What's new

SAGE EAS Digital Endec remote audio monitor/level meter?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

DnD

New Around Here
My profession is IT but this one has me perplexed. Any help would be appreciated. Sorry if this is a little long winded but here’s the scenario.

I noticed my RT-AX58U running 386.1_2 had a new wired device called Samsung so I scanned it with Nmap (see below). I chased down the MAC address on my switch and located it on the router's port. Shut the router off and I could not ping or scan the address. Turn the router on and I could do both. The only connections to the router are the WAN and cross-connect to my the switch (i.e. no other devices). Not comfortable with the situation I did the following:

Reset router
Booted in CFE miniWeb server mode and upload current image
Performed basic setup
Reset router again
Configured router by hand (i.e. did not import a backup)

After that procedure, the device came back and it select the same IP from my DHCP pool. For now I null routed the IP and disabled internet access in the GUI. Things to note in the data are:

Nmap and the router are reporting different MAC addresses
The suspect device has rpcbind? USB sharing?

So the questions are:
Is this a new feature from ASUS and if so, why would the enable the router with rpcbind and SAGE EAS Digital Endec remote audio monitor/level meter?

Why 2 different MAC addresses? Neither are actual MAC addresses on the router.

Has the router been hacked and I didn’t properly clear the NVRAM during the reload?

Thank you in advance for any assistance. Here is the data.

Finally, awesome software Merlin and love the new logo!

Nmap scan report for x.x.x.95
Host is up (0.0096s latency).
Not shown: 98 closed ports
PORT STATE SERVICE VERSION
80/tcp open http SAGE EAS Digital Endec remote audio monitor/level meter
111/tcp open rpcbind
MAC Address: 2C:08:8C:78:38:26 (Humax)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop

From RT-AX58U (different MAC address same IP)
Samsung
x.x.x.95
1C:3A:DE:46:8D:26

Best Regards,
DnD
 
Yes... My Android based Sony TV has the same technology that allows you to stream content from a laptop, phone or any device the standard. Dunno why it's present on my router.
 
Also tried ASUS current build and it present there as well. There is nothing upstream of the router besides a DSL modem in passthrough mode.

Thank you for your help in advance
 
Sorry, I'm not following you. Do you have a STB?

Is this device connected to your LAN, e.g. does it have a local IP address?
 
This technology is used for STB's and the only device using this technology in my home is my Sony TV which has a different IP and MAC. So technically no, I do not have and STB. Also, my router reports it as wired.
 
My SWAG (Silly Wild A** Guess) is that your ISP has something configured strange and you are seeing part of their Emergency Alert System (EAS) on the WAN side. If you unplug the WAN cable does it go away?
 
I'll spitball too.

MAC changes, same IP--
Different hosts: Host A (2C:08:8C:78:38:26) is leased an IP from your router, it gets X.X.X.95. Router is then rebooted/reset and loses its lease table. Host B (1C:3A:DE:46:8D:26) requests a lease and is allocated X.X.X.95. Or, one host is set with a static IP and the DHCP scope overlaps.
Multiple DHCP servers on the same broadcast domain, .95 gets leased by each server.
I wouldn't suspect a a chattering NIC for a single lease.

Host is visible on switch port connecting router, host is not pingable when router shuts off, so it must be the router--
My guess would be wireless client--router shuts off, wireless hosts are disconnected and unpingable. You didn't import backup settings, but did you reconfigure wireless or otherwise have settings retained after the device reset?
Samsung device--what's the MAC on your phone?

SAGE EAS Digital Endec remote audio monitor/level meter--
Nmap isn't perfect and made a best guess as to what the device is. I'm not familiar enough with consumer routers to say if Asus is running multiple hosts on its HW. I'd suspect a wireless host, followed by "oops, I guess that device was connected after all," then I'd start disabling media sharing or whatever bells and whistles are running on the router until the IP stops responding to ping.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top