1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

TWO WAY IPS AIPROTECTION

Discussion in 'ASUS AC / AX Routers & Adapters' started by peace25, Sep 15, 2018.

  1. peace25

    peace25 New Around Here

    Joined:
    Sep 15, 2018
    Messages:
    5
    Hi,
    I'm new to the forum and i'm really seeking help in the same matter as above , my router is Asus DSL-AC68U and since the latest firmware update from Asus and the implement of the new AIProtection interface from trend micro that let us see the attackers and assuring us lol that they are blocked , i still feel that i'm not secure and there's too many attacks on my router from different ip's !

    All those hits (external attacks) are directed to one Device or equipment , none of mine , checked every mac address none match up the one they are attacking !

    When tried to find out the mac address of the Vendor it come up as Juniper Network 28:8A:1C , i get about 6 hits a day sometimes 2 and sometime more , in total could be about 15 hits , a bit concerned here .

    THis is the kind of attacks i get :

    DATE:
    2018-09-15
    TIME:
    16:34:55
    TYPE
    External Attacks
    167.99.109.87 The IP OF THE ATTACKER
    MY IP IS HERE : XXXXXXXXX
    SECURITY ALERT: EXPLOIT Remote Command Execution via Shell Script -2
    EXPLOIT Netcore Router Backdoor Access
    DATE:
    2018-09-15
    TIME:
    15:48:34
    TYPE:
    External Attacks
    209.141.48.78 THE IP OF THE ATTACKER
    xx.xxx.xxx.xxx MY IP
    SECUTITY ALERT : EXPLOIT Remote Command Execution via Shell Script -2

    And so on , i need to find out a way or how and why so many attacks , is my ISP weak ? in all my devices i'm using security softwares , my router firewall is activated .

    Is there anything i'm i missing ?

    Thanks
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. ApexRon

    ApexRon Regular Contributor

    Joined:
    Jun 17, 2018
    Messages:
    139
    Location:
    Apex, NC
    Note who has registered these IP addresses. If you do not recognize the owners, you could contact them to find out what's up or just notify your ISP.
    Screen Shot 2018-09-15 at 1.25.12 PM.JPG Screen Shot 2018-09-15 at 1.24.53 PM.JPG
     
    HowIFix likes this.
  4. peace25

    peace25 New Around Here

    Joined:
    Sep 15, 2018
    Messages:
    5
    Cool deleted my other post as i wasnt sure it's against the forum rules , now i'm gonna post here :) thanks foer mentioning it to me .
     
  5. peace25

    peace25 New Around Here

    Joined:
    Sep 15, 2018
    Messages:
    5
    Cool , i think that's the only option for now :) thanks for the info
     
  6. peace25

    peace25 New Around Here

    Joined:
    Sep 15, 2018
    Messages:
    5
    By the way i have the web access from Wan disabled as well as SSH and as for the authentication methode is on BOTH or it should be just on HTTP as https is not supported because i dont have a certificate ...
     
  7. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    6,378
    Location:
    UK
    BOTH (or either) is fine for internal access. The main thing is you don't have remote access to your router enabled. Other than that, the type and number of messages you are seeing is perfectly normal.
     
  8. peace25

    peace25 New Around Here

    Joined:
    Sep 15, 2018
    Messages:
    5
    Cool thank you so much for the info , i will keep an eye from time to time on those attacks , i will even try to email the [email protected] to gather more info or at least to stop them ...
    Have a nice evening :)
     
  9. Beherit

    Beherit Regular Contributor

    Joined:
    Sep 19, 2016
    Messages:
    87
    I found this thread by googling "209.141.48.78". AIProtection has blocked several hundreds of attacks from that particular IP address.

    What's scary is that I changed IP address to a whole different range, and the attacks continued.

    @peace25, which email did you send the abuse complaint to? Did you receive any reply yet? I'll send one as well.
     
  10. AndreiV

    AndreiV Very Senior Member

    Joined:
    Aug 25, 2015
    Messages:
    523
    Location:
    UK
    It makes no difference what IP you are on, these are bots searching out unpatched ASUS routers. It's an old exploit , they bounce off the firewall without any help from AiProtection.

    https://www.abuseipdb.com/check/209.141.48.78?page=1#report

    Complain all you want, they won't even bother replying.
     
    Beherit likes this.
  11. OzarkEdge

    OzarkEdge Very Senior Member

    Joined:
    Feb 14, 2018
    Messages:
    623
    Location:
    USA
    Meaning you're OK, you're still protected... AiProtection just isn't doing anything besides logging ASUS firewall activity with scary prose.

    OE
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!