What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Search results

  1. D

    Apparently the box is querying flagged DNS domains by itself

    oh, yes, and there it is, while we were all sleeping: dnsmasq.log1:Mar 2 02:26:45 dnsmasq[7049]: query[AAAA] bigdata.adfuture.cn from 127.0.0.1 dnsmasq.log1:Mar 2 02:26:45 dnsmasq[7049]: forwarded bigdata.adfuture.cn to 1.1.1.1 dnsmasq.log1:Mar 2 02:26:46 dnsmasq[7049]: query[A]...
  2. D

    Apparently the box is querying flagged DNS domains by itself

    Ok, I've just done both. Now wait for the next hit and see if any other clue pops up. Thanks.
  3. D

    Apparently the box is querying flagged DNS domains by itself

    Hi Dave, thanks for the feedback. DNS Filter is disabled right to have everything going to dnsmasq (I used to have it enabled and I disabled it last w-e just to force this behaviour and have the logs from the dnsmasq via Diversion/uiDivStats). "Wan: Use local caching DNS server as system...
  4. D

    Apparently the box is querying flagged DNS domains by itself

    Hi, so, now that I've put in place a dns queries tracking system via Diversion/uiDivStats that tracks what domains each LAN clients queries for, I have made a step forward in investigating the following issue. As a recap, I have Suricata installed on my RT-AC5300 via opkg/entware. I'm...
  5. D

    Querying DNS requests by clients

    Your suggestion made me aware of an error I had in my configuration, thanks! In DNS Filter I had specific clients configured with OpenDNS Family (mostly kids) and that was intended, but it was wrong that I also had the Global Filter mode set to OpenDNS Family instead of Router. Now I changed...
  6. D

    Querying DNS requests by clients

    So I went on installing both Diversion and uiDivStats (actually keeping adBlocking on to start with), via amtm (installed that too). It apparently went well but since yesterday evening, it has not blocked any requests and not logged any DNS query. The command line shell confirms that: 65,222...
  7. D

    Querying DNS requests by clients

    Ok, thanks. It then certainly deserves a go.
  8. D

    Querying DNS requests by clients

    I see. New to diversion, I was wondering: can you use diversion without asking it to actually block ads ? I.e. only for my purposes ? (I would hence later test the adblocking as well but I'm in a tight working schedule so I couldn't cope with complaints from the family if something starts to...
  9. D

    Querying DNS requests by clients

    Oh, thanks ! This looks like what I was asking for (and much more, actually). Can I ask you why you say it'd be an overkill ? Does it imply quite some load on the machine ? (I'd be interested since Suricata is already eating up enough of it ...)
  10. D

    Querying DNS requests by clients

    Could it be done via dnsmasq itself ? I've tried this approach: https://superuser.com/questions/632898/how-to-log-all-dns-requests-made-through-openwrt-router but though I got the new /tmp/dnsmasq.log file, and it's filled with content, it just miss the very content I'm after. (Should mention...
  11. D

    Querying DNS requests by clients

    Hi, I have Suricata installed on my RT-AC5300 via opkg/entware. It's logs are forwarded to a box where they're processed by Evebox who in turn then presents them in its GUI. This flow was stopped since december until yesterday, and now that's been reactivated I notice that I'm signalled alerts...
  12. D

    SNMP monitoring issue after upgrading to 384.4_2 on RT-AC5300

    Sorry for being late, but curious to find what would the advantage be in using SNMP rather than some regular data collector like netdata collectd, telegraf (though this might not be an option in our case), etc. Well, perhaps netdata would imply an heavier load (but it's also an all-in-one...
  13. D

    Tagged VLAN in and out of an RT-AC5300

    Hi, my home network is currently setup like this: Draytek modem <--> business firewall <--> Asus Merlin <--> managed switch <--> unmanaged switch <--> business wireless access various device sales are connected along the way, some cabled some wireless, some trusted and some not. I would...
  14. D

    SNMP monitoring issue after upgrading to 384.4_2 on RT-AC5300

    Just as an added option, I use collectd to collect various data from the router, including WAN and LAN traffic.
  15. D

    Asuswrt-Merlin 384.6 traffic to TCP/5061 and UDP/3478

    Discussed also here: https://www.snbforums.com/threads/what-tls-traffic-did-384-5-introduced-towards-asuscloud-com-on-tcp-port-5601.46641/
  16. D

    What TLS traffic did 384.5 introduced towards asuscloud.com on TCP port 5601 ?

    Thanks again Eric. It'd be interesting to know what's their purpose. I made a try at blocking them and they got mad: this morning I found over 11K packet drop notices since just midnight (more than 1K attempts per hour). As I see the updates over Trend Micro proceed with no troubles on their...
  17. D

    What TLS traffic did 384.5 introduced towards asuscloud.com on TCP port 5601 ?

    Thanks again Eric. I have both: ahdmin@RT-AC5300-50C0:/tmp/home/root# ps | egrep "aaews|mastiff" 435 ahdmin 5192 S mastiff 459 ahdmin 5192 S mastiff 460 ahdmin 5192 S mastiff 19095 ahdmin 9228 S aaews --sdk_log_dir=/tmp 19098 ahdmin 9228 S aaews --sdk_log_dir=/tmp...
  18. D

    What TLS traffic did 384.5 introduced towards asuscloud.com on TCP port 5601 ?

    Thanks for getting into this Eric. Unfortunately it doesn't seem to be it. I've head a look at the logs this morning: the traffic is quite frequent. I count 1062 hits since May 17 16:07:38. It's about one transmission per minute on average (I've let the traffic through for the night so this...
  19. D

    What TLS traffic did 384.5 introduced towards asuscloud.com on TCP port 5601 ?

    Hi to all, since updating to 384.5 on my RT-AC5300 I've got my peripheral ZyWALL logging denied outbound traffic from the RT-AC5300 WAN IP towards IPs belonging to asuscloud.com. Suricata logs them as follows (e.g.): TLS: TLS 1.2 - aae-sgweb886-vx.asuscloud.com - C=TW, L=New Taipei City...
  20. D

    Suricata 4 on Asuswrt-Merlin

    Ehi Marco, this goes without saying, but your heath comes thousands miles before all of this stuff which is, for the most of us, just fun. Anyone here can peacefully wait to let you recover first, and then anything else. Besides this, what you've written so far is enough for those who have a...
Back
Top