What's new

Router abnormal behavior cpu

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

You could withdraw consent for all Trend Micro services on the "Administration / Privacy" tab of the GUI. See if that neuters the netstat activity. Disabling AiProtection often isn't enough.

Thanks for the help, for the moment it works well!
One thing leaves me perplexed, the fact of being without protection and with the DDNS not enabled.
If it should be the solution, in these conditions what risk would I run?
I thank
 
Thanks for the help, for the moment it works well!
One thing leaves me perplexed, the fact of being without protection and with the DDNS not enabled.
If it should be the solution, in these conditions what risk would I run?
I thank
You can use the DDNS without worry. You don’t need to withdraw consent for Asus on that tab.

without AiProtection, the collective wisdom of this forum is to run the Skynet script to block incoming and outgoing traffic to known “bad” addresses.
 
You can use the DDNS without worry. You don’t need to withdraw consent for Asus on that tab.

without AiProtection, the collective wisdom of this forum is to run the Skynet script to block incoming and outgoing traffic to known “bad” addresses.
For the moment it works well, the RAM consumption is halved and the dow and up speed has doubled.
Is it because of the changes?
Many thanks.
P.s. link to Skynet please ...
 
For the moment it works well, the RAM consumption is halved and the dow and up speed has doubled.
Is it because of the changes?
Many thanks.
P.s. link to Skynet please ...
It's an expected result.

To be rightly prepared for the SkyNet I propose to start with AMTM
 
Thanks.Ok,
I'll try to follow the whole procedure hoping to do it ...

If you don't feel comfortable with scripts, you can use filtering DNS server like Cleanbrowsing DNS - https://cleanbrowsing.org/
It is one of the most effective ones against malicious sites and malware, as well as adult content filtering. It's free to use as Security Filter, Adult Filter and Family Filter with default settings.
 
If you don't feel comfortable with scripts, you can use filtering DNS server like Cleanbrowsing DNS - https://cleanbrowsing.org/
It is one of the most effective ones against malicious sites and malware, as well as adult content filtering. It's free to use as Security Filter, Adult Filter and Family Filter with default settings.
Thank you very much for the advice.
I will try to use Cleanbrowsing DNS!
Hope for the best.
Hello

P.S. It is sufficient to put the DNS as in the attachment without changing other options eg. DNS Privacy Protocol etc.?
I noticed that it loses slightly in speed is correct.?
Is it possible to view sites that have been blocked by Cleanbrowsing DNS?
Thanks
 

Attachments

  • Cattura.PNG
    Cattura.PNG
    307.2 KB · Views: 164
Last edited:
I will try to use Cleanbrowsing DNS!

Cleanbrowsing was just as an example, other DNS services are available as Quad 9, OpenDNS, etc.

- you can use DNS-over-TLS DNS privacy with Cleanbrowsing, there are even presets in Asuswrt-Merlin firmware
- filtering DNS servers are usually a bit slower, they have to do a bit more work, but hardly noticeable during normal Internet use
- you can view blocked sites if you use temporary a non-blocking DNS server set on the device, for example
 
- you can use DNS-over-TLS DNS privacy with Cleanbrowsing, there are even presets in Asuswrt-Merlin firmware.
Kindly, look at the screenshot if the setup for the you gave me is correct?
In particular the dns1 and 2 are those of my isp, are they ok?
Thanks
 

Attachments

  • Screenshot_20191102-212516.png
    Screenshot_20191102-212516.png
    219.9 KB · Views: 144
In particular the dns1 and 2 are those of my isp, are they ok?

Since we are talking about Cleanbrowsing, I would do it this way:

DNS Server 1 : 185.228.168.9
DNS Server 2 : 185.228.169.9
(those two are used only when DNS-over-TLS is not working)

DNS-over-TLS Profile: Opportunistic
(this will allow DNS resolutions for unauthenticated servers)

In this case, you will be using Cleanbrowsing DNS servers with Security Filter no matter if DNS-over-TLS is working or not.

Is it possible to view sites that have been blocked by Cleanbrowsing DNS?

I want to go back a bit, because there is a better way to filter clients. Asuswrt-Merlin has a DNSFilter option in LAN section.

Go to LAN -> DNSFilter and assign different DNS servers for different clients on your network by MAC address. For example:
- your PC -> Cloudflare DNS, no filtering, faster servers (or Cleanbrowsing DNS with Security Filter only)
- your kids laptop -> Cleanbrowsing DNS, Adult Filter (includes Security Filter), slower DNS servers but secure Internet
- your smart TV -> Cleanbrowsing DNS, Family Filter (includes Security Filter + Mixed Content + VPN/Proxy Filters)

Get the idea?
You can define on a router level what device will have filtering and what type of filtering.

If you want ad-blocking DNS on a specific device, use AdGuard DNS, it works similarly to Diversion script.
https://adguard.com/en/adguard-dns/overview.html
It also blocks malicious websites and adult content.

So, playing with different DNS services you can achieve similar results to running popular scripts on the router. There are differences of how scripts and DNS servers protect your Internet connection, but the end result is very similar and easy to setup for people who don't really want to mess with Custom Scripts options in Asuswrt-Merlin.
 
Since we are talking about Cleanbrowsing, I would do it this way:
DNS Server 1 : 185.228.168.9
DNS Server 2 : 185.228.169.9
(those two are used only when DNS-over-TLS is not working) What and where are DNS-over-TLS?
These above should be placed in DNS Wan Settings or DNS-over-TLS Server List , see Annex 2?
Also a yellow warning is issued in DNS Privacy Protocol ..

DNS-over-TLS Profile: Opportunistic
(this will allow DNS resolutions for unauthenticated servers)

In this case, you will be using Cleanbrowsing DNS servers with Security Filter no matter if DNS-over-TLS is working or not.

I want to go back a bit, because there is a better way to filter clients. Asuswrt-Merlin has a DNSFilter option in LAN section.
Go to LAN -> DNSFilter and assign different DNS servers for different clients on your network by MAC address. For example:
- your PC -> Cloudflare DNS, no filtering, faster servers (or Cleanbrowsing DNS with Security Filter only)

Given that in LAN, I only use the PC is it sufficient to set as in attachment 1?
Finally, my network is fairly simple and straightforward, I don't need special things like you see from the client list, I just need a general security protection that doesn't slow down the speed too much.
Thanks for your patience. :)
Annex 3

P.S. in this forum you know how to keep a MAC Address fixed in a Blackview Smartphone A10, because at each start it changes Address?
 

Attachments

  • 1.PNG
    1.PNG
    179.7 KB · Views: 176
  • 2.PNG
    2.PNG
    143.9 KB · Views: 156
  • 3.PNG
    3.PNG
    272.7 KB · Views: 171
Finally, my network is fairly simple and straightforward

Not yet...

- If you don't need per-device DNSFilter, better disable it. With your current setup DNS-over-TLS in not working.
(the yellow message under DNS-over-TLS in WAN section, it says where the problem is)
- You don't need to specify Custom DNS 1/2/3 in DNSFilter section, if no clients in the table below are using those.
 
Not yet...
- If you don't need per-device DNSFilter, better disable it. With your current setup DNS-over-TLS in not working.
(the yellow message under DNS-over-TLS in WAN section, it says where the problem is)
- You don't need to specify Custom DNS 1/2/3 in DNSFilter section, if no clients in the table below are using those.
So can it go?:( if it is OK, is the PC's LAN protected?
(all this and because (my) mental cleansing, linguistic incomprehension and incompetence!)
Sorry!
 

Attachments

  • 4.PNG
    4.PNG
    137 KB · Views: 161
So can it go?:( if it is OK, is the PC's LAN protected?
(all this and because (my) mental cleansing, linguistic incomprehension and incompetence!)
Sorry!
If you want to ensure performance and enforce CleanBrowsing for the entire network, you can consider:
  1. Disable DNS-over-TLS. I had bad performance using it with DoT a while ago. If you are not concerned DNS snooping by ISP or other governing entity, disable it.
  2. Set WAN DNS 1 and 2 to the Cleanbrowsing Security IP addresses.
  3. Set DNSFilter Global mode to Router.
  4. Ensure LAN DHCP DNS Server 1 is blank.
In the future, if you want to change from Cleanbrowsing you only have to do it in one place (WAN DNS).
 
If you want to ensure performance and enforce CleanBrowsing for the entire network, you can consider:
  1. Disable DNS-over-TLS. I had bad performance using it with DoT a while ago. If you are not concerned DNS snooping by ISP or other governing entity, disable it.
  2. Set WAN DNS 1 and 2 to the Cleanbrowsing Security IP addresses.
  3. Set DNSFilter Global mode to Router.
  4. Ensure LAN DHCP DNS Server 1 is blank.
In the future, if you want to change from Cleanbrowsing you only have to do it in one place (WAN DNS).

Let's see if it's okay!
in # 1 (DNS Privacy Protocol) there is a warning!
in # 1 Set WAN DNS 1 and 2 to the Cleanbrowsing Security IP addresses.
in #3 Set DNSFilter Global mode to Router.
in #4 Ensure LAN DHCP DNS Server 1 is blank.
 

Attachments

  • 1.PNG
    1.PNG
    133.3 KB · Views: 145
  • 3.PNG
    3.PNG
    176.9 KB · Views: 149
  • 4.PNG
    4.PNG
    164.3 KB · Views: 167
Let's see if it's okay!

It's all good now! You have Cleanbrowsing DNS with Security Filter for all your devices.
If you need Adult Filter on some devices, then add those to DNSFilter section with corresponding DNS.
 
Ringrazio tutti per la collaborazione e la competenza.

Prego, our Italian friend!
There is a small town called Laveno near Lago Maggiore. I used to live there for about a year, beautiful place.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top