AI Protection Question - 384.5

[armsAC3100]

Starting with version 380.70 I added some IPTables entries attempting to eliminate intrusion attempts that I was finding in my log file.

I recently updated to 384.5 and am seeing External Attacks - "EXPLOIT Netcore Router Backdoor Access" messages in the AI Protection Two-Way IPS section.

I have set the offending IP address in IPTables as a drop.

Does AI Protection inspect the packet prior to IPTables? If not I do not understand why I am getting AI Protection Alerts.

By the way, put me on the list of AC3100 users having no network operational problems with 384.5 for a week now.

Just learning!, Al

 

[AndreiV]

https://www.asus.com/support/FAQ/1012070/


The messages you see are telling you that the "attacks" were prevented from reaching your router.

 

[RMerlin]

Does AI Protection inspect the packet prior to IPTables? If not I do not understand why I am getting AI Protection Alerts.

Hard to tell for sure since the DPI engine is closed source and implemented at the kernel level.

 

[armsAC3100]

Hard to tell for sure since the DPI engine is closed source and implemented at the kernel level.

Thanks... I'l assume that Iptables is being processed properly and AI Protection sees packets first.

Another question.... How can I clear the AI Protection event logs?

Al

 

[RMerlin]

Thanks... I'l assume that Iptables is being processed properly and AI Protection sees packets first.

Another question.... How can I clear the AI Protection event logs?

Al

On the webui, there are icons to click on to delete both the hit counts and the history log.

 

[armsAC3100]

On the webui, there are icons to click on to delete both the hit counts and the history log.

Thanks…….ICON is barely visible on my Chrome browser display!
Al