1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Novice user unsure of what to do about an issue, any advice welcomed.

Discussion in 'Asuswrt-Merlin' started by Skeptical.me, Jul 11, 2018.

  1. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    13,300
    Location:
    San Diego, CA
    AI Protect cries wolf very often - perhaps too often, so when a real threat occurs, folks might ignore it.
     
    jerry6 likes this.
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. kfp

    kfp Very Senior Member

    Joined:
    Jun 26, 2014
    Messages:
    708
    And then other folks would complain it’s not working because there are no alerts showing up :)
     
  4. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    13,300
    Location:
    San Diego, CA
    Indeed - best thing would be to check the loglevel of the app...
     
  5. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,755
    Location:
    Canada
    Yes in 384.6 alpha 2 there is a privacy tab that allows you to opt out of Trend Micro. Not sure if it causes problems it hasn't been thoroughly tested and reported yet.
     
  6. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,755
    Location:
    Canada
    No.
     
  7. Skeptical.me

    Skeptical.me Regular Contributor

    Joined:
    Sep 22, 2016
    Messages:
    138
    Location:
    Australia
    Damn, I'll have to learn how to read logs, I guess? I looked through the logs today and its like a foreign language for me. I've enrolled in a P/T course in Networking. It runs for a year so I guess I'll learn about all these things.
     
  8. kfp

    kfp Very Senior Member

    Joined:
    Jun 26, 2014
    Messages:
    708
    Good on you.

    I’m still curious why that client particularly is receiving all the ‘attacks’. There are bots scanning the net all the time but that would be all directed at your router/WAN, not a client behind NAT. That’s why I thought you might have a port open (via port forwarding or UPnP) that’s attracting attention or worse, the client is infected with some malware and those are the second stage payload.
     
  9. Skeptical.me

    Skeptical.me Regular Contributor

    Joined:
    Sep 22, 2016
    Messages:
    138
    Location:
    Australia
    Malware is a fear of mine, that MAC Address must be the routers because I can't find any device or computer in my LAN with that MAC address. And I definitely don't have any ports or UPnP enaabled. The "attacks" are still happening. But obviously failing. I'm really curious to know what that MAC Address is, do you know where I can find the MAC Address of the router?
     
  10. kfp

    kfp Very Senior Member

    Joined:
    Jun 26, 2014
    Messages:
    708
    If it is the router’s then it’s less concerning, and those attacks would be dropped by the firewall anyway (like intended) and AiProtect is just trying show you that it’s working :p

    Fastest way is to SSH in and do
    Code:
    ifconfig
    It should match the MAC of the eth0 interface.
     
    Skeptical.me likes this.
  11. Skeptical.me

    Skeptical.me Regular Contributor

    Joined:
    Sep 22, 2016
    Messages:
    138
    Location:
    Australia
    ahhh yeah, of course. I've done that before for something else. Thank you.


    Sent from my iPad using Tapatalk Pro
     
  12. FadgewackeR

    FadgewackeR Regular Contributor

    Joined:
    Jun 19, 2018
    Messages:
    83
    I opted out of the ASUS one, but stayed in the Trend one, for some reason... Are you aware of how I might trigger that choice again, bar uninstalling and then re-flashing the alpha 2 firmware? If I opt out, will QoS etc still work?
     
  13. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,755
    Location:
    Canada
    Sorry, but if you opt out, QOS will not work. You would have to reset to defaults and opt out this would basically (I'm told) leave you without Trend Micro. It has not been fully tested yet so go at your own risk.
     
    FadgewackeR likes this.
  14. FadgewackeR

    FadgewackeR Regular Contributor

    Joined:
    Jun 19, 2018
    Messages:
    83
    I need QoS, so for that reason, I’m in. Thanks.
     
  15. Skeptical.me

    Skeptical.me Regular Contributor

    Joined:
    Sep 22, 2016
    Messages:
    138
    Location:
    Australia
    I'm running iOS 12 Public Betas on my iPad and iPhone and the attacks started after AIProtection flagged the iPhone X as infected, and there are Spam sites being blocked from the two devices as well. I've never had these issues in all the time I've had this router. I'm not sure if the iPhone and attacks are linked (I'm not that well versed in these matters), but I thought I'd show you the following (especially the last line of the first screenshot - although the fact it is showing here prove the router has identified it and probably blocked it) :

    [​IMG]


    [​IMG]
     
  16. Balerion

    Balerion New Around Here

    Joined:
    Jul 16, 2018
    Messages:
    4
    If you would like to find what is the device for a given MAC address, just ssh into your router:

    # arp -a | grep <MACADDR>

    :)
     
    Skeptical.me likes this.
  17. kfp

    kfp Very Senior Member

    Joined:
    Jun 26, 2014
    Messages:
    708
    Are your iDevices jailbroken?
     
    Skeptical.me likes this.
  18. Skeptical.me

    Skeptical.me Regular Contributor

    Joined:
    Sep 22, 2016
    Messages:
    138
    Location:
    Australia
    No, no way. I like the safety of the closed ecosystem Apple have created. But I'm running iOS Public Beta 2 on both devices at present.
     
  19. kfp

    kfp Very Senior Member

    Joined:
    Jun 26, 2014
    Messages:
    708
    Are you using any file explorer type apps? (think FTP clients, telnet/ssh clients, PLEX, anything that tries to access a file/path on a remote device)
     
  20. Skeptical.me

    Skeptical.me Regular Contributor

    Joined:
    Sep 22, 2016
    Messages:
    138
    Location:
    Australia
    Yes, QNAP QFile, Cryptomator, Plex, Terminus, Standard Notes, Nextcloud hosted by Disroot,
     
  21. kfp

    kfp Very Senior Member

    Joined:
    Jun 26, 2014
    Messages:
    708
    I’m guessing one of those was using “../“ when doing navigation, which triggered that last line in the report. Could be benign.

    Is Disroot a trusted provider?
     
    Skeptical.me likes this.
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!