wrs_vt.txt contains logged attack entry from LAN to ISP

[Xentrk]

I noticed the file called “wrs_vp.txt” in my /jffs folder. I had not noticed it before. I also have the file on my other two AC88Us but their contents are null. The file at the shool contained the following entry:

1055106 2017-03-01 10:01:32 MAC ADDRESS REMOVED TCP port 55736 is attacking 110.164.253.163 TCP port 80 ,this action has been blocked.

The MAC is the Windows Server 2008 that the students use. The IP belongs to the ISP. Is this Air Protection doing its job?

 

[joegreat]

I noticed the file called “wrs_vp.txt” in my /jffs folder.

Is this Air Protection doing its job?

Yep, having a look into the source code of bwdpi.h you find there:

#define WRS_VP_LOG        "/jffs/wrs_vp.txt"

 

[Xentrk]

Yep, having a look into the source code of bwdpi.h you find there:

#define WRS_VP_LOG        "/jffs/wrs_vp.txt"

Thank you @joegreat! Glad to know Air Protection is doing it's job. I have it on my to do list to create policy rules at the school on the windows server for the different roles . I wonder what one of the students was doing? They are grades 1 to 6 and seem to be tech savvy at their young age.

 

[Fitz Mutch]

... I wonder what one of the students was doing? They are grades 1 to 6 and seem to be tech savvy at their young age.

A very tech savvy big brother maybe hid the device somewhere?