Very Senior Member

    Joined:
    Jun 26, 2014
    Messages:
    708
    Right, so you’re shifting your trust from ISP to VPN operators, which I guess depending on where you’re located it might make sense.

    As for detecting attacks, you can set up your own with entware+snort or suricata, but the CPUs are severely underpowered for the task.

    Asus/Broadcom/Trend Micro’s AiProtect would be more optimized in terms of speed but whether it’s as useful that’s up for debate.
     
  21. Skeptical.me

    Skeptical.me Regular Contributor

    Joined:
    Sep 22, 2016
    Messages:
    138
    Location:
    Australia
    That's true, but I did my research and AirVPN and ProtonVPN seemed more trustworthy than the Australian Government :) But, yes, you're correct.

    It sounds like I need to learn how to setup an old PC as a router, I looked at pfSense recently - when I get the time I might try and learn more about running it on an old PC with a network card, I'll see if I can do it. However, I like WRT-Merlin and ASUS routers, they're relatively easy to use.
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!