What's new

VERY suspicious iptables entries... please help...

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

recharging

New Around Here
Apologies for reopening this thread from Leo Martin Lim.

The offending entries in the ASUS Merlin iptables are as follows:

Chain OUTPUT_IP (1 references)
num target prot opt source destination
1 logdrop_ip all -- anywhere 193.201.224.0/24
2 logdrop_ip all -- anywhere vriezekolk.org
3 logdrop_ip all -- anywhere li1019-134.members.linode.com
4 logdrop_ip all -- anywhere 190.115.18.28
5 logdrop_ip all -- anywhere 51-159-52-250.rev.poneytelecom.eu
6 logdrop_ip all -- anywhere 190.115.18.86

What does it actually do? Log every attempt to access any of the above sites? The sites are still accessible though.
 
They are hard-coded entries added by Asus. They prevent the router (not LAN clients) from accessing those addresses because they've been identified as a security issue.

It will create an entry in the syslog if the router attempts to go to one of those addresses. For example,
Code:
Apr 22 10:54:06 kernel: DROP_IP IN= OUT=eth0 SRC=80.7.XXX.YYY DST=51.15.120.245 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27205 DF PROTO=TCP SPT=57128 DPT=80 SEQ=300254509 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A02D9EF680000000001030307)
Apr 22 10:54:07 kernel: DROP_IP IN= OUT=eth0 SRC=80.7.XXX.YYY DST=51.15.120.245 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27206 DF PROTO=TCP SPT=57128 DPT=80 SEQ=300254509 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A02D9F3660000000001030307)
Apr 22 10:54:09 kernel: DROP_IP IN= OUT=eth0 SRC=80.7.XXX.YYY DST=51.15.120.245 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27207 DF PROTO=TCP SPT=57128 DPT=80 SEQ=300254509 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A02D9FB500000000001030307)
Apr 22 10:54:13 kernel: DROP_IP IN= OUT=eth0 SRC=80.7.XXX.YYY DST=51.15.120.245 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27208 DF PROTO=TCP SPT=57128 DPT=80 SEQ=300254509 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A02DA0B100000000001030307)
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top