What's new

Blocking External Attacks Via Asus AiProtection

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

fairmarketvalue

Occasional Visitor
New member looking for some help.

I use Spectrum's 200 Ultimate Internet service via a privately owned Arris SurfBoard 6183 Cable Modem connected to an Asus RT-AC3100 Router running TrendMicro's (AiProtection) antivirus software and firewall. I keep getting multiple External Attacks on my home network that the TrendMicro software identifies as either "EXPLOIT Remote Command Execution via Shell Script -2" or "EXPLOIT Netcore Router Backdoor Access". Luckily, for now, the AiProtection software has been able to block these External Attacks, but they seem to be getting more frequent, and I'm worried a breach could occur at some point in the future. Although the attacks are coming through Spectrum's internet service, Spectrum technical support has essentially washed their hands of this issue, and suggested that I retain a "cybersecurity consultant" to harden my system.

There are two DNS addresses that consistently come up in these attacks: 46.101.47.221 and 159.65.87.101. Reverse DNS Lookup indicates both addresses come through Digital Ocean hosting service, but can't be resolved any further. I haven't found any information from Asus as to how to block these specific DNS's using my router's software. Is there anyone who can tell me how to do so? BTW, if it makes any difference, I am using the CloudFlare 1.1.1.1 and 1.0.0.1 DNS Servers for my network. Could they be causing this issue? Any assistance would be most appreciated! Thanks!
 
New member looking for some help.

I use Spectrum's 200 Ultimate Internet service via a privately owned Arris SurfBoard 6183 Cable Modem connected to an Asus RT-AC3100 Router running TrendMicro's (AiProtection) antivirus software and firewall. I keep getting multiple External Attacks on my home network that the TrendMicro software identifies as either "EXPLOIT Remote Command Execution via Shell Script -2" or "EXPLOIT Netcore Router Backdoor Access". Luckily, for now, the AiProtection software has been able to block these External Attacks, but they seem to be getting more frequent, and I'm worried a breach could occur at some point in the future. Although the attacks are coming through Spectrum's internet service, Spectrum technical support has essentially washed their hands of this issue, and suggested that I retain a "cybersecurity consultant" to harden my system.

There are two DNS addresses that consistently come up in these attacks: 46.101.47.221 and 159.65.87.101. Reverse DNS Lookup indicates both addresses come through Digital Ocean hosting service, but can't be resolved any further. I haven't found any information from Asus as to how to block these specific DNS's using my router's software. Is there anyone who can tell me how to do so? BTW, if it makes any difference, I am using the CloudFlare 1.1.1.1 and 1.0.0.1 DNS Servers for my network. Could they be causing this issue? Any assistance would be most appreciated! Thanks!


This has been asked many times before. You have nothing to worry about.

What you see recorded in AiProtection is BLOCKED , ie. didn't get to the router.

The "attacks" are not directed at you personally , they are bots seeking unpatched routers. Everyone running AiProtection is seeing them. If you turned off AiProtection the firewall on a fully maintained router would stop those "attacks".

Before the recent update to Trend Micro AiProtection , the exploits were blocked silently, there was nothing to see because there were no records shown to the user.
The updated design , no doubt done to impress people has actually done the opposite , it's scared people silly .......
 
Appreciate your help. Even though I am a novice at this stuff, joining these forums was a great idea!

No problem . Welcome to the forum , you'll find a lot of useful information and a superb, friendly community here.
 
Just don't save your passwords, or use 2FA on your Google account.
 
Don't use a :
Microsoft account
Google account
Cortana
Never had an account for a browser.
Turn off browser based password systems
Never synchronise anything .
Edge is no more secure than any other browser (doesn't exist on any of my systems ;)) and Google/Chrome is easily removed and replaced from Android phones and all other devices.

Simple really.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top