What's new

Suspicious Outgoing traffic on RT-AC86U

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

@arturk have you tried Instant Guard App by Asus? I use it regularly on my iphone to establish vpn connection from cellular network to home lan. I assume Asus should also have its Instant Guard App published on Google Play.
 
I am leaving shortly

It depends on where are you going, but I had issues in Africa and South America. I have an OpenVPN server running on 443/TCP, it gets scanned and tested by bots many times per hour, but allows some basic filtering avoidance. No one got in yet. Doesn't help with more advanced DPI filtering.

have you tried Instant Guard App by Asus?

Instant Guard is just a marketing name, in fact made user-friendly setup of IPSec VPN on common know port. Not good if someone wants to prevent this type of VPN connections. Basic filtering will cut it off just like PPTP on common known port. Works well in most places in EU/US/Canada though.
 
Back to the bug issue - do we know what is being uploaded so much and where?
 
@arturk have you tried Instant Guard App by Asus? I use it regularly on my iphone to establish vpn connection from cellular network to home lan. I assume Asus should also have its Instant Guard App published on Google Play.
I have not until you mentioned it. I set up IPSec VPN Server on the router and now I am able to use Instant Guard on my phone.
Thanks for the tip!
 
Back to the bug issue - do we know what is being uploaded so much and where?
I am curious too.
Meanwhile I can only confirm that after shutting down AiCloud services yesterday things are quiet so far, no suspicious outbound traffic.
 
I would like to get in here, as I see that you deal with the problem more technically. I have the same problem on AX3000 V2, I used AiCloud, but the problem persisted even after turning it off and pull out the HD. I tried to put the latest fw on it manually, after a day I noticed the upload again. I am using factory fw. I will try to give other logs in the evening.
 
I would like to get in here, as I see that you deal with the problem more technically. I have the same problem on AX3000 V2, I used AiCloud, but the problem persisted even after turning it off and pull out the HD. I tried to put the latest fw on it manually, after a day I noticed the upload again. I am using factory fw. I will try to give other logs in the evening.
If you didn't factory reset it's quite possible the problem still exists on your router. It's probably best to flash a firmware then factory reset before setting the router up from scratch (don't restore anything from backups).
Make sure AiCloud is disabled as some members have been claiming it's enabled by default, and also disable everything under the USB Applications tab.
 
I tried to put the latest fw on it manually
What fw exactly? Have you also installed entware? Entware is needed to install htop that has been used to spot unusual process, sshd, and its descentant threads in router's memory.
 
@virus_59 the solution is to stop lighttpd. The picture on the page you're referring to shows that it's running along with the Sofia process. But the fact is that the Sofia process most probably got into the system because lighttpd is running, imho.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top