Author Topic: Network Security Scan - ASUS router log flooded with messages, sometimes chokes  (Read 5544 times)

0 Members and 1 Guest are viewing this topic.

Offline AbsoluteJoe

  • Newbie
  • *
  • Posts: 3
I just discovered the reason that my ASUS RT-N66U router have been logging hundreds of DNS and logon failures - It's due to the AVAST Home Network Security Scanner ! :o

Part of this nasty test floods the router with concurrent DNS requests, behaving like an outbound DNS Denial Of Service attack !  This sometimes results in killing or imparing the router's DNS processing.
The test also tries to logon to the router's HTTP admin port many, many, times...

Here is an example from the router system log:
Aug  5 10:55:02 dnsmasq[360]: Maximum number of concurrent DNS queries reached (max: 150)
Aug  5 10:55:08 dnsmasq[360]: Maximum number of concurrent DNS queries reached (max: 150)
Aug  5 10:55:51 dnsmasq[360]: Maximum number of concurrent DNS queries reached (max: 150)
... (many duplicate messages)
Aug  5 10:56:46 HTTP login: Detect abnormal logins at 5 times. The newest one was from 192.168.2.40.
... (many duplicate messages)
Aug  5 10:56:47 HTTP login: Detect abnormal logins at 65 times. The newest one was from 192.168.2.40.
Aug  5 10:56:47 HTTP login: Detect abnormal logins at 70 times. The newest one was from 192.168.2.40.
Aug  5 10:56:47 HTTP login: Detect abnormal logins at 75 times. The newest one was from 192.168.2.40.
...

I suggest that the Home Network Security Scan tests be fully documented, and that a warning be giving that these tests may cause problems with routers and/or firewalls that see these test attacks as real threats, or may simply choke on them.

In addition, can Smart Scan be modified to optionally skip the Network Security Scan ?
Currently the only way to prevent Smart Scan from running it is to disable the Network Security Scan entirely.



 
« Last Edit: August 05, 2015, 06:05:25 PM by AbsoluteJoe »