Strange German URL Listening on 80+ Ports on RT-AC66U B1

Geoffster

New Around Here
Settings keep changing,

I see processes I haven't seen before

My phone gets blocked from getting in the wifi
I've had a history of getting hacked, my laptop and phones have had my data copied from it
My Google home speakers start doing things on their own my smart lights reset themselves or change colours in being played with by someone
 

Geoffster

New Around Here
These are some ports I would block based on what I saw on the Android TV and Samsung phone was listening

Also 8853 I kept seeing
 

Attachments

  • signal-2022-05-11-22-26-10-628.jpg
    signal-2022-05-11-22-26-10-628.jpg
    40 KB · Views: 12

ColinTaylor

Part of the Furniture
There is nothing unusual or suspicious in your netstat output or in your syslog files.
 

Geoffster

New Around Here
I have an active case with ASUS support and they would like me to send the router in for examination, but if I can publicise here what I found I had help others before I send in the router
 

Geoffster

New Around Here
The is nothing unusual or suspicious in your netstat output or in your syslog files.
Ok so maybe I didn't catch what I needed to in the syslog it was already flooded with problems

I can't get into the 5g wifi it shows up as really low signal even though I'm right next to it

Resetting did not delete data from the webhistory or QoS or traffic analysis

Both using the reset button and method 1 WPS reset

Upnp keeps turning back on after disable

The process I've not seen before mastiff, haveged etc
 

ColinTaylor

Part of the Furniture
Ok so maybe I didn't catch what I needed to in the syslog it was already flooded with problems

I can't get into the 5g wifi it shows up as really low signal even though I'm right next to it

Resetting did not delete data from the webhistory or QoS or traffic analysis

Both using the reset button and method 1 WPS reset

Upnp keeps turning back on after disable

The process I've not seen before mastiff, haveged etc
Apart from the UPnP issue none of those things would particularly indicate hacking. The web history/traffic database not being cleared down has been a known issue in the past. It might still be present in Gnuton's fork of the firmware. The mastiff and haveged processes as well as all the others in your netstat output are normal router processes.
 

Geoffster

New Around Here
It just reset itself

The 5g wifi can't be attached

Even the 2g wifi it won't connect right now, says can't find it on the client yet it's there in the list

The processes are normal when I googled them I couldn't find any hits, where is the list of normal processes so I can check against it

The upnp was not disabling on the ASUS stock firmware also

The QoS, web history, and related tracking would get turned off as well. I'm just checking it now and they were off again
 
Last edited:

ColinTaylor

Part of the Furniture
It just reset itself
It looks like your local time is currently just past midnight, correct?

The router rebooted itself because you have scheduled that action for midnight.

The 5g wifi can't be attached

Even the 2g wifi it won't connect right now, says can't find it on the client yet it's there in the list
One of your WiFi IoT devices is constantly bouncing between your main 2.4 GHz SSID and your guest SSID. I suggest you sort that out.

*If you have IoT devices with access to the internet it's possible that this is the source of your problems rather than the router*

You can also go to System Log - Port Forwarding and look for suspicious entries there.


Your Android TV is trying to resolve an invalid address and is (correctly) being blocked by the router. That might be causing it some problems so for the time being you could try disabling "DNS Rebind protection" in the WAN settings (although that could be considered a security issue).

The processes are normal when I googled them I couldn't find any hits, where is the list of normal processes so I can check against it
I'm not aware of any published list. You just have to recognise them through experience.
 
Last edited:

RMerlin

Asuswrt-Merlin dev
Resetting did not delete data from the webhistory or QoS or traffic analysis
That's normal. You also need to check the checkbox to tell it to also initialize data stored in the JFFS partition.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top