Router has Rogue scripts putting traffic through one port

Bushman

Occasional Visitor
Hi everyone very new to this, very new like green.

I’m running lattest firmware on ax88u and started having very strange happenings like my web gui was mirrored. Feels like things are happening out of my control like can’t change settings and then login out then in and finding them different.

Was running no scripts, and don’t know how.

In the beginning the router running fine but throughput was poor so started using DNS over TLD

Thought this was a good idea as wife is working at home for nhs so encryption sounded like a good thing to do.

This started causing problems after a few days by the latency going crazy so then after reading and talking to isp complaints who told me all ports were open and if I had any problems to try port forwarding so started port forwarding via vserver which helped and worked, but in the end I think now the isp has its dirty little hands on my router.

They asked if I minded if they could put me on a static IP address, which stupid me said yes. Now the Jff was unmourned which I think is ok now, but there is prerouting on the setup which puts all traffic through one port for 80 and 443. Is this normal.?? On my router

IMG_0208.heic

These redirect all traffic like a vpn which I did not do.

How do I get rid of this. I’ve tried many reboots few firmware’s and ASUS recovery all to no avail.

Please help.

Also the gui in port forwarding shows nothing.:(
Also in photo of logs dropbear is in there and never seen that before but what do I know.
Thanks
04C9D178-7EF8-4882-AD18-59930A092938.png
FEE117C2-4D7D-4D19-87E2-D85D42F0547E.png
 
Last edited:

Tech9

Part of the Furniture
I’m running lattest firmware on ax88u

No, you're running previous version of Asuswrt-Merlin - 386.3_2

In the beginning the router running fine but throughput was poor so started using DNS over TLD

The throughput (Internet, LAN, wireless?) is unrelated to your DNS privacy settings.

who told me all ports were open

Reset your router to default and start over. You have no Internet connection on the screenshot.
 

bbunge

Part of the Furniture
Yes it may be the previous firmware and yes it’s off line but I need help please
The recommendation is to reset your router to factory defaults and reconfigure manually. Start with the basics, SSID and User/Password, then change/add settings/features one at a time.
 

Bushman

Occasional Visitor
Also the minute I put it online I only see the router at 192.168.50.1 and I changed it off line.
The router address shows up as 192.168.50.1(#) on my search engine instead of the address of the page when on Wi-Fi or lan, so not big on having it on line until I can stop the dirty people putting there hands on my stuff
 

Bushman

Occasional Visitor
And yes I’ve been setting it up off line manually putting all settings in such as Mac filters etc but as soon as it goes on line it’s not mine
 

Tech9

Part of the Furniture
The router address shows up as 192.168.50.1

This is the default Asus IP for this model. You can access it as router.asus.com as well.

I don't know what MAC filters etc you are setting up there and why. If you are very new like green, don't play with settings too much.
 

Bushman

Occasional Visitor
Yes I know it’s the default ip for the page but does it or does it not have the rest of the address for the subsequent pages of the gui because I’m not sure now,
can you please tell me what the full address would be if your on the port forwarding page? Because on mine it just says 192.168.50.1(#) even when I’ve set the lan to 10.0.0.1. It’s like I never set it at all.
and YES I would not be asking such questions if I was knowledgeable. I read bits but reading a few bits does not make you a networking anything..
 

ColinTaylor

Part of the Furniture
Stop trying to set the router up without the WAN connected. You're confusing yourself. Without a WAN connection the router will think there's a problem and redirect HTTP queries to an error page at 10.0.0.1.

Just connect the router properly, press the reset button and follow the basic setup process.

EDIT: Once you've got the basic setup done you can go to the Administration - System page and change Enable WAN down browser redirect notice to No to stop the redirection happening.
 
Last edited:

dosborne

Very Senior Member
And 2 more "*must*" items, change / set the admin password to something secure, and ensure remote admin GUI access is disabled :)
 

Bushman

Occasional Visitor
Hi thanks dosborne
Thanks but these were both ok it seems that the incursion came from the Wi-Fi link with iPhone as I’ve had problems with all apple products in the house.(mad guess) for last few days.
Put my SIM card from phone into old phone and it came up an error about a mail certificate for a mail account that I don’t own.
It’s all been quite strange.
Had this router ax88u and ac88u for some years now and never missed a beat until now
 

Bushman

Occasional Visitor
Is it ok to use encryption on dns in uk as this is when my problems started as my internet became more responsive.??
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top