What's new

Questions about AiProtection and DPI

elegil

New Around Here
hello

I would like to know more about the functioning of Ai Protection and especially IPS.
I looked for more information but maybe not at the right place because i wasnt able to satisfy my curiosity :)

From what i understand, there is tools like Suricate wich inspects packets for malicous code, so they protect even IoT devices. This is what is the closest from pro solutions (?)
Ubiquity also includes a DPI beta tool but i didnt found how it works exactly.

And there is AiProtection... Sites blocking, ok it is easy to understand even if it supposed your privacy is in the hands of Trend Micro. I just wonder if it is really effective as i had only 1 event in one year with my Asus Router.
But IPS ? Does it works like Suricate and bigger tools ? Considering the specs of the hardware needed for pro DPI solutions, i dont thinks a quadcore 1.8Ghz arm cpu can do exactly the same work but again, it is just suppositions ?
Also, i would be very curious to know if AiProtection can slow down big internet connexions ? I would appreciate a lot if those with gigabit or multigig fiber could share their internet speed with or without AIProtection enabled and their cpu specs.

I also looked for Netgear Armor but except for BitDefender marketing BS, there is no informations about how it works. It seems quite different as you have to install an app on each device you protect. So does it means it includes an antivirus and the router do the IDS/IPS job or NAS or does it means IoT devices and nas are not protected because it is just an internet security software with a false router interface ?

i know this is a lot of questions but i would really be glad to know more about how these tools works. Any link to read would be appreciated and answers even more :)
thanks and sorry for my poor english
 
Last edited by a moderator:

ATLga

Regular Contributor
hello

I would like to know more about the functioning of Ai Protection and especially IPS.
I looked for more information but maybe not at the right place because i wasnt able to satisfy my curiosity :)

From what i understand, there is tools like Suricate wich inspects packets for malicous code, so they protect even IoT devices. This is what is the closest from pro solutions (?)
Ubiquity also includes a DPI beta tool but i didnt found how it works exactly.

And there is AiProtection... Sites blocking, ok it is easy to understand even if it supposed your privacy is in the hands of Trend Micro. I just wonder if it is really effective as i had only 1 event in one year with my Asus Router.
But IPS ? Does it works like Suricate and bigger tools ? Considering the specs of the hardware needed for pro DPI solutions, i dont thinks a quadcore 1.8Ghz arm cpu can do exactly the same work but again, it is just suppositions ?
Also, i would be very curious to know if AiProtection can slow down big internet connexions ? I would appreciate a lot if those with gigabit or multigig fiber could share their internet speed with or without AIProtection enabled and their cpu specs.

I also looked for Netgear Armor but except for BitDefender marketing BS, there is no informations about how it works. It seems quite different as you have to install an app on each device you protect. So does it means it includes an antivirus and the router do the IDS/IPS job or NAS or does it means IoT devices and nas are not protected because it is just an internet security software with a false router interface ?

i know this is a lot of questions but i would really be glad to know more about how these tools works. Any link to read would be appreciated and answers even more :)
thanks and sorry for my poor english
I've tried aiProtect on and off several times and had doubts if it works. The page in the gui always has big yellow zeroes there for me and never changes. Overhead wise, I have a gig connection and running speed tests I've seen only a slight blip lower in the speeds, not something you'd notice though for normal usage I don't imagine. The router itself usually runs 54%-55% on the cores and with aiProtect on, I see that jump to around 74%.

That's my experience. Currently mine is off because I could never see it do anything. Maybe because it isn't working, maybe because I have ad-blockers on all the mac's, etc.
 

ATLga

Regular Contributor
I thought there would be more discussion in this thread, but of course it has been debated many times before hahaha.
 

ForkWNY

Regular Contributor
I've enabled AiProtection and have left it enabled within my GT-AC5300 since I've had it. I used to see events in the IPS logs each day...mainly script kiddies attempting to auto-login through SSH or RDP (which I port forward to a couple of systems) using random usernames and passwords. After a recent firmware update (v82037 on the GT-AC5300) the number has stayed at 0 so I know something's not working with 2-way IPS in the latest update, will just have to wait until the next release to find out if that fixes it. The number you don't ever want to see above 0 is the infected device prevention and blocking, as that's a sign you have a compromised device on your home network.

Long story short, AiProtection does seem to work as designed (if the firmware isn't buggy), but the IPS won't really do much unless you have some exposure to your internal network from port forwarding on the WAN. If you have some other means of blocking (dedicated firewall, for example) unwanted traffic outside of your router, the IPS won't really do much if anything. I simply consider it as another gauge for quick & dirty monitoring of your network...using other tools in conjunction with AiProtection is probably a good idea depending on how cautious you are with what goes on internally on your home network.
 

elegil

New Around Here
I thought there would be more discussion in this thread, but of course it has been debated many times before hahaha.
Do you have specific threads in mind ?
because i was not able to find deep technical comparisons between mainstream and pro solutions, or even explanations about how it works but maybe i didnt found the good threads
 

ATLga

Regular Contributor
Do you have specific threads in mind ?
because i was not able to find deep technical comparisons between mainstream and pro solutions, or even explanations about how it works but maybe i didnt found the good threads
I've never had good luck with the search function on this site and always google.....this has worked best for me in google search
snbforums x (x being what you want to search for).
For example; snbforums aiprotect will get you a ton of things to read through
 

elegil

New Around Here

AndreiV

Very Senior Member
From these pages, i understand what AIprotection is supposed to do but it dont helps me to know how the small CPU of the Asus mainstreams routers are supposed to do the same DPI job than semi Pro or pro DPI engines with Core i5 or even bigger cpu. There must be a difference and i would like to know wich one :)

Same as WOT , most antivirus apps or the malicious site protection in your browser , they use the "cloud" .
 

elegil

New Around Here
Same as WOT , most antivirus apps or the malicious site protection in your browser , they use the "cloud" .
but DPI is supposed to be real time traffic analyze, it can't be "cloud" or it would means every single byte of data of Asus routers is analyzed by TrendMicro servers, not just the dns data.
I understand the cloud thing for DNS/malicious sites protection but not for the DPI.
So i am back to my initial question, what is the difference between Asus packet inspection, Netgear Armor, Suricate and pro level solutions.
 

RMerlin

Asuswrt-Merlin dev
Trend Micro's bwdpi is designed for low-power devices such as a router, therefore it's very lightweight, by doing only limited packet analysis. A full-featured DPI engine like Suricata will do a more thorough packet analysis, potentially analyzing the whole packet content rather than just, for example, the first few bytes from it. It will also have more complex rulesets, which once again will seriously affect performance on a low-powered device.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top