Asus Taiwan attacks my Asus AC66U_B1 [You heard that right, attack coming from ASUS]

[dugaduga]

Whats going on over there in Taiwan Asus? I bought this router to protect myself against such activity, I did not expect I would be attacked by the makers of the product I was using. What the hell is going on?

ThreatCrowd: https://threatcrowd.org/ip.php?ip=103.10.4.108

 

[GuruGuy]

Those dates are a year old

 

[dugaduga]

Those dates are a year old

no excuses

 

[AndreiV]

no excuses

Nobody is attacking you at all, that is just an IP related to ASUS AiCloud and ASUS servers your system connects to.

Possibly TrendMicro AiProtection has got it wrong (again) , it frequently does the same with the update servers for Kaspersky and shows devices as malicious/infected because they connect to check for updates.

However ...


Your dates are 12+ months ago, more suspicious is the fact that your image shows blank fields in the list of alleged "attacks" , this never happens , where are the descriptions of the events ?
A quick check around some REPUTABLE security sources show these results.

Even more suspicious is the fact that your image clearly shows :

Nothing at all in the graph and the GUI clearly states 0 (zero) Protected Events and " NO EVENTS DETECTED "

So basically nothing ever happened ...........



https://www.ers.trendmicro.com/reputations
IP: 103.10.4.108
Reputation: Unlisted in the spam sender list
Listed in: None
Feedback: Nominate this IP address to the global approved list.

TrendMicro AiProtection blacklist check hasn't even checked that IP before .

https://www.virustotal.com/gui/ip-address/103.10.4.108/detection
Clear

https://www.ip-tracker.org/blacklist-check.php?ip=103.10.4.108
Clear

https://www.ers.trendmicro.com/reputations
IP: 103.10.4.108

Reputation: Unlisted in the spam sender list
Listed in: None

Feedback: Nominate this IP address to the global approved list.
https://www.ipvoid.com/ip-blacklist-check/

103.10.4.108
Safe ....... 0/16 .

https://global.sitesafety.trendmicro.com/result.php

Check : www.asuscomm.com

Result : Safe
The latest tests indicate that this URL contains no malicious software and shows no signs of phishing.

 

[AndreiV]

Please explain this :

Empty fields, and let's take a look at the firmware version and the dates shown in the image.

1) the dates shown in the page are bizarre , it is impossible for the "attacks" to have taken place on 2019-02-11 ( 11th Feb 2019) and the GUI show no events since 2019/11/01 (September 2109) and also the GUI Severity Level shows no line graph but 2/2 (2 events on one day) yet your protected events list shows 3 entries .........

2) The firmware shown wasn't available in 2019.

The image below shows the correct format and attack information.

Look at the dates shown , both correct and in the same format.

What conclusions do we draw from this ?

 

[bitsbytes]

one question.......why ?



seriously.........why?

 

[jegesq]

Why what? Why is the OP misinterpreting the GUI? Why is Asus not really "attacking" the OP's router?

Um....er....yeah..."Why"?

 

[dugaduga]

Nobody is attacking you at all, that is just an IP related to ASUS AiCloud and ASUS servers your system connects to.

Possibly TrendMicro AiProtection has got it wrong (again) , it frequently does the same with the update servers for Kaspersky and shows devices as malicious/infected because they connect to check for updates.

Well IF what you are saying is true, please point me to other sources that confirm your allegations

However ...
Your dates are 12+ months ago

Congratulations, you can read thats a good sign

more suspicious is the fact that your image shows blank fields in the list of alleged "attacks" , this never happens , where are the descriptions of the events ?
A quick check around some REPUTABLE security sources show these results.

WTF are you talking about, this happened, and more than once. The fact you deny this doesn't look good

Even more suspicious is the fact that your image clearly shows :

Nothing at all in the graph and the GUI clearly states 0 (zero) Protected Events and " NO EVENTS DETECTED "

So basically nothing ever happened ...........

Never happened, nice one.

 

[dugaduga]

Why what? Why is the OP misinterpreting the GUI? Why is Asus not really "attacking" the OP's router?

Um....er....yeah..."Why"?

Does he really believe its all just one big great conspiracy?

 

[dugaduga]

Nobody is attacking you at all, that is just an IP related to ASUS AiCloud and ASUS servers your system connects to.

AI cloud is disabled, the only Asus service I allow out is AI signature updates and I only do them manually. Everything else is blocked. It appears this occurred while I was browsing their website last year. That is why you see the attack pointing to my static ip and not the router itself.

The lack of AI details in the top are likely due to resetting the devices to default on numerous occasion, even when I set to clear all AI data that information remains no matter what.