Menu
What's new
By:
Filters Better Search

AIProtection: Daily external Attack

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

mighty_scoop

New Around Here
Hi all,

got a new Asus GT-AXE16000 and installed the current asuswrt-merlin version (386.8).
Last friday i installed diversion via amtm. Since then (i don't know if it really is corresponding in time) i get daily (~20per day) alarms from AIProtection - Two Way IPS:

EXPLOIT Remote Command exec ution via Shell Script -2

always from the same ip 37.44.238.167

First i restarted my router to get a new IP: no change.
Then I tried to disable Diversion. No change.
Lastly I resetted my router via administration->restore ... no change.

I am a bit worried even if all these attacks are labled as blocked.

Does anybody know what this kind of attack means.
Can i block that IP somewhere?

Thanks in advance

Dominic
 

Attachments

  • Screenshot_20220905-071130.png
    Screenshot_20220905-071130.png
    97.1 KB · Views: 166
ColinTaylor said:
It's just a normal bot scanner, ignore it.

37.44.238.167 | Harmony Hosting Sarl | AbuseIPDB

www.abuseipdb.com www.abuseipdb.com

To be safe make sure you have disabled SSH WAN access and Web Access from WAN (Administration - System).
Click to expand...

Hi Colin,

thanks for your reply. Yes, i disabled both options.
What makes me wonder is that the same IP (bot) "attacks" me even after resetting the router and/or getting a new IP. Is this normal or is mac-adress used to "find me". Sorry if this is a stupdi question ... i don't know much about internet security and possible attacks.
Was the close time connection between diversion installation and the attack just a coincidence?

Again thanks!
 
This is normal - welcome to the internet.

The problem with AiProtection is that it reports lots of scary sounding things that would otherwise just be dropped silently. This makes people think that this is something new or something that is specifically aimed at them. It isn't, it's just that any other router (or your router if you turn off AiProtection) wouldn't report it.

mighty_scoop said:
Was the close time connection between diversion installation and the attack just a coincidence?
Click to expand...
Yes, just coincidence.
 
You must log in or register to reply here.

Similar threads

E
300 attacks since 6. november ?
Replies
9
Views
4K
MichaelCG
M
F
Blocking External Attacks Via Asus AiProtection
Replies
5
Views
6K
AndreiV
A
Sky
[RT-AC87R] AiProtection Two Way IPS define "Top Client"
Replies
2
Views
3K
Sky
Sky
daviworld
  • Poll
RT-AC5300 Performance & Security Guide
2 3 4
Replies
71
Views
82K
L&LD
L&LD
Similar threads
Thread starter Title Forum Replies Date
V Can AIProtection be disabled? Asuswrt-Merlin 7
S OpenVPN LAN access + one external IP Asuswrt-Merlin 3
B External USB 3.0 HDD - Status Unmounted Asuswrt-Merlin 5
L ddns is not getting new external cgnat wan ip Asuswrt-Merlin 8
M Internal or External Captive Portal Solution Asuswrt-Merlin 8
R DDNS - How to Publish Internal vs. External WAN IP Address? Asuswrt-Merlin 2
J Format required for external drive with scripts + entware? Asuswrt-Merlin 7
G [Help] Routing VPN server through VPN client (external VPN Provider) Asuswrt-Merlin 14
R ddns: vlan2 not find External WAN IP, go retry.(10) Asuswrt-Merlin 18
BobMCT cifs to USB3.0 external hdd seems to have stopped working Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 843 (members: 33, guests: 810)
Top