Unknown hidden synchronization of data on asus RT-AC68U router

xlarge

Regular Contributor
It has happened a few times and most recently on Sept. 2. As this is on a wireless network, all GB costs. 12.4 GB, respectively 6.2 down and 6.2 up according to the ISP, but they cannot provide more information except that this happened at systematic times (14:33, 16:33, 18:33, 20:33 etc). Less data at the same time the following days. Web log or System log does not show anything unusual. Web log shows zero traffic. I have a web camera, but it has only send 17 mail - each 2 MB that day. I also have VPN, but it was not active that day as I was on a long distance car journey. The ISP router is set to bridge and I use the asus router thereafter as I need VPN). The WAN IP has been unchanged the last months.

The only thing that might have initiated something is that I upgraded the asus router at 0900 the same day (94 MB in 3 minutes). ISP and I agree that this is strange and similar data up and down indicates some synchronization.

I can remember something simular happen last april. The use of GB was different, but high and I found no explanation. But also that time I had done upgrading of the asus router some hours before. I suspect some connection between upgrading and the data use. (Upgrading take 3 min. and use 94 MB data).

And it must have be some synchronization, but what can it be with 6,2 GB down and 6,2 GB up - not showing i any log and when nobody use the network. It must have been intiated from the router itself or from the only other with connection - asuscomm.com (which "follow up" any change in ISP ip).

Is this a known phenomenon or has the router been hacked?

Is there any monitor program that can be installed on the asuswrt-router itself?
If not I should consider use a program like wireshark on my computer on place at the same time I upgrade the asus router next time.
 

Tech9

Part of the Furniture
Do you have any Custom Scripts installed?
 

RMerlin

Asuswrt-Merlin dev
Enable Traffic Analyzer and look at what it reports.
 

xlarge

Regular Contributor
Hi Tech9. No scripts at all.
RMerlin. I have of course used Traffic Analyzer, but the high use of GB is not showing there at all.
For the record, I have only oneway VPN (VPN server on this remote router) and no VPN server or VPN client on my home router. Using OpenVPN on my IE browser.
 

OzarkEdge

Part of the Furniture
I have only oneway VPN

Given 6.2 down and 6.2 up, is it possible that local traffic is going out and coming back?

OE
 

RMerlin

Asuswrt-Merlin dev
RMerlin. I have of course used Traffic Analyzer, but the high use of GB is not showing there at all.
In that case, I would double check that the ISP device is truly in bridged mode, and didn't revert to router mode following an update/outage/something.
 

xlarge

Regular Contributor
Hi RMerlin, I follow your thoughts - the data not from og through the asus, but I am 100% sure that the ISP router (LTE CPE(ALR-U series router) is in bridge as the vpn else would not function with asuscomm.com.
The idea of data traffic from and to that router - and not through the asus, is complicated to check. It is impossible to come in contact with it in bridge status. I have tried to login on it, but there is no way I can do it except reset it - and then all possibly data use is zero.

I am thinking of a smart solution next time I upgrade the asuswrt merlin; NOT setting the ISP router to bridge before and hopely see high data use on it (the same day and next).
 

Viktor Jaep

Very Senior Member

Viktor Jaep

Very Senior Member

xlarge

Regular Contributor
Hi Viktor,
Interesting. A quick look tells me that it can be installed on asuswrt merlin routers.
 

Viktor Jaep

Very Senior Member
Hi Viktor,
Interesting. A quick look tells me that it can be installed on asuswrt merlin routers.
Yep, it's a great little tool that can help identify (and block) weird traffic going to other countries expressly forbidden by your rules. Might help in your troubleshooting process figuring out where this data is going.
 

Wisiwyg

Senior Member
Superb, Viktor.
Where do I find an install file?
If you have a recent version of Merlin installed, its part of the firmware. Allow SSH on admin settings, SSH into the router, and run "AMTM". The scripts are there, select #2 and install.
 

xlarge

Regular Contributor
If you have a recent version of Merlin installed, its part of the firmware. Allow SSH on admin settings, SSH into the router, and run "AMTM". The scripts are there, select #2 and install.
Thanks, but can you tell me where in the menu. I suppose it is "Administration" but where on it?
 

Attachments

  • ssd.jpg
    ssd.jpg
    72 KB · Views: 44

bennor

Very Senior Member
Thanks, but can you tell me where in the menu. I suppose it is "Administration" but where on it?
You enable SSH under the Administration > System > Services section then you log into the router using an SSH client (Putty, WinSCP, etc.) on your computer to connect to the router using SSH. Unless one wants to enable remote/broadband access SSH access to their router (security implications) one should set SSH to LAN Only for local network access.

Plenty of online DIY guides on how to log into one's Asus router using SSH.

From the SSH command line one would issue the command: amtm
From the AMTM enterface one would enter option: 2
To see all the AMTM scripts one would enter option: i

More information on AMTM can be found in it's thread in the Addon's subforum.
 
Last edited:

xlarge

Regular Contributor
Thanks, bennor.
But it seems to complicated for me. A lot to prepare and a lot of mistakes can be done. My problem is minor and it it only happens twice a year, I can live with it.
 

Viktor Jaep

Very Senior Member
Thanks, bennor.
But it seems to complicated for me. A lot to prepare and a lot of mistakes can be done. My problem is minor and it it only happens twice a year, I can live with it.
Stick around @xlarge! You will learn a lot in these threads! ;)
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top