Novice user unsure of what to do about an issue, any advice welcomed.

[sfx2000]

You just have to stop using AiProtect and QoS.

AI Protect cries wolf very often - perhaps too often, so when a real threat occurs, folks might ignore it.

 

[kfp]

AI Protect cries wolf very often - perhaps too often, so when a real threat occurs, folks might ignore it.

And then other folks would complain it’s not working because there are no alerts showing up

 

[sfx2000]

And then other folks would complain it’s not working because there are no alerts showing up

Indeed - best thing would be to check the loglevel of the app...

 

[skeal]

You just have to stop using AiProtect and QoS.

Yes in 384.6 alpha 2 there is a privacy tab that allows you to opt out of Trend Micro. Not sure if it causes problems it hasn't been thoroughly tested and reported yet.

 

[skeal]

Yeah, true. Is there any way I can analyze or get warned of attacks or intrusion attempts without those services?

No.

 

[Skeptical.me]

No.

Damn, I'll have to learn how to read logs, I guess? I looked through the logs today and its like a foreign language for me. I've enrolled in a P/T course in Networking. It runs for a year so I guess I'll learn about all these things.

 

[kfp]

Damn, I'll have to learn how to read logs, I guess? I looked through the logs today and its like a foreign language for me. I've enrolled in a P/T course in Networking. It runs for a year so I guess I'll learn about all these things.

Good on you.

I’m still curious why that client particularly is receiving all the ‘attacks’. There are bots scanning the net all the time but that would be all directed at your router/WAN, not a client behind NAT. That’s why I thought you might have a port open (via port forwarding or UPnP) that’s attracting attention or worse, the client is infected with some malware and those are the second stage payload.

 

[Skeptical.me]

Good on you.

I’m still curious why that client particularly is receiving all the ‘attacks’. There are bots scanning the net all the time but that would be all directed at your router/WAN, not a client behind NAT. That’s why I thought you might have a port open (via port forwarding or UPnP) that’s attracting attention or worse, the client is infected with some malware and those are the second stage payload.

Malware is a fear of mine, that MAC Address must be the routers because I can't find any device or computer in my LAN with that MAC address. And I definitely don't have any ports or UPnP enaabled. The "attacks" are still happening. But obviously failing. I'm really curious to know what that MAC Address is, do you know where I can find the MAC Address of the router?

 

[kfp]

Malware is a fear of mine, that MAC Address must be the routers because I can't find any device or computer in my LAN with that MAC address. And I definitely don't have any ports or UPnP enaabled. The "attacks" are still happening. But obviously failing. I'm really curious to know what that MAC Address is, do you know where I can find the MAC Address of the router?

If it is the router’s then it’s less concerning, and those attacks would be dropped by the firewall anyway (like intended) and AiProtect is just trying show you that it’s working

Fastest way is to SSH in and do

ifconfig

It should match the MAC of the eth0 interface.

 

[Skeptical.me]

If it is the router’s then it’s less concerning, and those attacks would be dropped by the firewall anyway (like intended) and AiProtect is just trying show you that it’s working

Fastest way is to SSH in and do

ifconfig

It should match the MAC of the eth0 interface.

ahhh yeah, of course. I've done that before for something else. Thank you.


Sent from my iPad using Tapatalk Pro

 

[FadgewackeR]

Yes in 384.6 alpha 2 there is a privacy tab that allows you to opt out of Trend Micro. Not sure if it causes problems it hasn't been thoroughly tested and reported yet.

I opted out of the ASUS one, but stayed in the Trend one, for some reason... Are you aware of how I might trigger that choice again, bar uninstalling and then re-flashing the alpha 2 firmware? If I opt out, will QoS etc still work?

 

[skeal]

I opted out of the ASUS one, but stayed in the Trend one, for some reason... Are you aware of how I might trigger that choice again, bar uninstalling and then re-flashing the alpha 2 firmware? If I opt out, will QoS etc still work?

Sorry, but if you opt out, QOS will not work. You would have to reset to defaults and opt out this would basically (I'm told) leave you without Trend Micro. It has not been fully tested yet so go at your own risk.

 

[FadgewackeR]

Sorry, but if you opt out, QOS will not work. You would have to reset to defaults and opt out this would basically (I'm told) leave you without Trend Micro. It has not been fully tested yet so go at your own risk.

I need QoS, so for that reason, I’m in. Thanks.

 

[Skeptical.me]

Sorry, but if you opt out, QOS will not work. You would have to reset to defaults and opt out this would basically (I'm told) leave you without Trend Micro. It has not been fully tested yet so go at your own risk.

I'm running iOS 12 Public Betas on my iPad and iPhone and the attacks started after AIProtection flagged the iPhone X as infected, and there are Spam sites being blocked from the two devices as well. I've never had these issues in all the time I've had this router. I'm not sure if the iPhone and attacks are linked (I'm not that well versed in these matters), but I thought I'd show you the following (especially the last line of the first screenshot - although the fact it is showing here prove the router has identified it and probably blocked it) :

 

[Balerion]

Malware is a fear of mine, that MAC Address must be the routers because I can't find any device or computer in my LAN with that MAC address. And I definitely don't have any ports or UPnP enaabled. The "attacks" are still happening. But obviously failing. I'm really curious to know what that MAC Address is, do you know where I can find the MAC Address of the router?

If you would like to find what is the device for a given MAC address, just ssh into your router:

# arp -a | grep <MACADDR>

 

[kfp]

I'm running iOS 12 Public Betas on my iPad and iPhone and the attacks started after AIProtection flagged the iPhone X as infected, and there are Spam sites being blocked from the two devices as well. I've never had these issues in all the time I've had this router. I'm not sure if the iPhone and attacks are linked (I'm not that well versed in these matters), but I thought I'd show you the following (especially the last line of the first screenshot - although the fact it is showing here prove the router has identified it and probably blocked it) :

Are your iDevices jailbroken?

 

[Skeptical.me]

Are your iDevices jailbroken?

No, no way. I like the safety of the closed ecosystem Apple have created. But I'm running iOS Public Beta 2 on both devices at present.

 

[kfp]

No, no way. I like the safety of the closed ecosystem Apple have created.

Are you using any file explorer type apps? (think FTP clients, telnet/ssh clients, PLEX, anything that tries to access a file/path on a remote device)

 

[Skeptical.me]

Yes, QNAP QFile, Cryptomator, Plex, Terminus, Standard Notes, Nextcloud hosted by Disroot,

 

[kfp]

Yes, QNAP QFile, Cryptomator, Plex, Terminus, Standard Notes, Nextcloud hosted by Disroot,

I’m guessing one of those was using “../“ when doing navigation, which triggered that last line in the report. Could be benign.

Is Disroot a trusted provider?