Novice user unsure of what to do about an issue, any advice welcomed.

[kfp]

Ok, I'll do that.

Maybe it's a good idea to re-install my OS's and limit my applications too. I don't have any now but after this experience I'll never use a "hacked" apps ever again. I used to install some to fully try the app out before purchasing. I'd get them from Warez-BB but I stopped that sometime ago. I only purchase from reputable developers either closed source or FOSS from GitHub.

This has been a good learning experience.

Yep, pirated software is a good way to get yourself inflected for sure.

 

[Skeptical.me]

Yep, pirated software is a good way to get yourself inflected for sure.

Yeah, it sure is. I knew that but took the risk. Not anymore, however. Downloading Warez in general has become more of a threat imo, just going by things people have told me.

 

[Skeptical.me]

Yep, pirated software is a good way to get yourself inflected for sure.

Hey,

So for around 4 days I reset the ISP's modem/router out of bridge mode, and of course the attacks stopped on the RT-AC87U. However, I put it back in bridge mode and over the last 24 hours did an isolation test, turning 1 device off for 2 hours at a time. The attacks remained consistent regardless of turning all devices off 1 at a time. Therefore, my guess is that its in the RT-AC87U. And I further guess a re-set is the answer. Which mean resetting all 5 of the VPN profiles, damn it :-(

 

[kfp]

Hey,

So for around 4 days I reset the ISP's modem/router out of bridge mode, and of course the attacks stopped on the RT-AC87U. However, I put it back in bridge mode and over the last 24 hours did an isolation test, turning 1 device off for 2 hours at a time. The attacks remained consistent regardless of turning all devices off 1 at a time. Therefore, my guess is that its in the RT-AC87U. And I further guess a re-set is the answer. Which mean resetting all 5 of the VPN profiles, damn it :-(

By putting your modem out of bridge mode, the attack is just stopped at the modem so of course the Asus doesn’t see them, doesn’t mean they stopped.

A reset and reconfiguration would be good regardless though. If that fails maybe we can just aggregate all the attack attempts and see if there is a pattern in the IP or time the attacks are launched.

 

[Skeptical.me]

By putting your modem out of bridge mode, the attack is just stopped at the modem so of course the Asus doesn’t see them, doesn’t mean they stopped.

A reset and reconfiguration would be good regardless though. If that fails maybe we can just aggregate all the attack attempts and see if there is a pattern in the IP or time the attacks are launched.

Firstly, I just want to thank you again for your help, I really appreciate it.

"By putting your modem out of bridge mode, the attack is just stopped at the modem so of course the Asus doesn’t see them, doesn’t mean they stopped."

Spot on, thats exactly what I meant, the ISP's router blocked the attacks. Maybe I didn't word the sentence correctly.

Ok, so some time over the next day or two (Im a bit busy) I'll do a complete reset and reconfiguration of the 87U and see what happens.

Thanks again

 

[Skeptical.me]

By putting your modem out of bridge mode, the attack is just stopped at the modem so of course the Asus doesn’t see them, doesn’t mean they stopped.

A reset and reconfiguration would be good regardless though. If that fails maybe we can just aggregate all the attack attempts and see if there is a pattern in the IP or time the attacks are launched.

So, my friend. I purchased a new RT-AC86U. After having done all the above I was sure the malware was in the RT-AC87U router. However, I installed the new router got everything setup and running, then just checked out the AiProtection area and I'm still getting the attacks, 77 so far.all I could do was to lol, I have no idea where this thing is.

 

[horizonbrave]

any update?

 

[58chev]

@Skeptical.me
I'd be interested to find out, when you put your internet modem into bridge mode. What settings are configurable on it?

I have noticed on my providers modem, I still had to turn off UPnP.

 

[ColinTaylor]

I have noticed on my providers modem, I still had to turn off UPnP.

If your modem truly is in bridge mode then any UPnP setting would be meaningless as there is no NAT and no firewall.

 

[Skeptical.me]

@Skeptical.me
I'd be interested to find out, when you put your internet modem into bridge mode. What settings are configurable on it?

I have noticed on my providers modem, I still had to turn off UPnP.

No settings are configurable in bridge mode with my ISP's modem/router, as far as Im aware.


Sent from my iPhone using Tapatalk Pro

 

[Skeptical.me]

any update?

I now have an RT-AX88U, and a new NAS. Since replacing both the attacks have stopped.


Sent from my iPhone using Tapatalk Pro

 

[horizonbrave]

based on the exploits I think it is the mac address on the wan port. Be aware though that trend micro sees all your devices, and if they think there's something strange going on they will capture all data for analyzing (whole emails / screens, and they gather data on all devices attached to your router).

How can Trendo Micro see my "whole" emails? Isn't https potecting my traffic??

 

[ColinTaylor]

How can Trend Micro see my "whole" emails?

They can't, not unless it's unencrypted. But email is sent over SSL nowadays, or HTTPS if you access it with a web browser.

Or if you want the be pedantic; they can see it (i.e. capture the traffic), but not be able to decipher the content.