Menu
What's new
By:
Filters Better Search

AiProtection Security Level: Ping from WAN vs Web Access from WAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

DiliMe

Regular Contributor
Hi,
I'm confused about the way AiProtection calculates security risk and I'm looking for your opinion. Please check the 2 images below.
I see that "Ping from WAN" is considered a lower level (RED) of security compared to "Web access from WAN" (GREEN), while I would consider viceversa.
I consider that having the Asus Login page available from the WAN is riskier than having ICMP (ping) ON. ICMP could reveal that my IP is UP for port scanners and eventually somebody can put my device Down by forcing a DoS attack on my IP address.
I want/need to have "something" available from WAN side so that I can automatically monitor the uptime of my internet connection (I am using www.uptimerobot.com), either using ping or the availability of a 8443 port.
So I need to assume one risk: "Ping from WAN" vs "Web access from WAN".
What is your opinion?
IMG_8290.jpg
IMG_8289.jpg
 
DiliMe said:
What is your opinion?
Click to expand...

For better security - stop using this mobile app. Disable both Ping and Web Access from WAN. Use VPN to access your router settings.
 
I use OpenVPN for remote access, but I also need/want to monitor from outside and receive notifications about the status of my internet connection. But OpenVPN cannot be easily monitored on UDP or TCP port because it uses TLS-Auth.
For monitoring purposes I need/want to have open at least one port/protocol besides OpenVPN. Currently I am having ICMP open on the WAN side for the monitoring purposes with UptimeRobot.

I am intrigued by the way AiProtection labels ICMP a higher risk compared to HTTPS access for login page, which is strange to me.
I hope is a bug (or negligence from Asus side) in the way it labels risk.
 
DiliMe said:
I use OpenVPN for remote access, but I also need/want to monitor from outside and receive notifications about the status of my internet connection. But OpenVPN cannot be easily monitored on UDP or TCP port because it uses TLS-Auth.
For monitoring purposes I need/want to have open at least one port/protocol besides OpenVPN. Currently I am having ICMP open on the WAN side for the monitoring purposes with UptimeRobot.

I am intrigued by the way AiProtection labels ICMP a higher risk compared to HTTPS access for login page, which is strange to me.
I hope is a bug (or negligence from Asus side) in the way it labels risk.
Click to expand...
The assessment is spot on! There are numerous threads discussing routers that have been compromised due web access from WAN.
 
Tech9 said:
At one point of Asuswrt evolution WPA3 was labeled insecure in AiProtection, when enabled.
Click to expand...
That's not really related to AiProtection/Trend Micro, this was purely Javascript-based checks that wasn't updated to recognize WPA3. So if it wasn't WPA2, it would blindly report it as insecure.
 
You must log in or register to reply here.

Similar threads

W
Access AX88U Web GUI remotely using Instant Guard vs port forwarding
Replies
5
Views
347
welim
W
D
Feature request: Two factor authentication web login. (TOTP)
Replies
8
Views
967
DJones
D
A
Enable Web Access from WAN can't stay enabled
Replies
2
Views
700
Alipasijaner
A
S
Problems accessing home network from external networks.
Replies
8
Views
1K
Shaggy1
S
randomofamber
FW Merlin 386.7_2 - Web Access from WAN - ports lower 1024
Replies
5
Views
1K
randomofamber
randomofamber
Similar threads
Thread starter Title Forum Replies Date
P Does AiProtection work when dcd crashes? ASUSWRT - Official 1
I AiProtection - Malicious Sites Blocking, no logs since 10/23 ASUSWRT - Official 3
B Clear, Delete, or Reset AiProtection's Alert Preference Information ASUSWRT - Official 3
L What Routers support AiProtection Pro? ASUSWRT - Official 2
L Does it make sense to have AiProtection enabled? ASUSWRT - Official 5
visortgw Recent Security Patches — Still Missing ASUSWRT - Official 33
bbunge Latest Security Updates/Security Recommendation 11/04/2024 ASUSWRT - Official 0
L Security update support list for the US market ASUSWRT - Official 6
C "Duration of Security Update Support (only for UK)" article ASUSWRT - Official 1
L For how many years does Asus provide security updates to the Routers? ASUSWRT - Official 13

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 859 (members: 25, guests: 834)
Top