cancel
Showing results for 
Search instead for 
Did you mean: 

I Believed my RT-AC88U hacked 3 times... please help...

lmlim
Level 7
Hi Asus Team,

I believed my RT-AC88U has been hacked 3 times. I am attaching screenshot of latest AI Protection log.
i am sorry i have trouble uploading syslog.txt as attachment. where i can send syslog.txt?

after the attack, my ai mesh network/icon is not functioning, 2.4G wifi is gone, 5G is still ok,
wireless page can't be clicked, wireless log can't be clicked either, adding changes to any config will failed.

only hard resetting and then unplugged it for awhile will restore my router back to factory default setting.
i have tried restore/initialize/reboot, all failed.

description from ai protection indicating that there are "exploit netcore router back door access" and "exploit remote command execution via shell scrypt -2"
i am not sure what that means... this is all information i can give for now. if you need more please let me know. email : dont post your email publicly - moderator

also i have submitted feedback page from router, althou i am not sure if it get through or not.
also in syslog, there is message every 5min or so calling http req to letsencrypt.org, it wasn't like this before the 1st hack.

I URGENTLY need assistance, the hacker seem constantly attacking/probing...

===Martin
68,376 Views
13 REPLIES 13

lmlim
Level 7
hi team,

this morning we've been attacked again, at around 2:50am local time. below is snippets of syslog when router is booting. (after it was attacked)
it was rebooting by itself. and as before, after that aimesh, wifi 2.4g and several pages in admin, all are inaccessible.
log has "kernel: external imprecise data......." which is unusual.


updates:
after, unplug the power for a couple of minutes and plug it back. the router is back to normal.
no need for hard reset... phew...
aiprotection shows nothing, at that time.

updates: 27/03/2018
there are many hits from aiprotection today, but so far my router is doing ok, i think.
i have big suspicious on error messages re: letsencrypt.org called by kernel every 5 minutes or so.
in doing so, router's CPU spiked to 100% for a couple of seconds.
these errors has been there since the 1st attack, has my router been compromised? there wasn't any errors like this before the 1st attack.



below is snippets of error log on "letsencrypt.org", i have replace my DNS name to XXXXX.asuscomm.com for privacy.

.....
Mar 27 10:55:38 kernel: /usr/sbin/acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/UhiBnOpDX2_qCE4YVMXuaYenSvIFZeVi_7jN9sbOGNk/3977... bad response
Mar 27 10:55:38 kernel: /usr/sbin/acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:connection", "detail": "Fetching http://XXXXXXXXXXX.asuscomm.com/.well-known/acme-challenge/Hi2YylcKbIjivb4GTNC4PZekG-ptOkGZIh_G2uKiG... Timeout", "status": 400 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/UhiBnOpDX2_qCE4YVMXuaYenSvIFZeVi_7jN9sbOGNk/3977139698", "token": "Hi2YylcKbIjivb4GTNC4PZekG-ptOkGZIh_G2uKiG1E", "keyAuthorization": "Hi2YylcKbI
Mar 27 11:00:01 rc_service: service 19773:notify_rc restart_letsencrypt
Mar 27 11:00:09 kernel: /usr/sbin/acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad HTTP: 429
Mar 27 11:00:09 kernel: /usr/sbin/acme-client: transfer buffer: [{ "type": "urn:acme:error:rateLimited", "detail": "Error creating new authz :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/", "status": 429 }] (189 bytes)
Mar 27 11:03:51 lldpd[450]: unable to send packet on real device for wds1.3: No such device or address
....



also my aimesh node is just 1 rt-ac68u. firmware has been updated to 3.0.0.4.384_20624-g14d2f02
main router rt-ac88u firmware is 3.0.0.4.384_20379-gc0714df

===martin


...
Feb 14 07:00:21 syslogd started: BusyBox v1.17.4
Feb 14 07:00:21 kernel: klogd started: BusyBox v1.17.4 (2018-02-07 19:40:02 CST)
Feb 14 07:00:21 kernel: PCI: Fixing up bus 0
Feb 14 07:00:21 kernel: PCI: Fixing up bus 0
Feb 14 07:00:21 kernel: PCI: Fixing up bus 1
Feb 14 07:00:21 kernel: PCI: Fixing up bus 0
Feb 14 07:00:21 kernel: PCI: Fixing up bus 1
Feb 14 07:00:21 kernel: VFS: Disk quotas dquot_6.5.2
Feb 14 07:00:21 kernel: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
Feb 14 07:00:21 kernel: pflash: found no supported devices
Feb 14 07:00:21 kernel: bcmsflash: found no supported devices
Feb 14 07:00:21 kernel: Boot partition size = 524288(0x80000)
Feb 14 07:00:21 kernel: lookup_nflash_rootfs_offset: offset = 0x200000
Feb 14 07:00:21 kernel: nflash: squash filesystem with lzma found at block 29
Feb 14 07:00:21 kernel: Creating 4 MTD partitions on "nflash":
Feb 14 07:00:21 kernel: 0x000000000000-0x000000080000 : "boot"
Feb 14 07:00:21 kernel: 0x000000080000-0x000000200000 : "nvram"
Feb 14 07:00:21 kernel: 0x000000200000-0x000004000000 : "linux"
Feb 14 07:00:21 kernel: 0x0000003bfed0-0x000004000000 : "rootfs"
Feb 14 07:00:21 kernel: === PPTP init ===
Feb 14 07:00:22 kernel: Registering the dns_resolver key type
Feb 14 07:00:22 kernel: Spare area=64 eccbytes 56, ecc bytes located at:
Feb 14 07:00:22 kernel: 2 3 4 5 6 7 8 9 10 11 12 13 14 15 18 19 20 21 22 23 24 25 26 27 28 29 30 31 34 35 36 37 38 39 40 41 42 43 44 45 46 47 50 51 52 53 54 55 56 57 58 59 60 61 62 63
Feb 14 07:00:22 kernel: Available 7 bytes at (off,len):
Feb 14 07:00:22 kernel: (1,1) (16,2) (32,2) (48,2) (0,0) (0,0) (0,0) (0,0)
Feb 14 07:00:22 kernel: Options: NO_AUTOINCR,NO_READRDY,
Feb 14 07:00:22 kernel: Creating 1 MTD partitions on "brcmnand":
Feb 14 07:00:22 kernel: 0x000004000000-0x000008000000 : "brcmnand"
Feb 14 07:00:22 kernel: VFS: Mounted root (squashfs filesystem) readonly on device 31:3.
Feb 14 07:00:22 kernel: rtl8365mb: module license 'Proprietary' taints kernel.
Feb 14 07:00:22 kernel: Disabling lock debugging due to kernel taint
Feb 14 07:00:22 kernel: rtl8365mbrtl8365mb initialized(0)(retry:1)
Feb 14 07:00:22 kernel: rtk port_phyEnableAll ok
Feb 14 07:00:22 kernel: register rtl8365mb done (link down at first)
Feb 14 07:00:22 kernel: et_module_init: passivemode set to 0x0
Feb 14 07:00:22 kernel: et_module_init: txworkq set to 0x0
Feb 14 07:00:22 kernel: et_module_init: et_txq_thresh set to 0xce4
Feb 14 07:00:22 kernel: et_module_init: et_rxlazy_timeout set to 0x3e8
Feb 14 07:00:22 kernel: et_module_init: et_rxlazy_framecnt set to 0x20
Feb 14 07:00:22 kernel: et_module_init: et_rxlazy_dyn_thresh set to 0
Feb 14 07:00:22 kernel: ERROR fwder_init: fwd_cpumap nvram not present, using default
Feb 14 07:00:22 kernel: eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 7.14.164.303 (r666427)
Feb 14 07:00:22 kernel: dpsta_init: msglevel set to 0x1
Feb 14 07:00:22 kernel: dpsta_init: fail to get ifnames!
Feb 14 07:00:22 nat: apply redirect rules
Feb 14 07:00:22 kernel: PCI_PROBE: bus 1, slot 0,vendor 14E4, device 4365(good PCI location)
Feb 14 07:00:22 kernel: PCI: Enabling device 0001:01:00.0 (0140 -> 0142)
Feb 14 07:00:22 kernel: dhd_attach(): thread:dhd_watchdog_thread:7a started
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x803211a0 lr=0x7f095360 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x803211ac lr=0x7f0953a0 ignored.
Feb 14 07:00:22 kernel: dhd_detach(): thread:dhd_watchdog_thread:7a terminated OK
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x803211a0 lr=0x7f09cab4 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x803211a0 lr=0x7f09d9a0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x803211ac lr=0x7f09bf50 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x803211ac lr=0x7f09c9e4 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fea4 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: PCI_PROBE: bus 1, slot 0,vendor 14E4, device 4365(good PCI location)
Feb 14 07:00:22 kernel: PCI: Enabling device 0002:01:00.0 (0140 -> 0142)
Feb 14 07:00:22 kernel: dhd_attach(): thread:dhd_watchdog_thread:7e started
Feb 14 07:00:22 kernel: Dongle Host Driver, version 1.363.2 (r665954)
Feb 14 07:00:22 kernel: Compiled in drivers/net/wireless/bcmdhd on Feb 7 2018 at 19:46:10
Feb 14 07:00:22 kernel: Register interface [eth2] MAC: 38:d5:47:bc:13:3c
Feb 14 07:00:22 kernel: xhci_hcd 0000:00:0c.0: Failed to enable MSI-X
Feb 14 07:00:22 kernel: xhci_hcd 0000:00:0c.0: failed to allocate MSI entry
Feb 14 07:00:22 kernel: usb usb1: No SuperSpeed endpoint companion for config 1 interface 0 altsetting 0 ep 129: using minimum values
Feb 14 07:00:23 dnsmasq[335]: warning: no upstream servers configured
Feb 14 07:00:23 kernel: rtk port_phyEnableAll (on) ok
Feb 14 07:00:24 RT-AC88U: start httpd
Feb 14 07:00:24 syslog: Generating SSL certificate...
Feb 14 07:00:24 NAT Tunnel: AAE Service is stopped
Feb 14 07:00:24 disk monitor: be idle
Feb 14 07:00:24 AAE: AAE Service is started
Feb 14 07:00:24 jffs2: valid logs(1)
Feb 14 07:00:24 hour monitor: daemon is starting
Feb 14 07:00:24 Mastiff: exit.
Feb 14 07:00:25 lldpd[424]: cannot get ethtool link information with GSET (requires 2.6.19+): Operation not permitted
Feb 14 07:00:27 wan: [wan0_hwaddr] == [38:D5:47:BC:13:38]
Feb 14 07:00:27 WAN Connection: ISP's DHCP did not function properly.
Feb 14 07:00:27 wan: [deconfig] udhcpc done[286]
Feb 14 07:00:27 rc_service: udhcpc 442:notify_rc start_firewall
Feb 14 07:00:27 wan: finish adding multi routes
Feb 14 07:00:27 rc_service: udhcpc 442:notify_rc stop_upnp
Feb 14 07:00:27 rc_service: waitting "start_firewall" via udhcpc ...
Feb 14 07:00:30 syslog: module ledtrig-usbdev not found in modules.dep
Feb 14 07:00:30 syslog: module leds-usb not found in modules.dep
Feb 14 07:00:30 kernel: SCSI subsystem initialized
Feb 14 07:00:32 nat: apply nat rules (/tmp/nat_rules_eth0_eth0)
Feb 14 07:00:32 kernel: nf_conntrack_rtsp v0.6.21 loading
Feb 14 07:00:32 kernel: nf_nat_rtsp v0.6.21 loading
Feb 14 07:00:33 WAN Connection: WAN was restored.
Feb 14 07:00:33 rc_service: udhcpc 442:notify_rc start_upnp
Feb 14 07:00:33 rc_service: waitting "stop_upnp" via udhcpc ...
Feb 14 07:00:33 ntp: start NTP update
Mar 26 02:54:15 rc_service: ntp 459:notify_rc restart_upnp
....

MarshallR
Level 10
Hi, sorry it's taken a few days for a reply here.

Yes you were attacked but the router blocked the attack. It's like someone knocking at your door but your router didn't open the door. Without AIProtect and Two-way IPS your router would have been hacked. You have two-way IPS enabled already in the router settings so this is OK. Possibly you could contact your ISP to ask how to change your IP address, otherwise don't worry- the router is doing it's job.

Regarding the system bug, we will have a new firmware released by the end of April fixing this issue. It's not a concern, it just generates an error in the log.

Hi MarshallR,

thanks for replying...
I have sent you PM.

===Martin

MarshallR wrote:
Hi, sorry it's taken a few days for a reply here.

Yes you were attacked but the router blocked the attack. It's like someone knocking at your door but your router didn't open the door. Without AIProtect and Two-way IPS your router would have been hacked. You have two-way IPS enabled already in the router settings so this is OK. Possibly you could contact your ISP to ask how to change your IP address, otherwise don't worry- the router is doing it's job.

Regarding the system bug, we will have a new firmware released by the end of April fixing this issue. It's not a concern, it just generates an error in the log.


I'm having the same issue. My router login was changed to Korean multiple times from January to July. I recently was able to find that it wasn't a "factory reset" but rather someone hacking into it a few weeks ago. I don't think they've managed to steal my CC info, but they have been long been removed back in March 2018. I have factory reset the router back in July 16ish and made a hexadecimal password for the router login and have started using LastPass for even more preventative measures. I've disabled remote login and only login from direct router connection.

Posted below my sys log. It resets to May 5 as someone has said that is because of a disconnection or power supply issue of the router. ISP states it is my modem and I have a second modem to troubleshoot that issue for it. If it is power supply issue, my warranty should still be good for the router.

NovaTitan
Level 7
May 5 00:05:04 kernel: PCI: bus1: Fast back to back transfers disabled
May 5 00:05:04 kernel: pci 0001:00:00.0: BAR 8: assigned [mem 0x08000000-0x08bfffff]
May 5 00:05:04 kernel: pci 0001:00:00.0: BAR 9: assigned [mem 0x08c00000-0x08cfffff 64bit pref]
May 5 00:05:04 kernel: pci 0001:01:00.0: BAR 2: assigned [mem 0x08000000-0x087fffff 64bit]
May 5 00:05:04 kernel: pci 0001:01:00.0: BAR 2: set to [mem 0x08000000-0x087fffff 64bit] (PCI address [0x8000000-0x87fffff]
May 5 00:05:04 kernel: pci 0001:01:00.0: BAR 4: assigned [mem 0x08c00000-0x08cfffff 64bit pref]
May 5 00:05:04 kernel: pci 0001:01:00.0: BAR 4: set to [mem 0x08c00000-0x08cfffff 64bit pref] (PCI address [0x8c00000-0x8cfffff]
May 5 00:05:04 kernel: pci 0001:01:00.0: BAR 0: assigned [mem 0x08800000-0x08807fff 64bit]
May 5 00:05:04 kernel: pci 0001:01:00.0: BAR 0: set to [mem 0x08800000-0x08807fff 64bit] (PCI address [0x8800000-0x8807fff]
May 5 00:05:04 kernel: pci 0001:00:00.0: PCI bridge to [bus 01-01]
May 5 00:05:04 kernel: pci 0001:00:00.0: bridge window [io disabled]
May 5 00:05:04 kernel: pci 0001:00:00.0: bridge window [mem 0x08000000-0x08bfffff]
May 5 00:05:04 kernel: pci 0001:00:00.0: bridge window [mem 0x08c00000-0x08cfffff 64bit pref]
May 5 00:05:04 kernel: PCIE2 link=1
May 5 00:05:04 kernel: PCIE2 switching to GEN2
May 5 00:05:04 kernel: PCIE2 link=1
May 5 00:05:04 kernel: PCI: Fixing up bus 0
May 5 00:05:04 kernel: PCI: bus0: Fast back to back transfers disabled
May 5 00:05:04 kernel: PCI: Fixing up bus 1
May 5 00:05:04 kernel: PCI: bus1: Fast back to back transfers disabled
May 5 00:05:04 kernel: pci 0002:00:00.0: BAR 8: assigned [mem 0x20000000-0x20bfffff]
May 5 00:05:04 kernel: pci 0002:00:00.0: BAR 9: assigned [mem 0x20c00000-0x20cfffff 64bit pref]
May 5 00:05:04 kernel: pci 0002:01:00.0: BAR 2: assigned [mem 0x20000000-0x207fffff 64bit]
May 5 00:05:04 kernel: pci 0002:01:00.0: BAR 2: set to [mem 0x20000000-0x207fffff 64bit] (PCI address [0x20000000-0x207fffff]
May 5 00:05:04 kernel: pci 0002:01:00.0: BAR 4: assigned [mem 0x20c00000-0x20cfffff 64bit pref]
May 5 00:05:04 kernel: pci 0002:01:00.0: BAR 4: set to [mem 0x20c00000-0x20cfffff 64bit pref] (PCI address [0x20c00000-0x20cfffff]
May 5 00:05:04 kernel: pci 0002:01:00.0: BAR 0: assigned [mem 0x20800000-0x20807fff 64bit]
May 5 00:05:04 kernel: pci 0002:01:00.0: BAR 0: set to [mem 0x20800000-0x20807fff 64bit] (PCI address [0x20800000-0x20807fff]
May 5 00:05:04 kernel: pci 0002:00:00.0: PCI bridge to [bus 01-01]
May 5 00:05:04 kernel: pci 0002:00:00.0: bridge window [io disabled]
May 5 00:05:04 kernel: pci 0002:00:00.0: bridge window [mem 0x20000000-0x20bfffff]
May 5 00:05:04 kernel: pci 0002:00:00.0: bridge window [mem 0x20c00000-0x20cfffff 64bit pref]
May 5 00:05:04 nat: apply redirect rules
May 5 00:05:04 kernel: PCIE3 link=0
May 5 00:05:04 kernel: VFS: Disk quotas dquot_6.5.2
May 5 00:05:04 kernel: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
May 5 00:05:04 kernel: squashfs: version 4.0 (2009/01/31) Phillip Lougher
May 5 00:05:04 kernel: fuse init (API version 7.15)
May 5 00:05:04 kernel: msgmni has been set to 1005
May 5 00:05:04 kernel: io scheduler noop registered (default)
May 5 00:05:04 kernel: io scheduler deadline registered
May 5 00:05:04 kernel: io scheduler cfq registered
May 5 00:05:04 kernel: Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled
May 5 00:05:04 kernel: serial8250.0: ttyS0 at MMIO 0x18000300 (irq = 117) is a 16550
May 5 00:05:04 kernel: console [ttyS0] enabled, bootconsole disabled
May 5 00:05:04 kernel: serial8250.0: ttyS1 at MMIO 0x18000400 (irq = 117) is a 16550
May 5 00:05:04 kernel: brd: module loaded
May 5 00:05:04 kernel: loop: module loaded
May 5 00:05:04 kernel: pflash: found no supported devices
May 5 00:05:04 kernel: bcmsflash: found no supported devices
May 5 00:05:04 kernel: Boot partition size = 524288(0x80000)
May 5 00:05:04 kernel: lookup_nflash_rootfs_offset: offset = 0x200000
May 5 00:05:04 kernel: nflash: squash filesystem with lzma found at block 29
May 5 00:05:04 kernel: Creating 4 MTD partitions on "nflash":
May 5 00:05:04 kernel: 0x000000000000-0x000000080000 : "boot"
May 5 00:05:04 kernel: 0x000000080000-0x000000200000 : "nvram"
May 5 00:05:04 kernel: 0x000000200000-0x000004000000 : "linux"
May 5 00:05:04 kernel: 0x0000003bfe4c-0x000004000000 : "rootfs"
May 5 00:05:04 kernel: PPP generic driver version 2.4.2
May 5 00:05:04 kernel: PPP MPPE Compression module registered
May 5 00:05:04 kernel: NET: Registered protocol family 24
May 5 00:05:04 kernel: PPTP driver version 0.8.5
May 5 00:05:04 kernel: === PPTP init ===
May 5 00:05:04 kernel: u32 classifier
May 5 00:05:04 kernel: Performance counters on
May 5 00:05:04 kernel: Actions configured
May 5 00:05:04 kernel: Netfilter messages via NETLINK v0.30.
May 5 00:05:04 kernel: nf_conntrack version 0.5.0 (8045 buckets, 32180 max)
May 5 00:05:04 kernel: ctnetlink v0.93: registering with nfnetlink.
May 5 00:05:04 kernel: xt_time: kernel timezone is -0000
May 5 00:05:04 kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
May 5 00:05:04 kernel: TCP cubic registered
May 5 00:05:04 kernel: NET: Registered protocol family 10
May 5 00:05:04 kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team
May 5 00:05:04 kernel: NET: Registered protocol family 17
May 5 00:05:04 kernel: NET: Registered protocol family 15
May 5 00:05:04 kernel: L2TP core driver, V2.0
May 5 00:05:04 kernel: PPPoL2TP kernel driver, V2.0
May 5 00:05:04 kernel: 802.1Q VLAN Support v1.8 Ben Greear
May 5 00:05:04 kernel: All bugs added by David S. Miller
May 5 00:05:04 kernel: Registering the dns_resolver key type
May 5 00:05:04 kernel: Northstar brcmnand NAND Flash Controller driver, Version 0.1 (c) Broadcom Inc. 2012
May 5 00:05:04 kernel: NAND device: Manufacturer ID: 0xc8, Chip ID: 0xd1 (Unknown NAND 128MiB 3,3V 8-bit)
May 5 00:05:04 kernel: Spare area=64 eccbytes 56, ecc bytes located at:
May 5 00:05:04 kernel: 2 3 4 5 6 7 8 9 10 11 12 13 14 15 18 19 20 21 22 23 24 25 26 27 28 29 30 31 34 35 36 37 38 39 40 41 42 43 44 45 46 47 50 51 52 53 54 55 56 57 58 59 60 61 62 63
May 5 00:05:04 kernel: Available 7 bytes at (off,len):
May 5 00:05:04 kernel: (1,1) (16,2) (32,2) (48,2) (0,0) (0,0) (0,0) (0,0)
May 5 00:05:04 kernel: Scanning device for bad blocks
May 5 00:05:04 kernel: Options: NO_AUTOINCR,NO_READRDY,
May 5 00:05:05 kernel: Creating 1 MTD partitions on "brcmnand":
May 5 00:05:05 kernel: 0x000004000000-0x000008000000 : "brcmnand"
May 5 00:05:05 kernel: VFS: Mounted root (squashfs filesystem) readonly on device 31:3.
May 5 00:05:05 kernel: devtmpfs: mounted
May 5 00:05:05 kernel: Freeing init memory: 288K
May 5 00:05:05 kernel: rtl8365mb: module license 'Proprietary' taints kernel.
May 5 00:05:05 kernel: Disabling lock debugging due to kernel taint
May 5 00:05:05 kernel: rtl8365mbrtl8365mb initialized(0)(retry:1)
May 5 00:05:05 kernel: rtk port_phyEnableAll ok
May 5 00:05:05 kernel: register rtl8365mb done (link down at first)
May 5 00:05:05 kernel: et_module_init: passivemode set to 0x0
May 5 00:05:05 kernel: et_module_init: txworkq set to 0x0
May 5 00:05:05 kernel: et_module_init: et_txq_thresh set to 0xce4
May 5 00:05:05 kernel: et_module_init: et_rxlazy_timeout set to 0x3e8
May 5 00:05:05 kernel: et_module_init: et_rxlazy_framecnt set to 0x20
May 5 00:05:05 kernel: et_module_init: et_rxlazy_dyn_thresh set to 0
May 5 00:05:05 kernel: et0: bhdr_sz 0 bhdr_roff 0
May 5 00:05:05 kernel: fwd0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 7.14.164.303 (r666427)
May 5 00:05:05 kernel: et1: bhdr_sz 0 bhdr_roff 0
May 5 00:05:05 kernel: fwd1: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 7.14.164.303 (r666427)
May 5 00:05:05 kernel: agg_attach: bhdr_enable 1
May 5 00:05:05 kernel: et2: bhdr_sz 4 bhdr_roff 12
May 5 00:05:05 kernel: et2: vlan1map 0xaf
May 5 00:05:05 kernel: et2: vlan2map 0x10
May 5 00:05:05 kernel: eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 7.14.164.303 (r666427)
May 5 00:05:05 kernel: dpsta_init: msglevel set to 0x1
May 5 00:05:05 kernel: PCI_PROBE: bus 1, slot 0,vendor 14E4, device 4365(good PCI location)
May 5 00:05:05 kernel: PCI: Enabling device 0001:01:00.0 (0140 -> 0142)
May 5 00:05:05 kernel: dhd_attach(): thread:dhd_watchdog_thread:80 started
May 5 00:05:05 kernel: Dongle Host Driver, version 1.363.2 (r665954)
May 5 00:05:05 kernel: Compiled in drivers/net/wireless/bcmdhd on May 27 2018 at 13:21:02
May 5 00:05:05 kernel: Register interface [eth1] MAC: 60:45:cb:18:ae:c8
May 5 00:05:05 kernel: PCI_PROBE: bus 1, slot 0,vendor 14E4, device 4365(good PCI location)
May 5 00:05:05 kernel: PCI: Enabling device 0002:01:00.0 (0140 -> 0142)
May 5 00:05:05 kernel: dhd_attach(): thread:dhd_watchdog_thread:84 started
May 5 00:05:05 kernel: Dongle Host Driver, version 1.363.2 (r665954)
May 5 00:05:05 kernel: Compiled in drivers/net/wireless/bcmdhd on May 27 2018 at 13:21:02
May 5 00:05:05 kernel: Register interface [eth2] MAC: 60:45:cb:18:ae:cc
May 5 00:05:05 kernel: JFFS2 version 2.2. (NAND) © 2001-2006 Red Hat, Inc.
May 5 00:05:05 kernel: usbcore: registered new interface driver usbfs
May 5 00:05:05 kernel: usbcore: registered new interface driver hub
May 5 00:05:05 kernel: usbcore: registered new device driver usb
May 5 00:05:05 kernel: ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
May 5 00:05:05 kernel: ehci_hcd 0000:00:0b.1: EHCI Host Controller
May 5 00:05:05 kernel: ehci_hcd 0000:00:0b.1: new USB bus registered, assigned bus number 1
May 5 00:05:05 kernel: ehci_hcd 0000:00:0b.1: irq 111, io mem 0x18021000
May 5 00:05:05 kernel: ehci_hcd 0000:00:0b.1: USB 0.0 started, EHCI 1.00
May 5 00:05:05 kernel: hub 1-0:1.0: USB hub found
May 5 00:05:05 kernel: hub 1-0:1.0: 2 ports detected
May 5 00:05:05 kernel: ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
May 5 00:05:05 kernel: ohci_hcd 0000:00:0b.0: OHCI Host Controller
May 5 00:05:05 kernel: ohci_hcd 0000:00:0b.0: new USB bus registered, assigned bus number 2
May 5 00:05:05 kernel: ohci_hcd 0000:00:0b.0: irq 111, io mem 0x18022000
May 5 00:05:05 kernel: hub 2-0:1.0: USB hub found
May 5 00:05:05 kernel: hub 2-0:1.0: 2 ports detected
May 5 00:05:05 kernel: device fwd1 entered promiscuous mode
May 5 00:05:05 kernel: device vlan1 entered promiscuous mode
May 5 00:05:05 kernel: device eth0 entered promiscuous mode
May 5 00:05:05 kernel: device eth1 entered promiscuous mode
May 5 00:05:05 kernel: br0: topology change detected, propagating
May 5 00:05:05 kernel: br0: port 2(eth1) entering forwarding state
May 5 00:05:05 kernel: br0: port 2(eth1) entering forwarding state
May 5 00:05:05 kernel: br0: topology change detected, propagating
May 5 00:05:05 kernel: br0: port 1(vlan1) entering forwarding state
May 5 00:05:05 kernel: br0: port 1(vlan1) entering forwarding state
May 5 00:05:05 dnsmasq[307]: started, version 2.78 cachesize 1500
May 5 00:05:05 dnsmasq[307]: warning: no upstream servers configured
May 5 00:05:05 dnsmasq[307]: asynchronous logging enabled, queue limit is 5 messages
May 5 00:05:05 dnsmasq-dhcp[307]: DHCP, IP range 192.168.1.2 -- 192.168.1.254, lease time 1d
May 5 00:05:05 dnsmasq[307]: read /etc/hosts - 5 addresses
May 5 00:05:05 kernel: rtk port_phyEnableAll (on) ok
May 5 00:05:05 RT-AC88U: start httpd:80
May 5 00:05:05 crond[314]: crond: crond (busybox 1.17.4) started, log level 8
May 5 00:05:06 syslog: Generating SSL certificate...
May 5 00:05:06 NAT Tunnel: AAE Service is stopped
May 5 00:05:06 AAE: AAE Service is started
May 5 00:05:06 jffs2: valid logs(1)
May 5 00:05:06 hour monitor: daemon is starting
May 5 00:05:06 hour monitor: daemon terminates
May 5 00:05:06 disk monitor: be idle
May 5 00:05:06 Mastiff: init
May 5 00:05:06 lldpd[364]: minimal kernel version required is 2.6.39, got 2.6.36.4brcmarm
May 5 00:05:06 lldpd[364]: lldpd may be unable to detect bonds and bridges correctly
May 5 00:05:06 lldpd[364]: consider recompiling with --enable-oldies option
May 5 00:05:06 lldpd[389]: could not open either /etc/os-release or /usr/lib/os-release
May 5 00:05:06 lldpd[389]: lsb_release information not available
May 5 00:05:06 lldpd[392]: created chroot directory /var/run/lldpd
May 5 00:05:06 lldpd[392]: protocol LLDP enabled
May 5 00:05:06 lldpd[392]: protocol CDPv1 disabled
May 5 00:05:06 lldpd[392]: protocol CDPv2 disabled
May 5 00:05:06 lldpd[392]: protocol SONMP disabled
May 5 00:05:06 lldpd[392]: protocol EDP disabled
May 5 00:05:06 lldpd[392]: protocol FDP disabled
May 5 00:05:06 lldpd[392]: libevent 2.0.21-stable initialized with epoll method
May 5 00:05:06 lldpd[392]: cannot get ethtool link information with GLINKSETTINGS (requires 4.9+): Operation not permitted
May 5 00:05:06 lldpd[392]: cannot get ethtool link information with GSET (requires 2.6.19+): Operation not permitted
May 5 00:05:07 lldpd[389]: unable to get system name
May 5 00:05:07 lldpd[389]: unable to get system name
May 5 00:05:07 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 3
May 5 00:05:07 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 3
May 5 00:05:07 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 3
May 5 00:05:07 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 3
May 5 00:05:07 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 2
May 5 00:05:07 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 2
May 5 00:05:07 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 2
May 5 00:05:07 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 2
May 5 00:05:07 lldpcli[390]: lldpd should resume operations
May 5 00:05:07 kernel: usbcore: registered new interface driver cdc_acm
May 5 00:05:07 kernel: cdc_acm: v0.26:USB Abstract Control Model driver for USB modems and ISDN adapters
May 5 00:05:07 syslog: module ax88179_178a not found in modules.dep
May 5 00:05:07 kernel: usbcore: registered new interface driver asix
May 5 00:05:07 kernel: usbcore: registered new interface driver cdc_ether
May 5 00:05:07 kernel: usbcore: registered new interface driver rndis_host
May 5 00:05:07 kernel: cdc_ncm: 14-Mar-2012
May 5 00:05:07 kernel: usbcore: registered new interface driver cdc_ncm
May 5 00:05:07 kernel: usbcore: registered new interface driver cdc_wdm
May 5 00:05:07 kernel: usbcore: registered new interface driver qmi_wwan
May 5 00:05:07 wan: [wan0_hwaddr] == [60:45:CB:18:AE:C8]
May 5 00:05:07 kernel: cdc_mbim: loaded
May 5 00:05:07 kernel: usbcore: registered new interface driver cdc_mbim
May 5 00:05:07 dnsmasq[307]: read /etc/hosts - 5 addresses
May 5 00:05:08 lldpd[392]: removal request for address of 173.174.116.142%5, but no knowledge of it
May 5 00:05:08 rc_service: udhcpc 445:notify_rc start_firewall
May 5 00:05:08 dnsmasq[307]: read /etc/hosts - 5 addresses
May 5 00:05:08 dnsmasq[307]: using nameserver 209.18.47.63#53 for domain austin.rr.com
May 5 00:05:08 dnsmasq[307]: using nameserver 209.18.47.62#53 for domain austin.rr.com
May 5 00:05:08 dnsmasq[307]: using nameserver 209.18.47.61#53 for domain austin.rr.com
May 5 00:05:08 dnsmasq[307]: using nameserver 209.18.47.63#53
May 5 00:05:08 dnsmasq[307]: using nameserver 209.18.47.62#53
May 5 00:05:08 dnsmasq[307]: using nameserver 209.18.47.61#53
May 5 00:05:08 wan: finish adding multi routes
May 5 00:05:08 rc_service: udhcpc 445:notify_rc stop_upnp
May 5 00:05:08 rc_service: waitting "start_firewall" via udhcpc ...
May 5 00:05:09 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 3
May 5 00:05:09 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 3
May 5 00:05:09 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 3
May 5 00:05:09 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 3
May 5 00:05:09 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 2
May 5 00:05:09 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 2
May 5 00:05:09 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 2
May 5 00:05:09 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 2
May 5 00:05:11 ntp: start NTP update
Jul 22 14:26:20 rc_service: ntp 466:notify_rc restart_diskmon
Jul 22 14:26:20 rc_service: waitting "start_firewall" via udhcpc ...
Jul 22 14:26:22 dnsmasq-dhcp[307]: DHCPDISCOVER(br0) 6c:c2:17:69:78:b5
Jul 22 14:26:22 dnsmasq-dhcp[307]: DHCPOFFER(br0) 192.168.1.99 6c:c2:17:69:78:b5
Jul 22 14:26:22 dnsmasq-dhcp[307]: DHCPDISCOVER(br0) 6c:c2:17:69:78:b5
Jul 22 14:26:22 dnsmasq-dhcp[307]: DHCPOFFER(br0) 192.168.1.99 6c:c2:17:69:78:b5
Jul 22 14:26:22 dnsmasq-dhcp[307]: DHCPREQUEST(br0) 192.168.1.99 6c:c2:17:69:78:b5
Jul 22 14:26:22 dnsmasq-dhcp[307]: DHCPACK(br0) 192.168.1.99 6c:c2:17:69:78:b5 HighwayMan
Jul 22 14:26:23 syslog: module ledtrig-usbdev not found in modules.dep
Jul 22 14:26:23 syslog: module leds-usb not found in modules.dep
Jul 22 14:26:23 kernel: SCSI subsystem initialized
Jul 22 14:26:23 kernel: Initializing USB Mass Storage driver...
Jul 22 14:26:23 kernel: usbcore: registered new interface driver usb-storage
Jul 22 14:26:23 kernel: USB Mass Storage support registered.
Jul 22 14:26:24 kernel: Tuxera FAT 12/16/32 driver version 3015.1.29.6 [Flags: R/W MODULE].
Jul 22 14:26:24 kernel: Built against headers 2.6.36.4brcmarm #1 SMP PREEMPT Mon Dec 7 10:09:21 CST 2015 arm
Jul 22 14:26:24 kernel: Running on kernel 2.6.36.4brcmarm #1 SMP PREEMPT Sun May 27 13:19:36 CST 2018 armv7l
Jul 22 14:26:24 kernel: Tuxera NTFS driver 3015.1.29.16 [Flags: R/W MODULE].
Jul 22 14:26:24 kernel: Tuxera HFS+ driver 3014.7.28
Jul 22 14:26:24 kernel: usbcore: registered new interface driver usblp
Jul 22 14:26:25 nat: apply nat rules (/tmp/nat_rules_eth0_eth0)
Jul 22 14:26:25 kernel: nf_conntrack_rtsp v0.6.21 loading
Jul 22 14:26:25 kernel: nf_nat_rtsp v0.6.21 loading
Jul 22 14:26:26 rc_service: udhcpc 445:notify_rc start_upnp
Jul 22 14:26:26 rc_service: waitting "stop_upnp" via udhcpc ...
Jul 22 14:26:26 disk_monitor: Finish
Jul 22 14:26:27 disk monitor: be idle
Jul 22 14:26:29 kernel: Init chrdev /dev/detector with major 190
Jul 22 14:26:29 kernel: tdts: tcp_conn_max = 8000
Jul 22 14:26:29 kernel: tdts: tcp_conn_timeout = 300 sec
Jul 22 14:26:41 kernel: SHN Release Version: 2.0.1 3529123_patch
Jul 22 14:26:41 kernel: UDB Core Version: 0.2.14 r3529123
Jul 22 14:26:41 kernel: Init chrdev /dev/idpfw with major 191
Jul 22 14:26:41 kernel: IDPfw: IDPfw is ready
Jul 22 14:26:41 kernel: sizeof forward pkt param = 192
Jul 22 14:26:45 rc_service: udhcpc 445:notify_rc start_firewall
Jul 22 14:26:45 nat: apply nat rules (/tmp/nat_rules_eth0_eth0)
Jul 22 14:26:46 dhcp client: bound 173.174.116.142 via 173.174.96.1 during 60856 seconds.
Jul 22 14:27:10 crond[314]: time disparity of 113182 minutes detected
Jul 22 14:27:25 dnsmasq-dhcp[307]: DHCPREQUEST(br0) 192.168.1.72 e0:d5:5e:23:6d:d3
Jul 22 14:27:25 dnsmasq-dhcp[307]: DHCPACK(br0) 192.168.1.72 e0:d5:5e:23:6d:d3 DESKTOP-F11B6L9
Jul 22 14:31:54 dnsmasq-dhcp[307]: DHCPDISCOVER(br0) b4:74:43:ab:52:4b
Jul 22 14:31:54 dnsmasq-dhcp[307]: DHCPOFFER(br0) 192.168.1.217 b4:74:43:ab:52:4b
Jul 22 14:31:54 dnsmasq-dhcp[307]: DHCPDISCOVER(br0) b4:74:43:ab:52:4b
Jul 22 14:31:54 dnsmasq-dhcp[307]: DHCPOFFER(br0) 192.168.1.217 b4:74:43:ab:52:4b
Jul 22 14:31:54 dnsmasq-dhcp[307]: DHCPREQUEST(br0) 192.168.1.217 b4:74:43:ab:52:4b
Jul 22 14:31:54 dnsmasq-dhcp[307]: DHCPACK(br0) 192.168.1.217 b4:74:43:ab:52:4b Galaxy-J7
Jul 22 15:00:27 disk_monitor: Got SIGALRM...
Jul 22 23:00:27 disk_monitor: Got SIGALRM...

Korth
Level 14
Wired networks are immune to wireless network attacks. Always an option if you are concerned about network security and can live without wireless convenience.

Strong passwords are enough to defeat casual intrusion attempts. Especially if they contain extended characters which are "impossible" to type on smartphone keyboards. Most "hackers" are just people with mobile devices who are looking to leech some free wifi, very few indeed will be tech-savvy heavyweights who are able to somehow brute or finesse their way into a secured system.

Another option - not foolproof but fun and a little nasty - is to deter all but the most stubbornly persistent wifi intruders by rudely making their experience with your network into an endlessly unpleasant series of intolerable frustrations. Many DIY parts like this ESP8266 can be used quite deviously, jamming and tangling signals in endless combinations limited only by your cruel imagination. A little bit of a legal grey area in some places (when used outside your home), but the only people who'd ever discover you're employing these defensive/security/privacy strategies would be those who've attempted to bypass them.

https://www.instructables.com/id/DIY-Wifi-Jammer-With-ESP8266-and-Mobile-App/
"All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

[/Korth]

Thanks for the tips. To clarify, the remote hacker is from South Korea and using a VPN or hacked remote IP address from Greece and Italy (multiple IPs). He had (might still have) backdoor access to my router from January of 2018 to July 2018 and I only found out after my third login with Korean language reset (first time in April, second time in May, third time in July when I finally googled the reason and found it to be the worst-case scenario). Before googling after the first language reset, I had assumed my router was resetting to the manufacturer's country when losing power from the PSU because I've been having intermittent ISP connection issues caused by an outside line until June 2018.

After seeing it "resetted" (hacked) to Korean when I finally had a stable internet connection after 3 separate technician visits, that's when I knew it was fishy. I should have googled it sooner and found out sooner, but I haven't been using computers as a whole for the months of January all the way to end of May of this year, working overtime and such. So, it's definitely my fault due to negligence, but also the major fault of the manufacturer for having such a vulnerability in their firmware for such an expensive product. At same time, I did all the precautionary measures, resetting router to factory defaults, special characters in hexadecimal for login, disabling remote access, and using AIProtect which stopped the attacks since 17 July 2018. I'm lucky that they haven't stolen all my personal information as Korean hackers are known to immediately take all your CC information and use it or sell it off (my family is native Koreans and know the hacker culture there).

I have contacted ASUS network support and have not received a response for the past 3 business days and probably won't receive any even though I entered a duplicate support email message for a response. I'm going to wait it out to see if the backdoor is still extant on my firmware despite factory reset, installing latest official firmware (at time I was using the latest Merlin firmware from January or February 2018). I do know they have more updated firmware for Merlin but I'm going to use the official one to find out if I get some suspicious activity and if the AIProtect is going to keep getting hits from the same IP addresses. If so, it's likely that the backdoor might still exist? (my guess)

One other question I would like to ask is wouldn't it be possible to decrypt the bytes from wired network traffic if they already have hijacked the router's main console/firmware? I'm on a wired network with my two computers (main/gaming, secondary/work) and wireless on my smartphone. I do need wireless access and can't really live without it, but I was thinking that if they got remote access to my router, wouldn't the wired connections be compromised as well? I think you answered it, but just wanted to make sure. Thanks again.

Korth
Level 14
Update router firmware (if needed), reset the router, change admin password, block all known "hacker" IPs. It'll kick out any potential compromises/backdoors/etc and it's basically the best you can do to lockout future intrusion attempts. Do a full scan for malware/rootkits/etc and check all your security settings (firewall, etc) on each connected computer if you're worried about Bad Things.

I honestly think it's extremely unlikely that a Korean hacker is trying to hack your machine. It's probably some sort of botnet thing trying to exploit known vulnerabilities in unpatched routers, and probably far less interested in you or your data as in installing some sort of DDoS launcher or torrent archive or coinhive or something.

If it's a real ongoing problem which persists then you can contact your ISP and request they assign you different IPs or block traffic from attacking IPs. Or buy yourself a different router.
"All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

[/Korth]

Korth wrote:
Update router firmware (if needed), reset the router, change admin password, block all known "hacker" IPs. It'll kick out any potential compromises/backdoors/etc and it's basically the best you can do to lockout future intrusion attempts. Do a full scan for malware/rootkits/etc and check all your security settings (firewall, etc) on each connected computer if you're worried about Bad Things.

I honestly think it's extremely unlikely that a Korean hacker is trying to hack your machine. It's probably some sort of botnet thing trying to exploit known vulnerabilities in unpatched routers, and probably far less interested in you or your data as in installing some sort of DDoS launcher or torrent archive or coinhive or something.

If it's a real ongoing problem which persists then you can contact your ISP and request they assign you different IPs or block traffic from attacking IPs. Or buy yourself a different router.


Excellent advice. I've been seeing the same blocked intrusion attempts in my AC88U router logs as well for almost a year now. When the internet connection was restored after it went down for almost 3 weeks due to repairs of faulty conduits in our building, the attacks stopped. I'm still expecting these things to happen again sooner or later, now that the router is online again but I'll take the time to do the steps above for piece of mind.