ASUS - ZenTalk

brossyg · ‎12-19-2024

I have an ASUS RT-AX88U. Lately my network has been attacked with brute force attempts to gain access through RPD (remote desktop). My Norton antivirus has stopped the attack at the machine level, but I listed all malicious IP's on the router's routing page (LAN/ROUTE/) with a "Metric" of 2 in order to stop them before they pass through the router. This successfully stops the attacks at the router, but I have already listed 16 Malicious IP's (out of a limit of 32). The IP's come from only four distinct IP branches. One such branch of IP's is 45.141.87.xxx.

So, in the "Network/Host IP" box on the Route tab, I want to signify a range of IP's instead. I have tried 45.141.87.* (the asterisk signifying a wildcard), but the ASUS router does not accept the * at all. Then I tried the CIDR notation (like this: 45.141.87.0/24), but the "Network/Host IP" field won't accept the / either.

Is there any way to use notation to signify a range of IP's? Apparently, ASUS routers use CIDR and "*", but it doesn't work in this field. Help please.

jzchen · ‎12-22-2024

Maybe ask your ISP to change your WAN IP address.

brossyg · ‎12-23-2024

Thanks but I assume the attacker s probing all addresses assigned by my ISP. I need to be able to block a range of originating addresses.

Aureliannn_ASUS · ‎12-23-2024

Hi @brossyg ,

To help us better troubleshoot the issue, we would like you to confirm the following:

When did the issue start: When did this issue start happening? Was there a specific time or action that triggered this problem?
Firmware update: Have you updated your router's firmware to the latest version? We recommend that you go to our official website to download the latest firmware and update it. This can help resolve many known issues. RT-AX88U｜WiFi Routers｜ASUS Global
Factory reset: If the problem persists, you can try restoring your router to factory settings. For detailed recovery instructions, please refer to our FAQ: [Wireless Router] When Standard Reset Isn’t Working: Hard Factory Reset - Models list | Official Sup...

If the problem still persists after performing the above steps, we recommend that you immediately use the system's feedback function to report the relevant information to us when the problem occurs.

You can submit a feedback form Web GUI (http://www.asusrouter.com).

Connect your device to your router and log in to Web GUI(http://www.asusrouter.com)
Find “Administration,” and tap “Feedback”
Fill in your region, email (required field), ASUS Service No./Case No.(not required),Select the feedback problem and description.You can also write down comments/suggestions. More details might help us to analyze the issue you have encountered in a faster and more efficient way.
Read the agreement and click “I agree.”
Tap “Send” to submit your feedback.

Then provide the product serial number, the time of submitting the issue report, the email used for filling out the issue report, and the time when the issue occurred via private message to me.

Thank you.

brossyg · ‎12-23-2024

the router’s firmware is always up to date. The attacks started about 10 days ago. Norton antivirus stops them at the machine level. The router’s Routing page will allow only 21 IP’s listed (supposed to be 32 but isn’t) with a Metric of “2” which does block incoming traffic from that IP. This page will not accept “*” for a wildcard, nor CIDR notation to specify a range of IP’s. This is what is needed because the attacks are coming from five distinct Russian and Ukrainian IP branches. That is 256 possible addresses per branch. So, if the Route page would accept “*” or CIDR notation, then it could easily block all IP’s that the attacks are originating from.

ASUS - ZenTalk

Need help with notating an IP range