Possible attack vector on RT-AC87U

[Hardcorefs]

Hi,
I have had multiple occasions where my RT-AC87U has gone off line, even with the latest firmware.
It seems to be proceeded with a massive flood of rejected packets.
Example below.
is there any fix, other than just the system auto re-booting

Oct 5 20:45:08 kernel: DROP IN=eth0 OUT=br0 SRC=94.206.11.210 DST=172.18.10.54 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=43820 DF PROTO=TCP SPT=44798 DPT=22039 SEQ=2856010561 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405640402080A0024AEA90000000001030307)
Oct 5 20:45:09 kernel: DROP IN=eth0 OUT=br0 SRC=54.238.216.225 DST=172.18.10.54 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=25350 DF PROTO=TCP SPT=43677 DPT=8333 SEQ=547562319 ACK=0 WINDOW=26883 RES=0x00 SYN URGP=0 OPT (020405B40402080ABB3C40490000000001030307)
Oct 5 20:45:10 kernel: DROP IN=eth0 OUT=br0 SRC=212.7.23.193 DST=172.18.10.54 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=18638 DF PROTO=TCP SPT=57849 DPT=22039 SEQ=598704898 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B401010402)
Oct 5 20:45:10 kernel: DROP IN=eth0 OUT=br0 SRC=94.206.11.210 DST=172.18.10.54 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=43821 DF PROTO=TCP SPT=44798 DPT=22039 SEQ=2856010561 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405640402080A0024AF710000000001030307)
Oct 5 20:45:10 kernel: DROP IN=eth0 OUT=br0 SRC=54.238.216.225 DST=172.18.10.54 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=25351 DF PROTO=TCP SPT=43677 DPT=8333 SEQ=547562319 ACK=0 WINDOW=26883 RES=0x00 SYN URGP=0 OPT (020405B40402080ABB3C41430000000001030307)
Oct 5 20:45:13 kernel: DROP IN=eth0 OUT= MAC=22:77:de:ee:22:21:3c:8c:40:b9:6d:47:08:00 SRC=222.171.49.4 DST=xx.xx.xx.xx LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=17035 PROTO=TCP SPT=49938 DPT=3385 SEQ=3761203040 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405B4)
Oct 5 20:45:13 kernel: DROP IN=eth0 OUT=br0 SRC=178.221.12.208 DST=172.18.10.54 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=30901 DF PROTO=TCP SPT=46919 DPT=22039 SEQ=2547960905 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (0204057801010402)
Oct 5 20:45:29 kernel: DROP IN=eth0 OUT= MAC=22:77:de:ee:22:21:3c:8c:40:b9:6d:47:08:00 SRC=79.130.204.115 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=49 ID=11274 PROTO=UDP SPT=40500 DPT=5974 LEN=28
Oct 5 20:45:33 kernel: DROP IN=eth0 OUT= MAC=22:77:de:ee:22:21:3c:8c:40:b9:6d:47:08:00 SRC=79.130.204.115 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=49 ID=13446 PROTO=UDP SPT=40500 DPT=5974 LEN=28
Aug 1 08:00:14 kernel: klogd started: BusyBox v1.25.1 (2017-10-04 15:01:50 EDT)
Aug 1 08:00:14 kernel: Linux version 2.6.36.4brcmarm (merlin@ubuntu-dev) (gcc version 4.5.3 (Buildroot 2012.02) ) #2 SMP PREEMPT Wed Oct 4 15:11:10 EDT 2017
Aug 1 08:00:14 kernel: CPU: ARMv7 Processor [413fc090] revision 0 (ARMv7), cr=10c53c7f
Aug 1 08:00:14 kernel: CPU: VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
Aug 1 08:00:14 kernel: Machine: Northstar Prototype
Aug 1 08:00:14 kernel: Ignoring unrecognised tag 0x00000000
Aug 1 08:00:14 kernel: Memory policy: ECC disabled, Data cache writealloc
Aug 1 08:00:14 kernel: Built 1 zonelists in Zone order, mobility grouping on. Total pages: 60416

 

[RMerlin]

Try disabling firewall logging - the logging itself might be what's causing it.

 

[Hardcorefs]

ok I will give that a try.