ASUS router issue and the logs

Sparx · 28 Jun 2015 at 08:32

Hi guys, hope you can help... I have 2 problems, one may be related to the other but I doubt it...

I have an ASUS RT-AC56U router which is running Merlin's latest 378.54_2 firmware.

I also have an HG612 modem on Sky's Fibre Pro package. I live in a brand new house and the modem is rock solid and barely ever loses sync.

Issue 1
Every few days (maybe 4-5 days) all of a sudden I will lose network connectivity. Every device in the house will whether Wired or on WiFi, the router becomes inaccessible and I can't connect to anything at all. The only thing I can do is reboot the router, when it's back on I check the logs and can't for the life of me see anything that identifies what on earth happened or why... This has happened over the last several firmware files as far back as I can remember. I've only had the router maybe 9 months?

Issue 2
The one thing that does appear ridiculously often in the router logs is my missus' iPhone is constantly appearing, all day and all night, whether she is on it or not. It looks almost as if her phone is experiencing a DDoS from an app or something! An extract from the logs this morning are below. This makes me wonder if it's related to my 1st issue whether at some point, my router is just locking out from the constant connections or is tripping somewhere...

These logs could go on forever, but I've just pasted a bunch from this morning.

Code:

Jun 28 05:21:56 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=2.127.252.251 DST=[MyIPAddress]LEN=103 TOS=0x00 PREC=0x00 TTL=62 ID=14616 PROTO=TCP SPT=443 DPT=60315 SEQ=1560985669 ACK=1121023441 WINDOW=282 RES=0x00 ACK PSH URGP=0 
Jun 28 05:21:57 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=2.127.252.251 DST=[MyIPAddress]LEN=103 TOS=0x00 PREC=0x00 TTL=62 ID=15394 PROTO=TCP SPT=443 DPT=60315 SEQ=1560985669 ACK=1121023441 WINDOW=282 RES=0x00 ACK PSH URGP=0 
Jun 28 05:22:00 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=2.127.252.251 DST=[MyIPAddress]LEN=103 TOS=0x00 PREC=0x00 TTL=62 ID=17814 PROTO=TCP SPT=443 DPT=60315 SEQ=1560985669 ACK=1121023441 WINDOW=282 RES=0x00 ACK PSH URGP=0 
Jun 28 05:23:19 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=104.219.251.107 DST=[MyIPAddress]LEN=64 TOS=0x00 PREC=0x00 TTL=55 ID=0 DF PROTO=UDP SPT=47061 DPT=53 LEN=44 
Jun 28 05:26:26 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=202.181.194.62 DST=[MyIPAddress]LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=18645 DF PROTO=TCP SPT=39292 DPT=9090 SEQ=3117095262 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405AC01010402) 
Jun 28 05:26:29 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=202.181.194.62 DST=[MyIPAddress]LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=19732 DF PROTO=TCP SPT=39292 DPT=9090 SEQ=3117095262 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405AC01010402) 
Jun 28 05:27:24 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=222.186.21.112 DST=[MyIPAddress]LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=256 PROTO=TCP SPT=77 DPT=8088 SEQ=0 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0 
Jun 28 05:27:32 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=222.186.21.112 DST=[MyIPAddress]LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=256 PROTO=TCP SPT=77 DPT=80 SEQ=0 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0 
Jun 28 05:27:47 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=222.186.21.112 DST=[MyIPAddress]LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=256 PROTO=TCP SPT=77 DPT=3128 SEQ=0 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0 
Jun 28 05:27:55 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=222.186.21.112 DST=[MyIPAddress]LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=256 PROTO=TCP SPT=77 DPT=37564 SEQ=0 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0 
Jun 28 05:28:10 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=222.186.21.112 DST=[MyIPAddress]LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=256 PROTO=TCP SPT=77 DPT=8118 SEQ=0 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0 
Jun 28 05:28:18 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=222.186.21.112 DST=[MyIPAddress]LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=256 PROTO=TCP SPT=77 DPT=8888 SEQ=0 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0 
Jun 28 05:35:36 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=122.225.105.13 DST=[MyIPAddress]LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=256 PROTO=TCP SPT=4309 DPT=80 SEQ=265617408 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0 
Jun 28 05:42:36 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=178.19.108.166 DST=[MyIPAddress]LEN=40 TOS=0x00 PREC=0x00 TTL=122 ID=256 DF PROTO=TCP SPT=12200 DPT=21320 SEQ=19316278 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 
Jun 28 05:45:22 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=199.203.59.118 DST=[MyIPAddress]LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=55898 PROTO=TCP SPT=32951 DPT=80 SEQ=2126874275 ACK=718330574 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
Jun 28 05:45:49 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=222.219.187.9 DST=[MyIPAddress]LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=42653 PROTO=TCP SPT=43585 DPT=22 SEQ=86188203 ACK=437993730 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
Jun 28 06:40:16 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=184.105.247.231 DST=[MyIPAddress]LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48899 DPT=11211 SEQ=1383604426 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 
Jun 28 06:45:57 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=198.20.69.98 DST=[MyIPAddress]LEN=40 TOS=0x00 PREC=0x00 TTL=120 ID=32795 PROTO=TCP SPT=26366 DPT=5009 SEQ=102250133 ACK=0 WINDOW=64873 RES=0x00 SYN URGP=0 
Jun 28 06:53:59 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=218.77.79.43 DST=[MyIPAddress]LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=59749 DPT=80 SEQ=3701543667 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 
Jun 28 06:54:46 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=178.19.108.166 DST=[MyIPAddress]LEN=40 TOS=0x00 PREC=0x00 TTL=122 ID=256 DF PROTO=TCP SPT=12200 DPT=21320 SEQ=19297650 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 
Jun 28 06:57:52 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=61.240.144.65 DST=[MyIPAddress]LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=43783 PROTO=TCP SPT=60000 DPT=5631 SEQ=3328780759 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 
Jun 28 07:01:32 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=218.67.77.35 DST=[MyIPAddress]LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=6170 DF PROTO=TCP SPT=55231 DPT=23 SEQ=3991907699 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A5BA3B5690000000001030302) 
Jun 28 07:01:33 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=218.67.77.35 DST=[MyIPAddress]LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=6171 DF PROTO=TCP SPT=55231 DPT=23 SEQ=3991907699 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A5BA3B9510000000001030302) 
Jun 28 07:01:34 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=218.67.77.35 DST=[MyIPAddress]LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=6172 DF PROTO=TCP SPT=55231 DPT=23 SEQ=3991907699 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A5BA3BD390000000001030302) 
Jun 28 07:01:35 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=218.67.77.35 DST=[MyIPAddress]LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=6173 DF PROTO=TCP SPT=55231 DPT=23 SEQ=3991907699 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A5BA3C1210000000001030302) 
Jun 28 07:04:25 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=125.161.48.204 DST=[MyIPAddress]LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28588 DF PROTO=TCP SPT=39826 DPT=23 SEQ=2098506114 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405AC0402080A0016C62E0000000001030301) 
Jun 28 07:04:28 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=125.161.48.204 DST=[MyIPAddress]LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28589 DF PROTO=TCP SPT=39826 DPT=23 SEQ=2098506114 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405AC0402080A0016C75A0000000001030301) 
Jun 28 07:04:34 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=125.161.48.204 DST=[MyIPAddress]LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28590 DF PROTO=TCP SPT=39826 DPT=23 SEQ=2098506114 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405AC0402080A0016C9B20000000001030301)
Jun 28 08:01:23 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=150.70.85.193 DST=[MyIPAddress]LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=34257 DF PROTO=TCP SPT=443 DPT=15898 SEQ=2731364153 ACK=3534701651 WINDOW=221 RES=0x00 ACK URGP=0 
Jun 28 08:05:59 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=101.82.210.44 DST=[MyIPAddress]LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=39539 DF PROTO=TCP SPT=33083 DPT=23 SEQ=1905465364 ACK=0 WINDOW=5632 RES=0x00 SYN URGP=0 OPT (020405800402080A003182670000000001030302) 
Jun 28 08:06:02 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=101.82.210.44 DST=[MyIPAddress]LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=39540 DF PROTO=TCP SPT=33083 DPT=23 SEQ=1905465364 ACK=0 WINDOW=5632 RES=0x00 SYN URGP=0 OPT (020405800402080A003183930000000001030302) 
Jun 28 08:06:08 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=101.82.210.44 DST=[MyIPAddress]LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=39541 DF PROTO=TCP SPT=33083 DPT=23 SEQ=1905465364 ACK=0 WINDOW=5632 RES=0x00 SYN URGP=0 OPT (020405800402080A003185EB0000000001030302) 
Jun 28 08:06:51 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=178.19.108.166 DST=[MyIPAddress]LEN=40 TOS=0x00 PREC=0x00 TTL=122 ID=256 DF PROTO=TCP SPT=12200 DPT=21320 SEQ=19311797 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 
Jun 28 08:08:41 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=94.102.49.123 DST=[MyIPAddress]LEN=29 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=47117 DPT=19 LEN=9 
Jun 28 08:15:13 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=104.16.26.235 DST=[MyIPAddress]LEN=173 TOS=0x00 PREC=0x00 TTL=61 ID=60173 DF PROTO=TCP SPT=80 DPT=50045 SEQ=4130754032 ACK=3071386695 WINDOW=35 RES=0x00 ACK URGP=0 
Jun 28 08:15:41 kernel: DROP IN=eth0 OUT= MAC=[iPhoneinHouse]:00:00:00:05:05:05:08:00 SRC=104.16.26.235 DST=[MyIPAddress]LEN=106 TOS=0x00 PREC=0x00 TTL=61 ID=60174 DF PROTO=TCP SPT=80 DPT=50045 SEQ=4130754032 ACK=3071386695 WINDOW=35 RES=0x00 ACK URGP=0

Any help would be appreciated...

Cheers

Danny091 · 28 Jun 2015 at 12:21

What are your firewall rules? It looks like its scanning you for open ports / services mainly telnet.

Sparx · 28 Jun 2015 at 12:54

Nothing out of the ordinary I don't think. The below screenshot is what I amended them to this morning, but the scans to my partner's phone still keep appearing in the logs.

Before this morning, I had DoS protection disabled and respond ping request from WAN enabled. Which I will probably revert back to.

AStaley · 28 Jun 2015 at 13:34

What's connected to that eth0 port, should be the first Ethernet port on the router?

Danny091 · 28 Jun 2015 at 13:40

Should not really have Respond to ping on WAN enabled unless your using it to track something like latency with thinkbroadband. Otherwise your router will reply to every ping request it gets and once one of these services gets a reply thats when they start scanning for open ports.

Did you say your with sky? Try restarting your router so you get a new IP address. Also under WAN do you have any port forwarding or port triggers / DMZ set up?

Sparx · 28 Jun 2015 at 14:02

AStaley said:
What's connected to that eth0 port, should be the first Ethernet port on the router?

Would Eth0 be the WAN port to my HG612 modem?

Otherwise I have port 1-4 and port 1 is my desktop PC.

Danny091 said:
Should not really have Respond to ping on WAN enabled unless your using it to track something like latency with thinkbroadband. Otherwise your router will reply to every ping request it gets and once one of these services gets a reply thats when they start scanning for open ports.

Did you say your with sky? Try restarting your router so you get a new IP address. Also under WAN do you have any port forwarding or port triggers / DMZ set up?

The issue has been ongoing for months so over time I have rebooted the router a dozen or so times, due to the issue happening.

Sky give me sticky IPs but I know it has changed 3 or 4 times in the 9 months I have had Sky Fibre.

Yes the reason I have respond to WAN pings enabled is for my TBB ping monitor.

I only have port 25565 forwarded for my PC and another PC (Minecraft servers).

No port triggers or DMZ setup.