hi team,
this morning we've been attacked again, at around 2:50am local time. below is snippets of syslog when router is booting. (after it was attacked)
it was rebooting by itself. and as before, after that aimesh, wifi 2.4g and several pages in admin, all are inaccessible.
log has "kernel: external imprecise data......." which is unusual.
updates:
after, unplug the power for a couple of minutes and plug it back. the router is back to normal.
no need for hard reset... phew...
aiprotection shows nothing, at that time.
updates: 27/03/2018
there are many hits from aiprotection today, but so far my router is doing ok, i think.
i have big suspicious on error messages re: letsencrypt.org called by kernel every 5 minutes or so.
in doing so, router's CPU spiked to 100% for a couple of seconds.
these errors has been there since the 1st attack, has my router been compromised? there wasn't any errors like this before the 1st attack.
below is snippets of error log on "letsencrypt.org", i have replace my DNS name to XXXXX.asuscomm.com for privacy.
.....
Mar 27 10:55:38 kernel: /usr/sbin/acme-client:
https://acme-v01.api.letsencrypt.org/acme/challenge/UhiBnOpDX2_qCE4YVMXuaYenSvIFZeVi_7jN9sbOGNk/3977... bad response
Mar 27 10:55:38 kernel: /usr/sbin/acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:connection", "detail": "Fetching
http://XXXXXXXXXXX.asuscomm.com/.well-known/acme-challenge/Hi2YylcKbIjivb4GTNC4PZekG-ptOkGZIh_G2uKiG... Timeout", "status": 400 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/UhiBnOpDX2_qCE4YVMXuaYenSvIFZeVi_7jN9sbOGNk/3977139698", "token": "Hi2YylcKbIjivb4GTNC4PZekG-ptOkGZIh_G2uKiG1E", "keyAuthorization": "Hi2YylcKbI
Mar 27 11:00:01 rc_service: service 19773:notify_rc restart_letsencrypt
Mar 27 11:00:09 kernel: /usr/sbin/acme-client:
https://acme-v01.api.letsencrypt.org/acme/new-authz: bad HTTP: 429
Mar 27 11:00:09 kernel: /usr/sbin/acme-client: transfer buffer: [{ "type": "urn:acme:error:rateLimited", "detail": "Error creating new authz :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/", "status": 429 }] (189 bytes)
Mar 27 11:03:51 lldpd[450]: unable to send packet on real device for wds1.3: No such device or address
....
also my aimesh node is just 1 rt-ac68u. firmware has been updated to 3.0.0.4.384_20624-g14d2f02
main router rt-ac88u firmware is 3.0.0.4.384_20379-gc0714df
===martin
...
Feb 14 07:00:21 syslogd started: BusyBox v1.17.4
Feb 14 07:00:21 kernel: klogd started: BusyBox v1.17.4 (2018-02-07 19:40:02 CST)
Feb 14 07:00:21 kernel: PCI: Fixing up bus 0
Feb 14 07:00:21 kernel: PCI: Fixing up bus 0
Feb 14 07:00:21 kernel: PCI: Fixing up bus 1
Feb 14 07:00:21 kernel: PCI: Fixing up bus 0
Feb 14 07:00:21 kernel: PCI: Fixing up bus 1
Feb 14 07:00:21 kernel: VFS: Disk quotas dquot_6.5.2
Feb 14 07:00:21 kernel: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
Feb 14 07:00:21 kernel: pflash: found no supported devices
Feb 14 07:00:21 kernel: bcmsflash: found no supported devices
Feb 14 07:00:21 kernel: Boot partition size = 524288(0x80000)
Feb 14 07:00:21 kernel: lookup_nflash_rootfs_offset: offset = 0x200000
Feb 14 07:00:21 kernel: nflash: squash filesystem with lzma found at block 29
Feb 14 07:00:21 kernel: Creating 4 MTD partitions on "nflash":
Feb 14 07:00:21 kernel: 0x000000000000-0x000000080000 : "boot"
Feb 14 07:00:21 kernel: 0x000000080000-0x000000200000 : "nvram"
Feb 14 07:00:21 kernel: 0x000000200000-0x000004000000 : "linux"
Feb 14 07:00:21 kernel: 0x0000003bfed0-0x000004000000 : "rootfs"
Feb 14 07:00:21 kernel: === PPTP init ===
Feb 14 07:00:22 kernel: Registering the dns_resolver key type
Feb 14 07:00:22 kernel: Spare area=64 eccbytes 56, ecc bytes located at:
Feb 14 07:00:22 kernel: 2 3 4 5 6 7 8 9 10 11 12 13 14 15 18 19 20 21 22 23 24 25 26 27 28 29 30 31 34 35 36 37 38 39 40 41 42 43 44 45 46 47 50 51 52 53 54 55 56 57 58 59 60 61 62 63
Feb 14 07:00:22 kernel: Available 7 bytes at (off,len):
Feb 14 07:00:22 kernel: (1,1) (16,2) (32,2) (48,2) (0,0) (0,0) (0,0) (0,0)
Feb 14 07:00:22 kernel: Options: NO_AUTOINCR,NO_READRDY,
Feb 14 07:00:22 kernel: Creating 1 MTD partitions on "brcmnand":
Feb 14 07:00:22 kernel: 0x000004000000-0x000008000000 : "brcmnand"
Feb 14 07:00:22 kernel: VFS: Mounted root (squashfs filesystem) readonly on device 31:3.
Feb 14 07:00:22 kernel: rtl8365mb: module license 'Proprietary' taints kernel.
Feb 14 07:00:22 kernel: Disabling lock debugging due to kernel taint
Feb 14 07:00:22 kernel: rtl8365mbrtl8365mb initialized(0)(retry:1)
Feb 14 07:00:22 kernel: rtk port_phyEnableAll ok
Feb 14 07:00:22 kernel: register rtl8365mb done (link down at first)
Feb 14 07:00:22 kernel: et_module_init: passivemode set to 0x0
Feb 14 07:00:22 kernel: et_module_init: txworkq set to 0x0
Feb 14 07:00:22 kernel: et_module_init: et_txq_thresh set to 0xce4
Feb 14 07:00:22 kernel: et_module_init: et_rxlazy_timeout set to 0x3e8
Feb 14 07:00:22 kernel: et_module_init: et_rxlazy_framecnt set to 0x20
Feb 14 07:00:22 kernel: et_module_init: et_rxlazy_dyn_thresh set to 0
Feb 14 07:00:22 kernel: ERROR fwder_init: fwd_cpumap nvram not present, using default
Feb 14 07:00:22 kernel: eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 7.14.164.303 (r666427)
Feb 14 07:00:22 kernel: dpsta_init: msglevel set to 0x1
Feb 14 07:00:22 kernel: dpsta_init: fail to get ifnames!
Feb 14 07:00:22 nat: apply redirect rules
Feb 14 07:00:22 kernel: PCI_PROBE: bus 1, slot 0,vendor 14E4, device 4365(good PCI location)
Feb 14 07:00:22 kernel: PCI: Enabling device 0001:01:00.0 (0140 -> 0142)
Feb 14 07:00:22 kernel: dhd_attach(): thread:dhd_watchdog_thread:7a started
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x803211a0 lr=0x7f095360 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x803211ac lr=0x7f0953a0 ignored.
Feb 14 07:00:22 kernel: dhd_detach(): thread:dhd_watchdog_thread:7a terminated OK
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x803211a0 lr=0x7f09cab4 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa3000000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x803211a0 lr=0x7f09d9a0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x803211ac lr=0x7f09bf50 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x803211ac lr=0x7f09c9e4 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fea4 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe88 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: External imprecise Data abort at addr=0xa0c00000, fsr=0x1406, pc=0x8020fe84 lr=0x8020fee0 ignored.
Feb 14 07:00:22 kernel: PCI_PROBE: bus 1, slot 0,vendor 14E4, device 4365(good PCI location)
Feb 14 07:00:22 kernel: PCI: Enabling device 0002:01:00.0 (0140 -> 0142)
Feb 14 07:00:22 kernel: dhd_attach(): thread:dhd_watchdog_thread:7e started
Feb 14 07:00:22 kernel: Dongle Host Driver, version 1.363.2 (r665954)
Feb 14 07:00:22 kernel: Compiled in drivers/net/wireless/bcmdhd on Feb 7 2018 at 19:46:10
Feb 14 07:00:22 kernel: Register interface [eth2] MAC: 38:d5:47:bc:13:3c
Feb 14 07:00:22 kernel: xhci_hcd 0000:00:0c.0: Failed to enable MSI-X
Feb 14 07:00:22 kernel: xhci_hcd 0000:00:0c.0: failed to allocate MSI entry
Feb 14 07:00:22 kernel: usb usb1: No SuperSpeed endpoint companion for config 1 interface 0 altsetting 0 ep 129: using minimum values
Feb 14 07:00:23 dnsmasq[335]: warning: no upstream servers configured
Feb 14 07:00:23 kernel: rtk port_phyEnableAll (on) ok
Feb 14 07:00:24 RT-AC88U: start httpd
Feb 14 07:00:24 syslog: Generating SSL certificate...
Feb 14 07:00:24 NAT Tunnel: AAE Service is stopped
Feb 14 07:00:24 disk monitor: be idle
Feb 14 07:00:24 AAE: AAE Service is started
Feb 14 07:00:24 jffs2: valid logs(1)
Feb 14 07:00:24 hour monitor: daemon is starting
Feb 14 07:00:24 Mastiff: exit.
Feb 14 07:00:25 lldpd[424]: cannot get ethtool link information with GSET (requires 2.6.19+): Operation not permitted
Feb 14 07:00:27 wan: [wan0_hwaddr] == [38:D5:47:BC:13:38]
Feb 14 07:00:27 WAN Connection: ISP's DHCP did not function properly.
Feb 14 07:00:27 wan: [deconfig] udhcpc done[286]
Feb 14 07:00:27 rc_service: udhcpc 442:notify_rc start_firewall
Feb 14 07:00:27 wan: finish adding multi routes
Feb 14 07:00:27 rc_service: udhcpc 442:notify_rc stop_upnp
Feb 14 07:00:27 rc_service: waitting "start_firewall" via udhcpc ...
Feb 14 07:00:30 syslog: module ledtrig-usbdev not found in modules.dep
Feb 14 07:00:30 syslog: module leds-usb not found in modules.dep
Feb 14 07:00:30 kernel: SCSI subsystem initialized
Feb 14 07:00:32 nat: apply nat rules (/tmp/nat_rules_eth0_eth0)
Feb 14 07:00:32 kernel: nf_conntrack_rtsp v0.6.21 loading
Feb 14 07:00:32 kernel: nf_nat_rtsp v0.6.21 loading
Feb 14 07:00:33 WAN Connection: WAN was restored.
Feb 14 07:00:33 rc_service: udhcpc 442:notify_rc start_upnp
Feb 14 07:00:33 rc_service: waitting "stop_upnp" via udhcpc ...
Feb 14 07:00:33 ntp: start NTP update
Mar 26 02:54:15 rc_service: ntp 459:notify_rc restart_upnp
....