Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. vaboro

    Suspicious Outgoing traffic on RT-AC86U

    @virus_59 the solution is to stop lighttpd. The picture on the page you're referring to shows that it's running along with the Sofia process. But the fact is that the Sofia process most probably got into the system because lighttpd is running, imho.
  2. vaboro

    Suspicious Outgoing traffic on RT-AC86U

    What fw exactly? Have you also installed entware? Entware is needed to install htop that has been used to spot unusual process, sshd, and its descentant threads in router's memory.
  3. vaboro

    What is wrong with DDNS..

    Alright, but do you have AiCloud services enabled? (I guess my question was imprecise since the service may not be used by can still be enabled). You may find it usefull to have a look at the following topics: 1)...
  4. vaboro

    Suspicious Outgoing traffic on RT-AC86U

    This is the key :) I guess hence the name of the app.
  5. vaboro

    Suspicious Outgoing traffic on RT-AC86U

    @arturk have you tried Instant Guard App by Asus? I use it regularly on my iphone to establish vpn connection from cellular network to home lan. I assume Asus should also have its Instant Guard App published on Google Play.
  6. vaboro

    Suspicious Outgoing traffic on RT-AC86U

    👍
  7. vaboro

    Tainted nextdns logs every 30 seconds

    @cowboy have you considered other dns proxies?
  8. vaboro

    What is wrong with DDNS..

    Do you have WAN access to router ui enabled? Do you use AiCloud? What's your router model? What's your router's firmware?
  9. vaboro

    Suspicious Outgoing traffic on RT-AC86U

    They're all relatively safe to use, imho. Although TOR kinda stands out as it has a particular purpose of hiding real ip. You can use whatever VPN is easier and/or more convenient for you to set up. I use openvpn and charon (Instant Guard tab).
  10. vaboro

    Suspicious Outgoing traffic on RT-AC86U

    Yeah, but I was just curious :)
  11. vaboro

    Suspicious Outgoing traffic on RT-AC86U

    Have you tried to enable WAN access to router ui and/or AiClould to obtain a copy of malware executable on your device?
  12. vaboro

    Suspicious Outgoing traffic on RT-AC86U

    You may consider using VPN. Charon (Strongswan) can be quite useful and is relatively easy to set up. Instant Guard app on a mobile device is used to access LAN from WAN. Other VPN types can definitely also be used.
  13. vaboro

    Suspicious Outgoing traffic on RT-AC86U

    @arturk WAN access to web ui and everything related to AiCloud (except ddns service) should be disabled to stop all this madness that is happening to you. You can continue using ddns safely though. It's on inadyn which seems to be safe for now.
  14. vaboro

    Suspicious Outgoing traffic on RT-AC86U

    You're right, sorry for confusion. My mistake. Although I had it right in my original post.
  15. vaboro

    Suspicious Outgoing traffic on RT-AC86U

    No WAN access but I used AiCloud. As soon as I switched off the AiCloud the problem stopped.
  16. vaboro

    Suspicious Outgoing traffic on RT-AC86U

    Am I? 384.12 386.12 was released on Sep 4, 2023. And the same problem persisted in 384.14 386.14 released on Jul 20, 2024. CVE was released on Mar 29, 2024. Both firmwares include dated versions of lighttpd.
  17. vaboro

    Suspicious Outgoing traffic on RT-AC86U

    Yeah, but this particular problem never happened to me before this summer. And CVE-2024-3094 was published on March 29, 2024. It might have taken some time for some enthusiast crackers to explore the vulnerability and write some exploits.
  18. vaboro

    Suspicious Outgoing traffic on RT-AC86U

    Maybe it is not. However, I started having the very same problem some time ago and CVE-2024-3094 timing seemed relevant to me. I upgraded to 384.14 386.14 from 384.12 386.12 but the problem persisted. As soon as I closed all lighttpd external ports the problem stopped.
  19. vaboro

    Suspicious Outgoing traffic on RT-AC86U

    @arturk do you have AiCloud and/or WAN access to router's UI interface enabled? 386.14 includes lighttpd 1.4.39 that is CVE-2024-3094 vulnerable.
  20. vaboro

    Hacker has remote control over my devices

    Then it is highly unlikely that a cracker obtained control of your devices via the router. Nevertheless, I would check the external ports with nmap. This should be performed from the Internet, e.g. using a mobile phone's cellular network or a friend's computer with a different ISP.
Top