Page 1 of 2 1 2 LastLast
Results 1 to 10 of 14
  1. #1
    ROG Member Array
    Join Date
    Mar 2018
    Reputation
    10
    Posts
    5

    I Believed my RT-AC88U hacked 3 times... please help...

    Hi Asus Team,

    I believed my RT-AC88U has been hacked 3 times. I am attaching screenshot of latest AI Protection log.
    i am sorry i have trouble uploading syslog.txt as attachment. where i can send syslog.txt?

    after the attack, my ai mesh network/icon is not functioning, 2.4G wifi is gone, 5G is still ok,
    wireless page can't be clicked, wireless log can't be clicked either, adding changes to any config will failed.

    only hard resetting and then unplugged it for awhile will restore my router back to factory default setting.
    i have tried restore/initialize/reboot, all failed.

    description from ai protection indicating that there are "exploit netcore router back door access" and "exploit remote command execution via shell scrypt -2"
    i am not sure what that means... this is all information i can give for now. if you need more please let me know. email : dont post your email publicly - moderator

    also i have submitted feedback page from router, althou i am not sure if it get through or not.
    also in syslog, there is message every 5min or so calling http req to letsencrypt.org, it wasn't like this before the 1st hack.

    I URGENTLY need assistance, the hacker seem constantly attacking/probing...

    ===Martin
    Last edited by lmlim; 04-10-2018 at 02:18 AM.

  2. #2
    ROG Member Array
    Join Date
    Mar 2018
    Reputation
    10
    Posts
    5

    hi team,

    this morning we've been attacked again, at around 2:50am local time. below is snippets of syslog when router is booting. (after it was attacked)
    it was rebooting by itself. and as before, after that aimesh, wifi 2.4g and several pages in admin, all are inaccessible.
    log has "kernel: external imprecise data......." which is unusual.


    updates:
    after, unplug the power for a couple of minutes and plug it back. the router is back to normal.
    no need for hard reset... phew...
    aiprotection shows nothing, at that time.

    updates: 27/03/2018
    there are many hits from aiprotection today, but so far my router is doing ok, i think.
    i have big suspicious on error messages re: letsencrypt.org called by kernel every 5 minutes or so.
    in doing so, router's CPU spiked to 100% for a couple of seconds.
    these errors has been there since the 1st attack, has my router been compromised? there wasn't any errors like this before the 1st attack.



    below is snippets of error log on "letsencrypt.org", i have replace my DNS name to XXXXX.asuscomm.com for privacy.

    .....
    Mar 27 10:55:38 kernel: /usr/sbin/acme-client: https://acme-v01.api.letsencrypt.org...Nk/3977139698: bad response
    Mar 27 10:55:38 kernel: /usr/sbin/acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:connection", "detail": "Fetching http://XXXXXXXXXXX.asuscomm.com/.wel...GZIh_G2uKiG1E: Timeout", "status": 400 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/UhiBnOpDX2_qCE4YVMXuaYenSvIFZeVi_7jN9sbOGNk/3977139698", "token": "Hi2YylcKbIjivb4GTNC4PZekG-ptOkGZIh_G2uKiG1E", "keyAuthorization": "Hi2YylcKbI
    Mar 27 11:00:01 rc_service: service 19773:notify_rc restart_letsencrypt
    Mar 27 11:00:09 kernel: /usr/sbin/acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad HTTP: 429
    Mar 27 11:00:09 kernel: /usr/sbin/acme-client: transfer buffer: [{ "type": "urn:acme:error:rateLimited", "detail": "Error creating new authz :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/", "status": 429 }] (189 bytes)
    Mar 27 11:03:51 lldpd[450]: unable to send packet on real device for wds1.3: No such device or address
    ....



    also my aimesh node is just 1 rt-ac68u. firmware has been updated to 3.0.0.4.384_20624-g14d2f02
    main router rt-ac88u firmware is 3.0.0.4.384_20379-gc0714df

    ===martin


    ...
    Feb 14 07:00:21 syslogd started: BusyBox v1.17.4
    Feb 14 07:00:21 kernel: klogd started: BusyBox v1.17.4 (2018-02-07 19:40:02 CST)
    Feb 14 07:00:21 kernel: PCI: Fixing up bus 0
    Feb 14 07:00:21 kernel: PCI: Fixing up bus 0
    Feb 14 07:00:21 kernel: PCI: Fixing up bus 1
    Feb 14 07:00:21 kernel: PCI: Fixing up bus 0
    Feb 14 07:00:21 kernel: PCI: Fixing up bus 1
    Feb 14 07:00:21 kernel: VFS: Disk quotas dquot_6.5.2
    Feb 14 07:00:21 kernel: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
    Feb 14 07:00:21 kernel: pflash: found no supported devices
    Feb 14 07:00:21 kernel: bcmsflash: found no supported devices
    Feb 14 07:00:21 kernel: Boot partition size = 524288(0x80000)
    Feb 14 07:00:21 kernel: lookup_nflash_rootfs_offset: offset = 0x200000
    Feb 14 07:00:21 kernel: nflash: squash filesystem with lzma found at block 29
    Feb 14 07:00:21 kernel: Creating 4 MTD partitions on "nflash":
    Feb 14 07:00:21 kernel: 0x000000000000-0x000000080000 : "boot"
    Feb 14 07:00:21 kernel: 0x000000080000-0x000000200000 : "nvram"
    Feb 14 07:00:21 kernel: 0x000000200000-0x000004000000 : "linux"
    Feb 14 07:00:21 kernel: 0x0000003bfed0-0x000004000000 : "rootfs"
    Feb 14 07:00:21 kernel: === PPTP init ===
    Feb 14 07:00:22 kernel: Registering the dns_resolver key type
    Feb 14 07:00:22 kernel: Spare area=64 eccbytes 56, ecc bytes located at:
    Feb 14 07:00:22 kernel: 2 3 4 5 6 7 8 9 10 11 12 13 14 15 18 19 20 21 22 23 24 25 26 27 28 29 30 31 34 35 36 37 38 39 40 41 42 43 44 45 46 47 50 51 52 53 54 55 56 57 58 59 60 61 62 63
    Feb 14 07:00:22 kernel: Available 7 bytes at (off,len):
    Feb 14 07:00:22 kernel: (1,1) (16,2) (32,2) (48,2) (0,0) (0,0) (0,0) (0,0)
    Feb 14 07:00:22 kernel: Options: NO_AUTOINCR,NO_READRDY,
    Feb 14 07:00:22 kernel: Creating 1 MTD partitions on "brcmnand":
    Feb 14 07:00:22 kernel: 0x000004000000-0x000008000000 : "brcmnand"
    Feb 14 07:00:22 kernel: VFS: Mounted root (squashfs filesystem) readonly on device 31:3.
    Feb 14 07:00:22 kernel: rtl8365mb: module license 'Proprietary' taints kernel.
    Feb 14 07:00:22 kernel: Disabling lock debugging due to kernel taint
    Feb 14 07:00:22 kernel: rtl8365mbrtl8365mb initialized(0)(retry:1)
    Feb 14 07:00:22 kernel: rtk port_phyEnableAll ok
    Feb 14 07:00:22 kernel: register rtl8365mb done (link down at first)
    Feb 14 07:00:22 kernel: et_module_init: passivemode set to 0x0
    Feb 14 07:00:22 kernel: et_module_init: txworkq set to 0x0
    Feb 14 07:00:22 kernel: et_module_init: et_txq_thresh set to 0xce4
    Feb 14 07:00:22 kernel: et_module_init: et_rxlazy_timeout set to 0x3e8
    Feb 14 07:00:22 kernel: et_module_init: et_rxlazy_framecnt set to 0x20
    Feb 14 07:00:22 kernel: et_module_init: et_rxlazy_dyn_thresh set to 0
    Feb 14 07:00:22 kernel: ERROR fwder_init: fwd_cpumap nvram not present, using default
    Feb 14 07:00:22 kernel: eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 7.14.164.303 (r666427)
    Feb 14 07:00:22 kernel: dpsta_init: msglevel set to 0x1
    Feb 14 07:00:22 kernel: dpsta_init: fail to get ifnames!
    Feb 14 07:00:22 nat: apply redirect rules
    Feb 14 07:00:22 kernel: PCI_PROBE: bus 1, slot 0,vendor 14E4, device 4365(good PCI location)
    Feb 14 07:00:22 kernel: PCI: Enabling device 0001:01:00.0 (0140 -> 0142)
    Feb 14 07:00:22 kernel: dhd_attach(): thread:dhd_watchdog_thread:7a started
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x803211a0 lr=0x7f095360 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x803211ac lr=0x7f0953a0 ignored.
    Feb 14 07:00:22 kernel: dhd_detach(): thread:dhd_watchdog_thread:7a terminated OK
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x803211a0 lr=0x7f09cab4 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x803211a0 lr=0x7f09d9a0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x803211ac lr=0x7f09bf50 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x803211ac lr=0x7f09c9e4 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fea4 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
    Feb 14 07:00:22 kernel: PCI_PROBE: bus 1, slot 0,vendor 14E4, device 4365(good PCI location)
    Feb 14 07:00:22 kernel: PCI: Enabling device 0002:01:00.0 (0140 -> 0142)
    Feb 14 07:00:22 kernel: dhd_attach(): thread:dhd_watchdog_thread:7e started
    Feb 14 07:00:22 kernel: Dongle Host Driver, version 1.363.2 (r665954)
    Feb 14 07:00:22 kernel: Compiled in drivers/net/wireless/bcmdhd on Feb 7 2018 at 19:46:10
    Feb 14 07:00:22 kernel: Register interface [eth2] MAC: 38:d5:47:bc:13:3c
    Feb 14 07:00:22 kernel: xhci_hcd 0000:00:0c.0: Failed to enable MSI-X
    Feb 14 07:00:22 kernel: xhci_hcd 0000:00:0c.0: failed to allocate MSI entry
    Feb 14 07:00:22 kernel: usb usb1: No SuperSpeed endpoint companion for config 1 interface 0 altsetting 0 ep 129: using minimum values
    Feb 14 07:00:23 dnsmasq[335]: warning: no upstream servers configured
    Feb 14 07:00:23 kernel: rtk port_phyEnableAll (on) ok
    Feb 14 07:00:24 RT-AC88U: start httpd
    Feb 14 07:00:24 syslog: Generating SSL certificate...
    Feb 14 07:00:24 NAT Tunnel: AAE Service is stopped
    Feb 14 07:00:24 disk monitor: be idle
    Feb 14 07:00:24 AAE: AAE Service is started
    Feb 14 07:00:24 jffs2: valid logs(1)
    Feb 14 07:00:24 hour monitor: daemon is starting
    Feb 14 07:00:24 Mastiff: exit.
    Feb 14 07:00:25 lldpd[424]: cannot get ethtool link information with GSET (requires 2.6.19+): Operation not permitted
    Feb 14 07:00:27 wan: [wan0_hwaddr] == [385:47:BC:13:38]
    Feb 14 07:00:27 WAN Connection: ISP's DHCP did not function properly.
    Feb 14 07:00:27 wan: [deconfig] udhcpc done[286]
    Feb 14 07:00:27 rc_service: udhcpc 442:notify_rc start_firewall
    Feb 14 07:00:27 wan: finish adding multi routes
    Feb 14 07:00:27 rc_service: udhcpc 442:notify_rc stop_upnp
    Feb 14 07:00:27 rc_service: waitting "start_firewall" via udhcpc ...
    Feb 14 07:00:30 syslog: module ledtrig-usbdev not found in modules.dep
    Feb 14 07:00:30 syslog: module leds-usb not found in modules.dep
    Feb 14 07:00:30 kernel: SCSI subsystem initialized
    Feb 14 07:00:32 nat: apply nat rules (/tmp/nat_rules_eth0_eth0)
    Feb 14 07:00:32 kernel: nf_conntrack_rtsp v0.6.21 loading
    Feb 14 07:00:32 kernel: nf_nat_rtsp v0.6.21 loading
    Feb 14 07:00:33 WAN Connection: WAN was restored.
    Feb 14 07:00:33 rc_service: udhcpc 442:notify_rc start_upnp
    Feb 14 07:00:33 rc_service: waitting "stop_upnp" via udhcpc ...
    Feb 14 07:00:33 ntp: start NTP update
    Mar 26 02:54:15 rc_service: ntp 459:notify_rc restart_upnp
    ....
    Last edited by lmlim; 03-27-2018 at 04:06 AM.

  3. #3
    ROG Guru: White Belt Array MarshallR PC Specs
    MarshallR PC Specs
    MotherboardR5E10
    Processori7-5960X @ 3.95
    Memory (part number)HyperX 3300CL16 16GB
    Graphics Card #1Strix 1080 Ti OC
    Sound CardSupremeFX
    MonitorASUS PA328Q
    Storage #1SM951 NVMe (OS)
    Storage #2SM941 ACHI (Splash) / 8TB WD Red (Data) / 1TB Samsung 950 Pro (Games Store)
    CPU CoolerNZXT Kraken x62
    CaseCorsair 900D
    Power SupplySeasonic PD750W
    Keyboard G.Skill KM560 (MX Red)
    Mouse ROG Gladius (Gen1) & Sica (Gen1)
    Headset/Speakers Creative T20
    OS Win 10
    Network RouterRT-N16U (120M/10M)
    Accessory #1 2 meters RGB bling
    Accessory #2 iPhone 8Plus + AirPods
    MarshallR's Avatar
    Join Date
    Mar 2018
    Reputation
    18
    Posts
    75

    Hi, sorry it's taken a few days for a reply here.

    Yes you were attacked but the router blocked the attack. It's like someone knocking at your door but your router didn't open the door. Without AIProtect and Two-way IPS your router would have been hacked. You have two-way IPS enabled already in the router settings so this is OK. Possibly you could contact your ISP to ask how to change your IP address, otherwise don't worry- the router is doing it's job.

    Regarding the system bug, we will have a new firmware released by the end of April fixing this issue. It's not a concern, it just generates an error in the log.

  4. #4
    ROG Member Array
    Join Date
    Mar 2018
    Reputation
    10
    Posts
    5

    Hi MarshallR,

    thanks for replying...
    I have sent you PM.

    ===Martin

  5. #5
    ROG Junior Member Array
    Join Date
    Dec 2017
    Reputation
    10
    Posts
    4

    Quote Originally Posted by MarshallR View Post
    Hi, sorry it's taken a few days for a reply here.

    Yes you were attacked but the router blocked the attack. It's like someone knocking at your door but your router didn't open the door. Without AIProtect and Two-way IPS your router would have been hacked. You have two-way IPS enabled already in the router settings so this is OK. Possibly you could contact your ISP to ask how to change your IP address, otherwise don't worry- the router is doing it's job.

    Regarding the system bug, we will have a new firmware released by the end of April fixing this issue. It's not a concern, it just generates an error in the log.
    I'm having the same issue. My router login was changed to Korean multiple times from January to July. I recently was able to find that it wasn't a "factory reset" but rather someone hacking into it a few weeks ago. I don't think they've managed to steal my CC info, but they have been long been removed back in March 2018. I have factory reset the router back in July 16ish and made a hexadecimal password for the router login and have started using LastPass for even more preventative measures. I've disabled remote login and only login from direct router connection.

    Posted below my sys log. It resets to May 5 as someone has said that is because of a disconnection or power supply issue of the router. ISP states it is my modem and I have a second modem to troubleshoot that issue for it. If it is power supply issue, my warranty should still be good for the router.
    Last edited by NovaTitan; 07-27-2018 at 04:13 AM.

  6. #6
    ROG Junior Member Array
    Join Date
    Dec 2017
    Reputation
    10
    Posts
    4

    May 5 00:05:04 kernel: PCI: bus1: Fast back to back transfers disabled
    May 5 00:05:04 kernel: pci 0001:00:00.0: BAR 8: assigned [mem 0x08000000-0x08bfffff]
    May 5 00:05:04 kernel: pci 0001:00:00.0: BAR 9: assigned [mem 0x08c00000-0x08cfffff 64bit pref]
    May 5 00:05:04 kernel: pci 0001:01:00.0: BAR 2: assigned [mem 0x08000000-0x087fffff 64bit]
    May 5 00:05:04 kernel: pci 0001:01:00.0: BAR 2: set to [mem 0x08000000-0x087fffff 64bit] (PCI address [0x8000000-0x87fffff]
    May 5 00:05:04 kernel: pci 0001:01:00.0: BAR 4: assigned [mem 0x08c00000-0x08cfffff 64bit pref]
    May 5 00:05:04 kernel: pci 0001:01:00.0: BAR 4: set to [mem 0x08c00000-0x08cfffff 64bit pref] (PCI address [0x8c00000-0x8cfffff]
    May 5 00:05:04 kernel: pci 0001:01:00.0: BAR 0: assigned [mem 0x08800000-0x08807fff 64bit]
    May 5 00:05:04 kernel: pci 0001:01:00.0: BAR 0: set to [mem 0x08800000-0x08807fff 64bit] (PCI address [0x8800000-0x8807fff]
    May 5 00:05:04 kernel: pci 0001:00:00.0: PCI bridge to [bus 01-01]
    May 5 00:05:04 kernel: pci 0001:00:00.0: bridge window [io disabled]
    May 5 00:05:04 kernel: pci 0001:00:00.0: bridge window [mem 0x08000000-0x08bfffff]
    May 5 00:05:04 kernel: pci 0001:00:00.0: bridge window [mem 0x08c00000-0x08cfffff 64bit pref]
    May 5 00:05:04 kernel: PCIE2 link=1
    May 5 00:05:04 kernel: PCIE2 switching to GEN2
    May 5 00:05:04 kernel: PCIE2 link=1
    May 5 00:05:04 kernel: PCI: Fixing up bus 0
    May 5 00:05:04 kernel: PCI: bus0: Fast back to back transfers disabled
    May 5 00:05:04 kernel: PCI: Fixing up bus 1
    May 5 00:05:04 kernel: PCI: bus1: Fast back to back transfers disabled
    May 5 00:05:04 kernel: pci 0002:00:00.0: BAR 8: assigned [mem 0x20000000-0x20bfffff]
    May 5 00:05:04 kernel: pci 0002:00:00.0: BAR 9: assigned [mem 0x20c00000-0x20cfffff 64bit pref]
    May 5 00:05:04 kernel: pci 0002:01:00.0: BAR 2: assigned [mem 0x20000000-0x207fffff 64bit]
    May 5 00:05:04 kernel: pci 0002:01:00.0: BAR 2: set to [mem 0x20000000-0x207fffff 64bit] (PCI address [0x20000000-0x207fffff]
    May 5 00:05:04 kernel: pci 0002:01:00.0: BAR 4: assigned [mem 0x20c00000-0x20cfffff 64bit pref]
    May 5 00:05:04 kernel: pci 0002:01:00.0: BAR 4: set to [mem 0x20c00000-0x20cfffff 64bit pref] (PCI address [0x20c00000-0x20cfffff]
    May 5 00:05:04 kernel: pci 0002:01:00.0: BAR 0: assigned [mem 0x20800000-0x20807fff 64bit]
    May 5 00:05:04 kernel: pci 0002:01:00.0: BAR 0: set to [mem 0x20800000-0x20807fff 64bit] (PCI address [0x20800000-0x20807fff]
    May 5 00:05:04 kernel: pci 0002:00:00.0: PCI bridge to [bus 01-01]
    May 5 00:05:04 kernel: pci 0002:00:00.0: bridge window [io disabled]
    May 5 00:05:04 kernel: pci 0002:00:00.0: bridge window [mem 0x20000000-0x20bfffff]
    May 5 00:05:04 kernel: pci 0002:00:00.0: bridge window [mem 0x20c00000-0x20cfffff 64bit pref]
    May 5 00:05:04 nat: apply redirect rules
    May 5 00:05:04 kernel: PCIE3 link=0
    May 5 00:05:04 kernel: VFS: Disk quotas dquot_6.5.2
    May 5 00:05:04 kernel: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
    May 5 00:05:04 kernel: squashfs: version 4.0 (2009/01/31) Phillip Lougher
    May 5 00:05:04 kernel: fuse init (API version 7.15)
    May 5 00:05:04 kernel: msgmni has been set to 1005
    May 5 00:05:04 kernel: io scheduler noop registered (default)
    May 5 00:05:04 kernel: io scheduler deadline registered
    May 5 00:05:04 kernel: io scheduler cfq registered
    May 5 00:05:04 kernel: Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled
    May 5 00:05:04 kernel: serial8250.0: ttyS0 at MMIO 0x18000300 (irq = 117) is a 16550
    May 5 00:05:04 kernel: console [ttyS0] enabled, bootconsole disabled
    May 5 00:05:04 kernel: serial8250.0: ttyS1 at MMIO 0x18000400 (irq = 117) is a 16550
    May 5 00:05:04 kernel: brd: module loaded
    May 5 00:05:04 kernel: loop: module loaded
    May 5 00:05:04 kernel: pflash: found no supported devices
    May 5 00:05:04 kernel: bcmsflash: found no supported devices
    May 5 00:05:04 kernel: Boot partition size = 524288(0x80000)
    May 5 00:05:04 kernel: lookup_nflash_rootfs_offset: offset = 0x200000
    May 5 00:05:04 kernel: nflash: squash filesystem with lzma found at block 29
    May 5 00:05:04 kernel: Creating 4 MTD partitions on "nflash":
    May 5 00:05:04 kernel: 0x000000000000-0x000000080000 : "boot"
    May 5 00:05:04 kernel: 0x000000080000-0x000000200000 : "nvram"
    May 5 00:05:04 kernel: 0x000000200000-0x000004000000 : "linux"
    May 5 00:05:04 kernel: 0x0000003bfe4c-0x000004000000 : "rootfs"
    May 5 00:05:04 kernel: PPP generic driver version 2.4.2
    May 5 00:05:04 kernel: PPP MPPE Compression module registered
    May 5 00:05:04 kernel: NET: Registered protocol family 24
    May 5 00:05:04 kernel: PPTP driver version 0.8.5
    May 5 00:05:04 kernel: === PPTP init ===
    May 5 00:05:04 kernel: u32 classifier
    May 5 00:05:04 kernel: Performance counters on
    May 5 00:05:04 kernel: Actions configured
    May 5 00:05:04 kernel: Netfilter messages via NETLINK v0.30.
    May 5 00:05:04 kernel: nf_conntrack version 0.5.0 (8045 buckets, 32180 max)
    May 5 00:05:04 kernel: ctnetlink v0.93: registering with nfnetlink.
    May 5 00:05:04 kernel: xt_time: kernel timezone is -0000
    May 5 00:05:04 kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
    May 5 00:05:04 kernel: TCP cubic registered
    May 5 00:05:04 kernel: NET: Registered protocol family 10
    May 5 00:05:04 kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team
    May 5 00:05:04 kernel: NET: Registered protocol family 17
    May 5 00:05:04 kernel: NET: Registered protocol family 15
    May 5 00:05:04 kernel: L2TP core driver, V2.0
    May 5 00:05:04 kernel: PPPoL2TP kernel driver, V2.0
    May 5 00:05:04 kernel: 802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
    May 5 00:05:04 kernel: All bugs added by David S. Miller <davem@redhat.com>
    May 5 00:05:04 kernel: Registering the dns_resolver key type
    May 5 00:05:04 kernel: Northstar brcmnand NAND Flash Controller driver, Version 0.1 (c) Broadcom Inc. 2012
    May 5 00:05:04 kernel: NAND device: Manufacturer ID: 0xc8, Chip ID: 0xd1 (Unknown NAND 128MiB 3,3V 8-bit)
    May 5 00:05:04 kernel: Spare area=64 eccbytes 56, ecc bytes located at:
    May 5 00:05:04 kernel: 2 3 4 5 6 7 8 9 10 11 12 13 14 15 18 19 20 21 22 23 24 25 26 27 28 29 30 31 34 35 36 37 38 39 40 41 42 43 44 45 46 47 50 51 52 53 54 55 56 57 58 59 60 61 62 63
    May 5 00:05:04 kernel: Available 7 bytes at (off,len):
    May 5 00:05:04 kernel: (1,1) (16,2) (32,2) (48,2) (0,0) (0,0) (0,0) (0,0)
    May 5 00:05:04 kernel: Scanning device for bad blocks
    May 5 00:05:04 kernel: Options: NO_AUTOINCR,NO_READRDY,
    May 5 00:05:05 kernel: Creating 1 MTD partitions on "brcmnand":
    May 5 00:05:05 kernel: 0x000004000000-0x000008000000 : "brcmnand"
    May 5 00:05:05 kernel: VFS: Mounted root (squashfs filesystem) readonly on device 31:3.
    May 5 00:05:05 kernel: devtmpfs: mounted
    May 5 00:05:05 kernel: Freeing init memory: 288K
    May 5 00:05:05 kernel: rtl8365mb: module license 'Proprietary' taints kernel.
    May 5 00:05:05 kernel: Disabling lock debugging due to kernel taint
    May 5 00:05:05 kernel: rtl8365mbrtl8365mb initialized(0)(retry:1)
    May 5 00:05:05 kernel: rtk port_phyEnableAll ok
    May 5 00:05:05 kernel: register rtl8365mb done (link down at first)
    May 5 00:05:05 kernel: et_module_init: passivemode set to 0x0
    May 5 00:05:05 kernel: et_module_init: txworkq set to 0x0
    May 5 00:05:05 kernel: et_module_init: et_txq_thresh set to 0xce4
    May 5 00:05:05 kernel: et_module_init: et_rxlazy_timeout set to 0x3e8
    May 5 00:05:05 kernel: et_module_init: et_rxlazy_framecnt set to 0x20
    May 5 00:05:05 kernel: et_module_init: et_rxlazy_dyn_thresh set to 0
    May 5 00:05:05 kernel: et0: bhdr_sz 0 bhdr_roff 0
    May 5 00:05:05 kernel: fwd0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 7.14.164.303 (r666427)
    May 5 00:05:05 kernel: et1: bhdr_sz 0 bhdr_roff 0
    May 5 00:05:05 kernel: fwd1: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 7.14.164.303 (r666427)
    May 5 00:05:05 kernel: agg_attach: bhdr_enable 1
    May 5 00:05:05 kernel: et2: bhdr_sz 4 bhdr_roff 12
    May 5 00:05:05 kernel: et2: vlan1map 0xaf
    May 5 00:05:05 kernel: et2: vlan2map 0x10
    May 5 00:05:05 kernel: eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 7.14.164.303 (r666427)
    May 5 00:05:05 kernel: dpsta_init: msglevel set to 0x1
    May 5 00:05:05 kernel: PCI_PROBE: bus 1, slot 0,vendor 14E4, device 4365(good PCI location)
    May 5 00:05:05 kernel: PCI: Enabling device 0001:01:00.0 (0140 -> 0142)
    May 5 00:05:05 kernel: dhd_attach(): thread:dhd_watchdog_thread:80 started
    May 5 00:05:05 kernel: Dongle Host Driver, version 1.363.2 (r665954)
    May 5 00:05:05 kernel: Compiled in drivers/net/wireless/bcmdhd on May 27 2018 at 13:21:02
    May 5 00:05:05 kernel: Register interface [eth1] MAC: 60:45:cb:18:ae:c8
    May 5 00:05:05 kernel: PCI_PROBE: bus 1, slot 0,vendor 14E4, device 4365(good PCI location)
    May 5 00:05:05 kernel: PCI: Enabling device 0002:01:00.0 (0140 -> 0142)
    May 5 00:05:05 kernel: dhd_attach(): thread:dhd_watchdog_thread:84 started
    May 5 00:05:05 kernel: Dongle Host Driver, version 1.363.2 (r665954)
    May 5 00:05:05 kernel: Compiled in drivers/net/wireless/bcmdhd on May 27 2018 at 13:21:02
    May 5 00:05:05 kernel: Register interface [eth2] MAC: 60:45:cb:18:ae:cc
    May 5 00:05:05 kernel: JFFS2 version 2.2. (NAND) © 2001-2006 Red Hat, Inc.
    May 5 00:05:05 kernel: usbcore: registered new interface driver usbfs
    May 5 00:05:05 kernel: usbcore: registered new interface driver hub
    May 5 00:05:05 kernel: usbcore: registered new device driver usb
    May 5 00:05:05 kernel: ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
    May 5 00:05:05 kernel: ehci_hcd 0000:00:0b.1: EHCI Host Controller
    May 5 00:05:05 kernel: ehci_hcd 0000:00:0b.1: new USB bus registered, assigned bus number 1
    May 5 00:05:05 kernel: ehci_hcd 0000:00:0b.1: irq 111, io mem 0x18021000
    May 5 00:05:05 kernel: ehci_hcd 0000:00:0b.1: USB 0.0 started, EHCI 1.00
    May 5 00:05:05 kernel: hub 1-0:1.0: USB hub found
    May 5 00:05:05 kernel: hub 1-0:1.0: 2 ports detected
    May 5 00:05:05 kernel: ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
    May 5 00:05:05 kernel: ohci_hcd 0000:00:0b.0: OHCI Host Controller
    May 5 00:05:05 kernel: ohci_hcd 0000:00:0b.0: new USB bus registered, assigned bus number 2
    May 5 00:05:05 kernel: ohci_hcd 0000:00:0b.0: irq 111, io mem 0x18022000
    May 5 00:05:05 kernel: hub 2-0:1.0: USB hub found
    May 5 00:05:05 kernel: hub 2-0:1.0: 2 ports detected
    May 5 00:05:05 kernel: device fwd1 entered promiscuous mode
    May 5 00:05:05 kernel: device vlan1 entered promiscuous mode
    May 5 00:05:05 kernel: device eth0 entered promiscuous mode
    May 5 00:05:05 kernel: device eth1 entered promiscuous mode
    May 5 00:05:05 kernel: br0: topology change detected, propagating
    May 5 00:05:05 kernel: br0: port 2(eth1) entering forwarding state
    May 5 00:05:05 kernel: br0: port 2(eth1) entering forwarding state
    May 5 00:05:05 kernel: br0: topology change detected, propagating
    May 5 00:05:05 kernel: br0: port 1(vlan1) entering forwarding state
    May 5 00:05:05 kernel: br0: port 1(vlan1) entering forwarding state
    May 5 00:05:05 dnsmasq[307]: started, version 2.78 cachesize 1500
    May 5 00:05:05 dnsmasq[307]: warning: no upstream servers configured
    May 5 00:05:05 dnsmasq[307]: asynchronous logging enabled, queue limit is 5 messages
    May 5 00:05:05 dnsmasq-dhcp[307]: DHCP, IP range 192.168.1.2 -- 192.168.1.254, lease time 1d
    May 5 00:05:05 dnsmasq[307]: read /etc/hosts - 5 addresses
    May 5 00:05:05 kernel: rtk port_phyEnableAll (on) ok
    May 5 00:05:05 RT-AC88U: start httpd:80
    May 5 00:05:05 crond[314]: crond: crond (busybox 1.17.4) started, log level 8
    May 5 00:05:06 syslog: Generating SSL certificate...
    May 5 00:05:06 NAT Tunnel: AAE Service is stopped
    May 5 00:05:06 AAE: AAE Service is started
    May 5 00:05:06 jffs2: valid logs(1)
    May 5 00:05:06 hour monitor: daemon is starting
    May 5 00:05:06 hour monitor: daemon terminates
    May 5 00:05:06 disk monitor: be idle
    May 5 00:05:06 Mastiff: init
    May 5 00:05:06 lldpd[364]: minimal kernel version required is 2.6.39, got 2.6.36.4brcmarm
    May 5 00:05:06 lldpd[364]: lldpd may be unable to detect bonds and bridges correctly
    May 5 00:05:06 lldpd[364]: consider recompiling with --enable-oldies option
    May 5 00:05:06 lldpd[389]: could not open either /etc/os-release or /usr/lib/os-release
    May 5 00:05:06 lldpd[389]: lsb_release information not available
    May 5 00:05:06 lldpd[392]: created chroot directory /var/run/lldpd
    May 5 00:05:06 lldpd[392]: protocol LLDP enabled
    May 5 00:05:06 lldpd[392]: protocol CDPv1 disabled
    May 5 00:05:06 lldpd[392]: protocol CDPv2 disabled
    May 5 00:05:06 lldpd[392]: protocol SONMP disabled
    May 5 00:05:06 lldpd[392]: protocol EDP disabled
    May 5 00:05:06 lldpd[392]: protocol FDP disabled
    May 5 00:05:06 lldpd[392]: libevent 2.0.21-stable initialized with epoll method
    May 5 00:05:06 lldpd[392]: cannot get ethtool link information with GLINKSETTINGS (requires 4.9+): Operation not permitted
    May 5 00:05:06 lldpd[392]: cannot get ethtool link information with GSET (requires 2.6.19+): Operation not permitted
    May 5 00:05:07 lldpd[389]: unable to get system name
    May 5 00:05:07 lldpd[389]: unable to get system name
    May 5 00:05:07 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 3
    May 5 00:05:07 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 3
    May 5 00:05:07 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 3
    May 5 00:05:07 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 3
    May 5 00:05:07 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 2
    May 5 00:05:07 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 2
    May 5 00:05:07 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 2
    May 5 00:05:07 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 2
    May 5 00:05:07 lldpcli[390]: lldpd should resume operations
    May 5 00:05:07 kernel: usbcore: registered new interface driver cdc_acm
    May 5 00:05:07 kernel: cdc_acm: v0.26:USB Abstract Control Model driver for USB modems and ISDN adapters
    May 5 00:05:07 syslog: module ax88179_178a not found in modules.dep
    May 5 00:05:07 kernel: usbcore: registered new interface driver asix
    May 5 00:05:07 kernel: usbcore: registered new interface driver cdc_ether
    May 5 00:05:07 kernel: usbcore: registered new interface driver rndis_host
    May 5 00:05:07 kernel: cdc_ncm: 14-Mar-2012
    May 5 00:05:07 kernel: usbcore: registered new interface driver cdc_ncm
    May 5 00:05:07 kernel: usbcore: registered new interface driver cdc_wdm
    May 5 00:05:07 kernel: usbcore: registered new interface driver qmi_wwan
    May 5 00:05:07 wan: [wan0_hwaddr] == [60:45:CB:18:AE:C8]
    May 5 00:05:07 kernel: cdc_mbim: loaded
    May 5 00:05:07 kernel: usbcore: registered new interface driver cdc_mbim
    May 5 00:05:07 dnsmasq[307]: read /etc/hosts - 5 addresses
    May 5 00:05:08 lldpd[392]: removal request for address of 173.174.116.142%5, but no knowledge of it
    May 5 00:05:08 rc_service: udhcpc 445:notify_rc start_firewall
    May 5 00:05:08 dnsmasq[307]: read /etc/hosts - 5 addresses
    May 5 00:05:08 dnsmasq[307]: using nameserver 209.18.47.63#53 for domain austin.rr.com
    May 5 00:05:08 dnsmasq[307]: using nameserver 209.18.47.62#53 for domain austin.rr.com
    May 5 00:05:08 dnsmasq[307]: using nameserver 209.18.47.61#53 for domain austin.rr.com
    May 5 00:05:08 dnsmasq[307]: using nameserver 209.18.47.63#53
    May 5 00:05:08 dnsmasq[307]: using nameserver 209.18.47.62#53
    May 5 00:05:08 dnsmasq[307]: using nameserver 209.18.47.61#53
    May 5 00:05:08 wan: finish adding multi routes
    May 5 00:05:08 rc_service: udhcpc 445:notify_rc stop_upnp
    May 5 00:05:08 rc_service: waitting "start_firewall" via udhcpc ...
    May 5 00:05:09 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 3
    May 5 00:05:09 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 3
    May 5 00:05:09 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 3
    May 5 00:05:09 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 3
    May 5 00:05:09 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 2
    May 5 00:05:09 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 2
    May 5 00:05:09 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 2
    May 5 00:05:09 lldpd[392]: custom TLV op replace oui f8:32:e4 subtype 2
    May 5 00:05:11 ntp: start NTP update
    Jul 22 14:26:20 rc_service: ntp 466:notify_rc restart_diskmon
    Jul 22 14:26:20 rc_service: waitting "start_firewall" via udhcpc ...
    Jul 22 14:26:22 dnsmasq-dhcp[307]: DHCPDISCOVER(br0) 6c:c2:17:69:78:b5
    Jul 22 14:26:22 dnsmasq-dhcp[307]: DHCPOFFER(br0) 192.168.1.99 6c:c2:17:69:78:b5
    Jul 22 14:26:22 dnsmasq-dhcp[307]: DHCPDISCOVER(br0) 6c:c2:17:69:78:b5
    Jul 22 14:26:22 dnsmasq-dhcp[307]: DHCPOFFER(br0) 192.168.1.99 6c:c2:17:69:78:b5
    Jul 22 14:26:22 dnsmasq-dhcp[307]: DHCPREQUEST(br0) 192.168.1.99 6c:c2:17:69:78:b5
    Jul 22 14:26:22 dnsmasq-dhcp[307]: DHCPACK(br0) 192.168.1.99 6c:c2:17:69:78:b5 HighwayMan
    Jul 22 14:26:23 syslog: module ledtrig-usbdev not found in modules.dep
    Jul 22 14:26:23 syslog: module leds-usb not found in modules.dep
    Jul 22 14:26:23 kernel: SCSI subsystem initialized
    Jul 22 14:26:23 kernel: Initializing USB Mass Storage driver...
    Jul 22 14:26:23 kernel: usbcore: registered new interface driver usb-storage
    Jul 22 14:26:23 kernel: USB Mass Storage support registered.
    Jul 22 14:26:24 kernel: Tuxera FAT 12/16/32 driver version 3015.1.29.6 [Flags: R/W MODULE].
    Jul 22 14:26:24 kernel: Built against headers 2.6.36.4brcmarm #1 SMP PREEMPT Mon Dec 7 10:09:21 CST 2015 arm
    Jul 22 14:26:24 kernel: Running on kernel 2.6.36.4brcmarm #1 SMP PREEMPT Sun May 27 13:19:36 CST 2018 armv7l
    Jul 22 14:26:24 kernel: Tuxera NTFS driver 3015.1.29.16 [Flags: R/W MODULE].
    Jul 22 14:26:24 kernel: Tuxera HFS+ driver 3014.7.28
    Jul 22 14:26:24 kernel: usbcore: registered new interface driver usblp
    Jul 22 14:26:25 nat: apply nat rules (/tmp/nat_rules_eth0_eth0)
    Jul 22 14:26:25 kernel: nf_conntrack_rtsp v0.6.21 loading
    Jul 22 14:26:25 kernel: nf_nat_rtsp v0.6.21 loading
    Jul 22 14:26:26 rc_service: udhcpc 445:notify_rc start_upnp
    Jul 22 14:26:26 rc_service: waitting "stop_upnp" via udhcpc ...
    Jul 22 14:26:26 disk_monitor: Finish
    Jul 22 14:26:27 disk monitor: be idle
    Jul 22 14:26:29 kernel: Init chrdev /dev/detector with major 190
    Jul 22 14:26:29 kernel: tdts: tcp_conn_max = 8000
    Jul 22 14:26:29 kernel: tdts: tcp_conn_timeout = 300 sec
    Jul 22 14:26:41 kernel: SHN Release Version: 2.0.1 3529123_patch
    Jul 22 14:26:41 kernel: UDB Core Version: 0.2.14 r3529123
    Jul 22 14:26:41 kernel: Init chrdev /dev/idpfw with major 191
    Jul 22 14:26:41 kernel: IDPfw: IDPfw is ready
    Jul 22 14:26:41 kernel: sizeof forward pkt param = 192
    Jul 22 14:26:45 rc_service: udhcpc 445:notify_rc start_firewall
    Jul 22 14:26:45 nat: apply nat rules (/tmp/nat_rules_eth0_eth0)
    Jul 22 14:26:46 dhcp client: bound 173.174.116.142 via 173.174.96.1 during 60856 seconds.
    Jul 22 14:27:10 crond[314]: time disparity of 113182 minutes detected
    Jul 22 14:27:25 dnsmasq-dhcp[307]: DHCPREQUEST(br0) 192.168.1.72 e0:d5:5e:23:6d:d3
    Jul 22 14:27:25 dnsmasq-dhcp[307]: DHCPACK(br0) 192.168.1.72 e0:d5:5e:23:6d:d3 DESKTOP-F11B6L9
    Jul 22 14:31:54 dnsmasq-dhcp[307]: DHCPDISCOVER(br0) b4:74:43:ab:52:4b
    Jul 22 14:31:54 dnsmasq-dhcp[307]: DHCPOFFER(br0) 192.168.1.217 b4:74:43:ab:52:4b
    Jul 22 14:31:54 dnsmasq-dhcp[307]: DHCPDISCOVER(br0) b4:74:43:ab:52:4b
    Jul 22 14:31:54 dnsmasq-dhcp[307]: DHCPOFFER(br0) 192.168.1.217 b4:74:43:ab:52:4b
    Jul 22 14:31:54 dnsmasq-dhcp[307]: DHCPREQUEST(br0) 192.168.1.217 b4:74:43:ab:52:4b
    Jul 22 14:31:54 dnsmasq-dhcp[307]: DHCPACK(br0) 192.168.1.217 b4:74:43:ab:52:4b Galaxy-J7
    Jul 22 15:00:27 disk_monitor: Got SIGALRM...
    Jul 22 23:00:27 disk_monitor: Got SIGALRM...

  7. #7
    ROG Guru: Black Belt Array Korth PC Specs
    Korth PC Specs
    MotherboardASUS X99 R5E (BIOS2101/1902)
    ProcessorHaswell-EP E5-1680-3 SR20H/R2 (4.4GHz)
    Memory (part number)Vengeance LPX 4x8GB SS DDR4-3000 (CMK32GX4M4C3000C15)
    Graphics Card #1NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Graphics Card #2NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Sound CardJDS Labs O2+ODAC (RevB), USB2 UAC1
    MonitorASUS PG278Q
    Storage #1Samsung 850 PRO 512GB SSDs, 4xSATA3 RAID0
    Storage #2Comay BladeDrive E28 3200GB SSD, 8xPCIe2
    CPU CoolerRaijintek NEMESIS/TISIS, AS5, 2xNH-A14
    CaseObsidian 750D (original), 6xNH-A14
    Power SupplyZalman/FSP ZM1250 Platinum
    Headset Pilot P51 PTT *modded*
    OS Arch, Gentoo, Win7x64, Win10x64
    Network RouterActiontec T3200M VDSL2 Gateway
    Accessory #1 TP-Link AC1900 Archer T9E, 1xPCIe
    Accessory #2 ASUS/Infineon SLB9635 TPM (TT1.2/FW3.19)
    Accessory #3 ASUS OC Panel I (FW0501)
    Korth's Avatar
    Join Date
    Mar 2015
    Reputation
    152
    Posts
    2,719

    Wired networks are immune to wireless network attacks. Always an option if you are concerned about network security and can live without wireless convenience.

    Strong passwords are enough to defeat casual intrusion attempts. Especially if they contain extended characters which are "impossible" to type on smartphone keyboards. Most "hackers" are just people with mobile devices who are looking to leech some free wifi, very few indeed will be tech-savvy heavyweights who are able to somehow brute or finesse their way into a secured system.

    Another option - not foolproof but fun and a little nasty - is to deter all but the most stubbornly persistent wifi intruders by rudely making their experience with your network into an endlessly unpleasant series of intolerable frustrations. Many DIY parts like this ESP8266 can be used quite deviously, jamming and tangling signals in endless combinations limited only by your cruel imagination. A little bit of a legal grey area in some places (when used outside your home), but the only people who'd ever discover you're employing these defensive/security/privacy strategies would be those who've attempted to bypass them.

    https://www.instructables.com/id/DIY...nd-Mobile-App/
    Last edited by Korth; 07-27-2018 at 07:02 AM.
    "All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

    [/Korth]

  8. #8
    ROG Junior Member Array
    Join Date
    Dec 2017
    Reputation
    10
    Posts
    4

    Thanks for the tips. To clarify, the remote hacker is from South Korea and using a VPN or hacked remote IP address from Greece and Italy (multiple IPs). He had (might still have) backdoor access to my router from January of 2018 to July 2018 and I only found out after my third login with Korean language reset (first time in April, second time in May, third time in July when I finally googled the reason and found it to be the worst-case scenario). Before googling after the first language reset, I had assumed my router was resetting to the manufacturer's country when losing power from the PSU because I've been having intermittent ISP connection issues caused by an outside line until June 2018.

    After seeing it "resetted" (hacked) to Korean when I finally had a stable internet connection after 3 separate technician visits, that's when I knew it was fishy. I should have googled it sooner and found out sooner, but I haven't been using computers as a whole for the months of January all the way to end of May of this year, working overtime and such. So, it's definitely my fault due to negligence, but also the major fault of the manufacturer for having such a vulnerability in their firmware for such an expensive product. At same time, I did all the precautionary measures, resetting router to factory defaults, special characters in hexadecimal for login, disabling remote access, and using AIProtect which stopped the attacks since 17 July 2018. I'm lucky that they haven't stolen all my personal information as Korean hackers are known to immediately take all your CC information and use it or sell it off (my family is native Koreans and know the hacker culture there).

    I have contacted ASUS network support and have not received a response for the past 3 business days and probably won't receive any even though I entered a duplicate support email message for a response. I'm going to wait it out to see if the backdoor is still extant on my firmware despite factory reset, installing latest official firmware (at time I was using the latest Merlin firmware from January or February 2018). I do know they have more updated firmware for Merlin but I'm going to use the official one to find out if I get some suspicious activity and if the AIProtect is going to keep getting hits from the same IP addresses. If so, it's likely that the backdoor might still exist? (my guess)

    One other question I would like to ask is wouldn't it be possible to decrypt the bytes from wired network traffic if they already have hijacked the router's main console/firmware? I'm on a wired network with my two computers (main/gaming, secondary/work) and wireless on my smartphone. I do need wireless access and can't really live without it, but I was thinking that if they got remote access to my router, wouldn't the wired connections be compromised as well? I think you answered it, but just wanted to make sure. Thanks again.

  9. #9
    ROG Guru: Black Belt Array Korth PC Specs
    Korth PC Specs
    MotherboardASUS X99 R5E (BIOS2101/1902)
    ProcessorHaswell-EP E5-1680-3 SR20H/R2 (4.4GHz)
    Memory (part number)Vengeance LPX 4x8GB SS DDR4-3000 (CMK32GX4M4C3000C15)
    Graphics Card #1NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Graphics Card #2NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Sound CardJDS Labs O2+ODAC (RevB), USB2 UAC1
    MonitorASUS PG278Q
    Storage #1Samsung 850 PRO 512GB SSDs, 4xSATA3 RAID0
    Storage #2Comay BladeDrive E28 3200GB SSD, 8xPCIe2
    CPU CoolerRaijintek NEMESIS/TISIS, AS5, 2xNH-A14
    CaseObsidian 750D (original), 6xNH-A14
    Power SupplyZalman/FSP ZM1250 Platinum
    Headset Pilot P51 PTT *modded*
    OS Arch, Gentoo, Win7x64, Win10x64
    Network RouterActiontec T3200M VDSL2 Gateway
    Accessory #1 TP-Link AC1900 Archer T9E, 1xPCIe
    Accessory #2 ASUS/Infineon SLB9635 TPM (TT1.2/FW3.19)
    Accessory #3 ASUS OC Panel I (FW0501)
    Korth's Avatar
    Join Date
    Mar 2015
    Reputation
    152
    Posts
    2,719

    Update router firmware (if needed), reset the router, change admin password, block all known "hacker" IPs. It'll kick out any potential compromises/backdoors/etc and it's basically the best you can do to lockout future intrusion attempts. Do a full scan for malware/rootkits/etc and check all your security settings (firewall, etc) on each connected computer if you're worried about Bad Things.

    I honestly think it's extremely unlikely that a Korean hacker is trying to hack your machine. It's probably some sort of botnet thing trying to exploit known vulnerabilities in unpatched routers, and probably far less interested in you or your data as in installing some sort of DDoS launcher or torrent archive or coinhive or something.

    If it's a real ongoing problem which persists then you can contact your ISP and request they assign you different IPs or block traffic from attacking IPs. Or buy yourself a different router.
    "All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

    [/Korth]

  10. #10
    ROG Enthusiast Array
    Join Date
    Apr 2016
    Reputation
    11
    Posts
    37

    Quote Originally Posted by Korth View Post
    Update router firmware (if needed), reset the router, change admin password, block all known "hacker" IPs. It'll kick out any potential compromises/backdoors/etc and it's basically the best you can do to lockout future intrusion attempts. Do a full scan for malware/rootkits/etc and check all your security settings (firewall, etc) on each connected computer if you're worried about Bad Things.

    I honestly think it's extremely unlikely that a Korean hacker is trying to hack your machine. It's probably some sort of botnet thing trying to exploit known vulnerabilities in unpatched routers, and probably far less interested in you or your data as in installing some sort of DDoS launcher or torrent archive or coinhive or something.

    If it's a real ongoing problem which persists then you can contact your ISP and request they assign you different IPs or block traffic from attacking IPs. Or buy yourself a different router.
    Excellent advice. I've been seeing the same blocked intrusion attempts in my AC88U router logs as well for almost a year now. When the internet connection was restored after it went down for almost 3 weeks due to repairs of faulty conduits in our building, the attacks stopped. I'm still expecting these things to happen again sooner or later, now that the router is online again but I'll take the time to do the steps above for piece of mind.
    Last edited by jologskyblues; 07-30-2018 at 05:38 AM.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •