Hi,
I have an AC87U running Merlin Firmware 378.56_2
I am running 2x IDS on my network (One Suricata based and one Snort based), in the past month I have noticed an IDS alert that originate from my ASUS router and directed to my internal server.
I have only noticed it because some of my internal server started generating some "403 error" as a response.
Basically, it looks as if every hour and sometimes every minute the ASUS router issue an HTTP request:
GET / HTTP/1.1
Somehow it is only aimed at servers that do have an HTTP server.
Please note that I am not running NAT on ASUS so I can see all internal source IP addresses. These requests therefore do come from the router.
Is there some kind of services/cronjob on the ASUS router that could generate such HTTP requests?
Has anyone any ideas of how I could troubleshoot this?
I found this "weird" rather than "suspicious", it looks more like a ping of some sort...
Thanks,
B..
I have an AC87U running Merlin Firmware 378.56_2
I am running 2x IDS on my network (One Suricata based and one Snort based), in the past month I have noticed an IDS alert that originate from my ASUS router and directed to my internal server.
I have only noticed it because some of my internal server started generating some "403 error" as a response.
Basically, it looks as if every hour and sometimes every minute the ASUS router issue an HTTP request:
GET / HTTP/1.1
Somehow it is only aimed at servers that do have an HTTP server.
Please note that I am not running NAT on ASUS so I can see all internal source IP addresses. These requests therefore do come from the router.
Is there some kind of services/cronjob on the ASUS router that could generate such HTTP requests?
Has anyone any ideas of how I could troubleshoot this?
I found this "weird" rather than "suspicious", it looks more like a ping of some sort...
Thanks,
B..