What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Think maybe my Asus AC1900P with Merlin Firmware has been compromised. Need some help .

Davidncali001

Davidncali001

Regular Contributor
What I am about to explain in detail was discovered after I installed the latest beta 2 firmware from Merlin and directly after I uninstalled a Windows 10 VPN client called CyberGhost. So updated Merlin, then immediately uninstalled CyberGhost VPN Windows 10 client.

I discovered a network adapter on my PC and the name was called Incoming Connections. Mind you I have never seen this before. I double clicked it and it said no clients connected. Did some research and found out it's for letting people connect to your PC over the internet. I uninstalled that network adapter and decided to make sure my router hadn't been compromised.

So everything on the router looked like the setting I had originally setup. I did then run the netstat utility inside asus merlin and found a bunch of very odd entries that in all my years of using the Merlin firmware have never seen. I will list all the strange netstat entries below:

datametrics
sa-msg-port
radius
radacct
squid
afbackup

All of the entries I have listed above had a Time Wait entry next to them.

So my question is, is has my router been compromised? What are those entries from netstat and what is that Windows 10 network adapter doing on my PC?

If my router has been compromised what should I do?

Thanks for your time,

David
 
Stop worrying.

"Incoming connection" was a virtual network adapter to handle the VPN traffic.
Cyberghost looks like a respectable company.
It was correctly setup and needed a virtual network adapter to do its job.

As for your routers security, you should NOT have this setting enabled in your RoutersUI:

Code: 
Enable Web Access from WAN = Yes
Enable SSH = LAN + WAN

You should also of had a decent password on access your router.

If the above are met, then you are super safe.

Next, these settings should be disabled, unless you are actively using them.

Enable Telnet No
Enable SSH No


I doubt anything happened, but you can boot the router in "Recovery Mode", reflash the firmware, and clear the NVRAM.
When that happens the router is 100% back to factory. Little overkill steps after installing a paid VPN that worked correctly.
 
Thank You for easing my mind! I really appreciate it.

David




FreshJR said:
Stop worrying.

"Incoming connection" was a virtual network adapter to handle the VPN traffic.
Cyberghost looks like a respectable company.
It was correctly setup and needed a virtual network adapter to do its job.

As for your routers security, you should NOT have this setting enabled in your RoutersUI:

Code: 
Enable Web Access from WAN = Yes
Enable SSH = LAN + WAN

You should also of had a decent password on access your router.

If the above are met, then you are super safe.

Next, these settings should be disabled, unless you are actively using them.

Enable Telnet No
Enable SSH No


I doubt anything happened, but you can boot the router in "Recovery Mode", reflash the firmware, and clear the NVRAM.
When that happens the router is 100% back to factory. Little overkill steps after installing a paid VPN that worked correctly.
Click to expand...
 
You must log in or register to reply here.

Similar threads

Tyrfing
Asus RT-AX88U Stuck on Merlin Firmware 388.1
Replies
9
Views
1K
Tyrfing
Tyrfing
N
Help with access to SMB drive on ASUS router
Replies
16
Views
9K
kizzed
kizzed
Z
Sudden network issues, looking to fully reset my TUF-AX5400 router running Gnuton's Merlin fork
Replies
1
Views
2K
Tech9
Tech9
R
GT-AX6000 can't update firmware and other settings...need help
2
Replies
31
Views
4K
McKey
McKey
S
Solved Serious Diablo IV Lag when using ethernet connection. HELP!
2
Replies
24
Views
3K
Silarous
S
Similar threads
Thread starter Title Forum Replies Date
C 3004.388.6_2 media bridge mode (RT-AX86U but maybe others also) - port status missing Asuswrt-Merlin 8
garycnew robocfg Not Available on Asus GT-AXE11000 (Asuswrt-Merlin 388.8_4)? Asuswrt-Merlin 9
B ASUS AC88U Traffic Analyzer statistics doesn't save after 1 day Asuswrt-Merlin 5
Zakalwe Mom' made the house go wireless, so got rid of AX86u Pro and AC86, bought a ASUS RT-BE92U Asuswrt-Merlin 21
K USB Drive Size, File System Recommendations, and Time Machine on Asus Merlin Routers Asuswrt-Merlin 15
YumeHatsuyuki ASUS Router App Unable to Detect AsusMerlin Asuswrt-Merlin 13
PCDOK2R3N Advise for new purchase of newer model ASUS router that gets Merlin Firmware for 3 bedroom appartment? Asuswrt-Merlin 8
garett_09 ASUS BE88U frequently drops my AI Mesh connection on my AX11000 Asuswrt-Merlin 0
S Not seeing any server certificate information on the ddns page after changing ASUS official firmware to 3004.388.8_4-gnuton1. Asuswrt-Merlin 0
G Proper way to expose services to the internet with Asus Merlin? Asuswrt-Merlin 11

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 2,361 (members: 19, guests: 2,342)
Back
Top