Asus Router -AC1200 has Raspi and two partitions?

Installing and Using OpenWrt
3

I own my Asus router. It is Hiltron Modem from my ISP. When I get a new router or even one from my ISP. I can configured the login page, the SSID networks for my iPhone and TV. Computer are always hardwired. And sometimes I cannot even get that far before I'm being overpowered or paused or stopped from the newer software of another router. Stopped in as the software was just paused or frozen not to run or even connect to the network.

In the past, I have camera's up and I would go back into if something was not running right, shortly after configuring the network. And I could not get back in the routers settings, resetting back to default would not work. It seemed like Admin Password software was rewrote, and setting my ISP router back to factory even by them did not allow me to access the Admin Password login page. This router was from my ISP. And I have not ever been able to use one of their routers since. When I've tried a new router, I'm still being over powered. And I cannot the new router to connect properly or let alone Admin Password protect the router and my home as well as myself.

I had been getting a little help from a retired Tech friend, he sent me a link to OpenWrt to search out what was happening on my Asus Router. Your information is quite interesting but for a self taught beginning, I'm just needing answers to questions from what I have learned going on my network. And Thank you for your efforts.

Regarding the WIFI connection, on my Laptop in the Bios I have disabled the WIFi. My Laptop does not have WIFI running on it. I also hide my SSID on my network, and manually login to my Asus router WIFI via name and password on my iPhone, iPhone 6s for a camera, and internet Study TV.

My iPhone MAC address network has not been changing or resetting. I did not track what happened with the new modem on 02-01-2022 but even before that I have noticed that the MAC Address changed and should not of.

I will be in contact again with my ISP and their tech support.

I was just relearning what it was before I called my ISP to explain myself better. I was outside with my dog, Shortly before reading your response, I noticed her sniffing a lot around the area where the demarcation is. And the time on your response is hours prior to this.

Thank you for your time and help.

LoveTech

4

I don't understand this.

Your description almost seems as if someone is installing a new router in front of you...by force... :confused:

Then it seems you have connectivity issues...I'm unclear what "not to run" means in the context of a router. :man_shrugging:

You're not clear on what's not connecting to a network.

I'm confused...but it seems you're drawing some correlation to your dog, the demarcation point and the timing of my inquiry...

In any case, you didn't answer my question completely; but I understand now - as you're not asking questions related to an OpenWrt device.

You're welcome...but since there's no OpenWrt-based equipment involved...I'm not sure how much further assist I could provide. In fact, this forum is just for OpenWrt-related questions.

5

I thought Asus Router forum was OpenWRT.

I think the ISP are part of the problem on purpose.

THE CADANT IS NOT OWNED BY ME OR IN MY HOME THAT I AM AWARE OR COULD FIND.


Frame 90: 102 bytes on wire, 102 bytes captured on interface \Device\NPF_{CF84A5FD-6911-432B-9862-DB8B53271143}, id 0
    Interface id: 0 (\Device\NPF_{CF84A5FD-6911-432B-9862-DB8B53271143})
        Interface name: \Device\NPF_{CF84A5FD-6911-432B-9862-DB8B53271143}
        Interface description: Ethernet
    Encapsulation type: Ethernet (1)
    Arrival Time: Feb 19, 2022 14:07:52.615605000 Central Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    [Time delta from previous captured frame: 2.791162000 seconds]
    [Time delta from previous displayed frame: 2.791162000 seconds]
    [Time since reference or first frame: 126.008232000 seconds]
    Frame Number: 90
    Frame Length: 102 bytes (816 bits)
    Capture Length: 102 bytes (816 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ipv6:icmpv6]
    [Coloring Rule Name: ICMP]
    [Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: Cadant_8f:7e:46 (00:01:5c:8f:7e:46), Dst: IPv6mcast_01 (33:33:00:00:00:01)
    Destination: IPv6mcast_01 (33:33:00:00:00:01)
        <[Destination (resolved): IPv6mcast_01]>
        <[Destination OUI: 33:33:00]>
        Address: IPv6mcast_01 (33:33:00:00:00:01)
        <[Address (resolved): IPv6mcast_01]>
        <[Address OUI: 33:33:00]>
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        <.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)>
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
        <.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)>
    Source: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)
        <[Source (resolved): Cadant_8f:7e:46]>
        <[Source OUI: 00:01:5c (Cadant Inc.)]>
        <[Source OUI (resolved): Cadant Inc.]>
        Address: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)
        <[Address (resolved): Cadant_8f:7e:46]>
        <[Address OUI: 00:01:5c (Cadant Inc.)]>
        <[Address OUI (resolved): Cadant Inc.]>
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        <.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)>
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        <.... ...0 .... .... .... .... = IG bit: Individual address (unicast)>
    Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: fe80::201:5cff:fe8f:7e46 (fe80::201:5cff:fe8f:7e46), Dst: ff02::1 (ff02::1)
    0110 .... = Version: 6
    <0110 .... = Version: 6 [This field makes the filter match on "ip.version == 6" possible]>
    .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
        .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
        .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
    Payload Length: 48
    Next Header: ICMPv6 (58)
    Hop Limit: 255
    Source Address: fe80::201:5cff:fe8f:7e46 (fe80::201:5cff:fe8f:7e46)
    <Source or Destination Address: fe80::201:5cff:fe8f:7e46 (fe80::201:5cff:fe8f:7e46)>
    <[Source Host: fe80::201:5cff:fe8f:7e46]>
    <[Source or Destination Host: fe80::201:5cff:fe8f:7e46]>
    Destination Address: ff02::1 (ff02::1)
    <Source or Destination Address: ff02::1 (ff02::1)>
    <[Destination Host: ff02::1]>
    <[Source or Destination Host: ff02::1]>
    [Source SLAAC MAC: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)]
    <[SLAAC MAC: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)]>
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0x7c9b [correct]
    [Checksum Status: Good]
    Cur hop limit: 0
    Flags: 0xc0, Managed address configuration, Other configuration, Prf (Default Router Preference): Medium
        1... .... = Managed address configuration: Set
        .1.. .... = Other configuration: Set
        ..0. .... = Home Agent: Not set
        ...0 0... = Prf (Default Router Preference): Medium (0)
        .... .0.. = Proxy: Not set
        .... ..0. = Reserved: 0
    Router lifetime (s): 9000
    Reachable time (ms): 3600000
    Retrans timer (ms): 0
    ICMPv6 Option (Prefix information : 2600:6c40:7009:400::/64)
        Type: Prefix information (3)
        Length: 4 (32 bytes)
        Prefix Length: 64
        Flag: 0x00
            0... .... = On-link flag(L): Not set
            .0.. .... = Autonomous address-configuration flag(A): Not set
            ..0. .... = Router address flag(R): Not set
            ...0 0000 = Reserved: 0
        Valid Lifetime: 2592000
        Preferred Lifetime: 604800
        Reserved
        Prefix: 2600:6c40:7009:400:: (2600:6c40:7009:400::)

Frame 91: 60 bytes on wire, 60 bytes captured on interface \Device\NPF_{CF84A5FD-6911-432B-9862-DB8B53271143}, id 0
    Interface id: 0 (\Device\NPF_{CF84A5FD-6911-432B-9862-DB8B53271143})
        Interface name: \Device\NPF_{CF84A5FD-6911-432B-9862-DB8B53271143}
        Interface description: Ethernet
    Encapsulation type: Ethernet (1)
    Arrival Time: Feb 19, 2022 14:07:53.033845000 Central Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    [Time delta from previous captured frame: 0.418240000 seconds]
    [Time delta from previous displayed frame: 0.418240000 seconds]
    [Time since reference or first frame: 126.426472000 seconds]
    Frame Number: 91
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:arp]
    [Coloring Rule Name: ARP]
    [Coloring Rule String: arp]
Ethernet II, Src: Cadant_8f:7e:46 (00:01:5c:8f:7e:46), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
    Destination: Broadcast (ff:ff:ff:ff:ff:ff)
        <[Destination (resolved): Broadcast]>
        <[Destination OUI: ff:ff:ff]>
        Address: Broadcast (ff:ff:ff:ff:ff:ff)
        <[Address (resolved): Broadcast]>
        <[Address OUI: ff:ff:ff]>
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        <.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)>
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
        <.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)>
    Source: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)
        <[Source (resolved): Cadant_8f:7e:46]>
        <[Source OUI: 00:01:5c (Cadant Inc.)]>
        <[Source OUI (resolved): Cadant Inc.]>
        Address: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)
        <[Address (resolved): Cadant_8f:7e:46]>
        <[Address OUI: 00:01:5c (Cadant Inc.)]>
        <[Address OUI (resolved): Cadant Inc.]>
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        <.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)>
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        <.... ...0 .... .... .... .... = IG bit: Individual address (unicast)>
    Type: ARP (0x0806)
    Padding: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Address Resolution Protocol (request)
    Hardware type: Ethernet (1)
    Protocol type: IPv4 (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (1)
    Sender MAC address: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)
    Sender IP address: 68.184.228.1 (68.184.228.1)
    Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
    Target IP address: 68.184.228.151 (68.184.228.151)

Frame 92: 70 bytes on wire, 70 bytes captured on interface \Device\NPF_{CF84A5FD-6911-432B-9862-DB8B53271143}, id 0
    Interface id: 0 (\Device\NPF_{CF84A5FD-6911-432B-9862-DB8B53271143})
        Interface name: \Device\NPF_{CF84A5FD-6911-432B-9862-DB8B53271143}
        Interface description: Ethernet
    Encapsulation type: Ethernet (1)
    Arrival Time: Feb 19, 2022 14:07:53.596953000 Central Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    [Time delta from previous captured frame: 0.563108000 seconds]
    [Time delta from previous displayed frame: 0.563108000 seconds]
    [Time since reference or first frame: 126.989580000 seconds]
    Frame Number: 92
    Frame Length: 70 bytes (560 bits)
    Capture Length: 70 bytes (560 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ipv6:icmpv6]
    [Coloring Rule Name: ICMP]
    [Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: Cadant_8f:7e:46 (00:01:5c:8f:7e:46), Dst: IPv6mcast_01 (33:33:00:00:00:01)
    Destination: IPv6mcast_01 (33:33:00:00:00:01)
        <[Destination (resolved): IPv6mcast_01]>
        <[Destination OUI: 33:33:00]>
        Address: IPv6mcast_01 (33:33:00:00:00:01)
        <[Address (resolved): IPv6mcast_01]>
        <[Address OUI: 33:33:00]>
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        <.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)>
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
        <.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)>
    Source: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)
        <[Source (resolved): Cadant_8f:7e:46]>
        <[Source OUI: 00:01:5c (Cadant Inc.)]>
        <[Source OUI (resolved): Cadant Inc.]>
        Address: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)
        <[Address (resolved): Cadant_8f:7e:46]>
        <[Address OUI: 00:01:5c (Cadant Inc.)]>
        <[Address OUI (resolved): Cadant Inc.]>
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        <.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)>
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        <.... ...0 .... .... .... .... = IG bit: Individual address (unicast)>
    Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: fe80::201:5cff:fe8f:7e46 (fe80::201:5cff:fe8f:7e46), Dst: ff02::1 (ff02::1)
    0110 .... = Version: 6
    <0110 .... = Version: 6 [This field makes the filter match on "ip.version == 6" possible]>
    .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
        .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
        .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
    Payload Length: 16
    Next Header: ICMPv6 (58)
    Hop Limit: 255
    Source Address: fe80::201:5cff:fe8f:7e46 (fe80::201:5cff:fe8f:7e46)
    <Source or Destination Address: fe80::201:5cff:fe8f:7e46 (fe80::201:5cff:fe8f:7e46)>
    <[Source Host: fe80::201:5cff:fe8f:7e46]>
    <[Source or Destination Host: fe80::201:5cff:fe8f:7e46]>
    Destination Address: ff02::1 (ff02::1)
    <Source or Destination Address: ff02::1 (ff02::1)>
    <[Destination Host: ff02::1]>
    <[Source or Destination Host: ff02::1]>
    [Source SLAAC MAC: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)]
    <[SLAAC MAC: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)]>
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0x8dba [correct]
    [Checksum Status: Good]
    Cur hop limit: 0
    Flags: 0xc0, Managed address configuration, Other configuration, Prf (Default Router Preference): Medium
        1... .... = Managed address configuration: Set
        .1.. .... = Other configuration: Set
        ..0. .... = Home Agent: Not set
        ...0 0... = Prf (Default Router Preference): Medium (0)
        .... .0.. = Proxy: Not set
        .... ..0. = Reserved: 0
    Router lifetime (s): 9000
    Reachable time (ms): 3600000
    Retrans timer (ms): 0

Frame 106: 60 bytes on wire, 60 bytes captured on interface \Device\NPF_{CF84A5FD-6911-432B-9862-DB8B53271143}, id 0
    Interface id: 0 (\Device\NPF_{CF84A5FD-6911-432B-9862-DB8B53271143})
        Interface name: \Device\NPF_{CF84A5FD-6911-432B-9862-DB8B53271143}
        Interface description: Ethernet
    Encapsulation type: Ethernet (1)
    Arrival Time: Feb 19, 2022 14:08:16.219553000 Central Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    [Time delta from previous captured frame: 0.408511000 seconds]
    [Time delta from previous displayed frame: 0.408511000 seconds]
    [Time since reference or first frame: 149.612180000 seconds]
    Frame Number: 106
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:arp]
    [Coloring Rule Name: ARP]
    [Coloring Rule String: arp]
Ethernet II, Src: Cadant_8f:7e:46 (00:01:5c:8f:7e:46), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
    Destination: Broadcast (ff:ff:ff:ff:ff:ff)
        <[Destination (resolved): Broadcast]>
        <[Destination OUI: ff:ff:ff]>
        Address: Broadcast (ff:ff:ff:ff:ff:ff)
        <[Address (resolved): Broadcast]>
        <[Address OUI: ff:ff:ff]>
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        <.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)>
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
        <.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)>
    Source: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)
        <[Source (resolved): Cadant_8f:7e:46]>
        <[Source OUI: 00:01:5c (Cadant Inc.)]>
        <[Source OUI (resolved): Cadant Inc.]>
        Address: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)
        <[Address (resolved): Cadant_8f:7e:46]>
        <[Address OUI: 00:01:5c (Cadant Inc.)]>
        <[Address OUI (resolved): Cadant Inc.]>
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        <.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)>
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        <.... ...0 .... .... .... .... = IG bit: Individual address (unicast)>
    Type: ARP (0x0806)
    Padding: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Address Resolution Protocol (request)
    Hardware type: Ethernet (1)
    Protocol type: IPv4 (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (1)
    Sender MAC address: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)
    Sender IP address: XX.XX.184.1 (XX.XX.184.1)
    Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
    Target IP address: XX.XX.187.91 (XX.XX.187.91)

      THIS TARGET IP ADDRESS WAS MY PREVIOUS PUBLIC IP WHEN I AM CONNECTED TO MY ASUS ROUTER 

Frame 123: 60 bytes on wire, 60 bytes captured on interface \Device\NPF_{CF84A5FD-6911-432B-9862-DB8B53271143}, id 0
    Interface id: 0 (\Device\NPF_{CF84A5FD-6911-432B-9862-DB8B53271143})
        Interface name: \Device\NPF_{CF84A5FD-6911-432B-9862-DB8B53271143}
        Interface description: Ethernet
    Encapsulation type: Ethernet (1)
    Arrival Time: Feb 19, 2022 14:08:27.259484000 Central Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    [Time delta from previous captured frame: 0.004052000 seconds]
    [Time delta from previous displayed frame: 0.004052000 seconds]
    [Time since reference or first frame: 160.652111000 seconds]
    Frame Number: 123
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:arp]
    [Coloring Rule Name: ARP]
    [Coloring Rule String: arp]
Ethernet II, Src: Cadant_8f:7e:46 (00:01:5c:8f:7e:46), Dst: MY PC (MY PC)
    Destination: MY PC (MY PC)
        <[Destination (resolved): MY PC]>
        <[Destination OUI:MY PC(MY PC)]>
        <[Destination OUI (resolved): MY PC]>
        Address: MY PC (MY PC)
        <[Address (resolved): MY PC]>
        <[Address OUI: MY PC (MY PC.)]>
        <[Address OUI (resolved): MY PC]>
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        <.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)>
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        <.... ...0 .... .... .... .... = IG bit: Individual address (unicast)>
    Source: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)
        <[Source (resolved): Cadant_8f:7e:46]>
        <[Source OUI: 00:01:5c (Cadant Inc.)]>
        <[Source OUI (resolved): Cadant Inc.]>
        Address: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)
        <[Address (resolved): Cadant_8f:7e:46]>
        <[Address OUI: 00:01:5c (Cadant Inc.)]>
        <[Address OUI (resolved): Cadant Inc.]>
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        <.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)>
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        <.... ...0 .... .... .... .... = IG bit: Individual address (unicast)>
    Type: ARP (0x0806)
    Padding: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Address Resolution Protocol (reply)
    Hardware type: Ethernet (1)
    Protocol type: IPv4 (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: reply (2)
    Sender MAC address: Cadant_8f:7e:46 (00:01:5c:8f:7e:46)
    Sender IP address: XX.XX.184.1 (XX.XX.184.1) 
    Target MAC address:My PC  (MY PC )
    Target IP address: XX.XX.185.227 (XX.XX.185.227)
            MODEM NEW PUBLIC IP ADDRESS 
            THE "XX" ARE MATCHING. BUT THE MASK DOES NOT MASK 
IPS MODEM CONNECTED TO MY PC HARDWIRED

I also see three SSID on my iPhone that probably are getting the 2nd public ip and my ISP won't come clean about it.

Thank you

6

Please use Code Boxes to paste output:

screen11

  • OpenWrt does not make hardware
  • ASUSTek Computer Inc. of Taiwan is not OpenWrt
  • This is not the Asus router forum

You are showing a packet received from the ISP...since the ISP delivers the packet...don't you think the Cadant is the ISP's device. :wink:

(BTW, you haven't actually described a clear problem...because now you're showing traffic, so your network connection works.) :smiley:

EDIT:

This perhaps should have been noted here:

  • This makes no sense...a remote [malicious] network admin can do very little by making a VLAN on your home network
  • This "second partition" talk is also unclear
  • Most devices with 4+1 (and 7+1) Ethernet ports require VLANs to be configured for proper operation
  • Most ISPs would be very helpful locating additional unauthorized Public IPs being used by machines on their network
  • If the ISP owns the machine and they're not concerned...I'm still confused as to exactly your concern
  • If you own the machine, flash known good firmware TWICE and reset it
  • Plug directly into the modem (no router) if you are this concerned

Try here: https://rog.asus.com/forum

1 Like
7

It's not clear to me that you are actually running OpenWrt on the ASUS.

However, this sounds like your Asus router, AND the ISP (Cadent) device, are assigning IP addresses.

If so, it's a configuration issue...nothing is "hijacking" your connection.

Normally, when connecting your own router to an ISP device, DCHP, wireless, and the firewall are turned off on the ISP device.

The ISP device is then "bridged" to the 3rd party router (your ASUS), and your router then does all the work. DCHP, wireless, and the firewall are turned on in the ASUS device

Your retired tech friend might be able to give you some help on how to "bridge" the ISP device to the ASUS.

Once that is done correctly, you should not have any issues (I bridged an ISP device for several years before I got a fiber connection, and it worked well).

1 Like
8

OUIs are often taken from a parts supplier and don't reflect the overall manufacturer's brand name on the box. Check the whole MAC address ( 00:01:5c:8f:7e:46) against the sticker MACs of devices that you have.

iPhones and other devices change their MAC intentionally to enhance user privacy. Such randomly generated MACs can be identified by the second digit of the first number being 2, 6, A, or E.

In its default configuration, OpenWrt blocks any incoming connections on the WAN port. Thus you can connect the WAN port directly to the Internet to and it will be difficult to impossible for anyone outside to access OpenWrt. Good networking practice is to consider the ISP modem as an untrusted part of the Internet, and keep it entirely on the WAN side of your firewall. The only connection from the ISP box to your system should be one Ethernet cable that goes to the WAN port of your router. Disable any wifi in the ISP box. Do not connect any PCs or other endpoints directly to the ISP box.

2 Likes
9

The packet capture from the above is my computer connected directly into the back of my ISP Hitron's modem.

About the Raspi on Asus Router
This is part of my Asus Router System log of the Raspi and the two partitions
In syslog of the Asus Router, the packets that are accepted have a vlan, the broadcast ip address, the Cadant MAC Address and a Concurrent Computer Mac Address. None which are my Asus router MAC Address.

Aug 1 00:00:30 kernel: Ralink XXX driver initialized
Aug 1 00:00:30 kernel: flash manufacture id: XX, device id XX20 18
Aug 1 00:00:30 kernel: MX25XXXX(cXXXXX) (16384 Kbytes)
Aug 1 00:00:30 kernel: mtd .name = raspi, .size = 0x01000000 (16M) .erasesize = 0x00010000 (64K) .numeraseregions = 0
Aug 1 00:00:30 kernel: partion 3: XXXXXX
Aug 1 00:00:30 kernel: partion 4: 1XXXXX
Aug 1 00:00:30 kernel: #add mtd partition#
Aug 1 00:00:30 kernel: Creating 7 MTD partitions on "raspi":
Aug 1 00:00:30 kernel: XXXXXXXXXXXXXXXXXXX : "Bootloader"
Aug 1 00:00:30 kernel: XXXXXXXXXXXXXXXXXXX: "nvram"
Aug 1 00:00:30 kernel: 0xXXXXXXXXXXXXXXXXXX\ "Factory"
Aug 1 00:00:30 kernel: 0XXXXXXXXXXXXXXXXXX : "linux"
Aug 1 00:00:30 kernel: 0XXXXXXXXXXXXXXXXXX : "rootfs"
Aug 1 00:00:30 kernel: XXXXXXXXXXXXXXXXXXX : "jffs2"
Aug 1 00:00:30 kernel: 0XXXXXXXXXXXXXXXXXXX0 : "ALL"
Aug 1 00:00:30 kernel: rdm_major = XXX
Aug 1 00:00:30 kernel: GMAC1_MAC_ADRH -- : XXXX
Aug 1 00:00:30 kernel: GMAC1_MAC_ADRL -- : XXXXX

The date is always different when this is reset back to factory and it comes back with this.

Asus Router sys.log accepted
Jan 31 14:44:03 kernel: ACCEPT IN=vlan2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:5c:8f:7e:46:08:00:45:00:01:48 SRC=xx.xx.128.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=67 DPT=68 LEN=308

This is from a year ago, and the same Public IP Address accessing my system today, I have reported to abuse@myISPnet. I have not heard back from them.
The MAC address are not on the tag of my Asus router, my computer, my iPhone. Nor the ISP Hitron's modem.

Thank you,

LoveTech

image
image1600×900 169 KB

10

Is this the "Raspi" you are talking about:

?

11

Your device uses a Ralink SoC...so that is short for Ralink SPI, not Raspberry Pi.

3 Likes
12

This is a DHCP transaction between your router and the ISP (but it’s not the modem MAC).

Is there an actual problem, or are you just confused by log messages that you do not have the knowledge to understand (not trying to be insulting)?

3 Likes
13

Respectfully, I think that is 99.999% of the anxiety you are experiencing here.

You can look up MAC addresses, and get information on what vendor uses it.

https://ouilookup.com/

@mk24 gave you a good overview above...

"Public" IPs are assigned by your ISP, and can change.

It's not a sign of an intrusion, or attempted hack.

You can look up IP addresses, and get the information on who uses them.

https://whatismyipaddress.com/ip-lookup

There are plenty of resources online to help improve your understanding, including about OpenWrt.

You might consider having your retired tech friend set up your network for you, or simplify it by rolling back your ASUS router to stock firmware, until you have a better understanding of OpenWrt.

2 Likes
14

Yes, there is a lot more to this. This is just a small part of it.

15

Really, I was at a CyberSecurity meet up with the same but probably more, and the one person said that was a raspi, and I will tell you it has two Public IP Address in the route table and two Mac addresses in the sys logs.

16

Some ASUS devices have dual WAN capability...a primary, and a secondary WAN.

That way, you can have two ISPs connected with one router...sort of a "failover" (backup) ISP in case the other ISP connection goes down.

You haven't actually stated what model (AC1200 isn't a model) your ASUS device is.

A little online research should tell you if your model is, or isn't dual WAN capable.

17

Yes, this is the dhcp and the public IP Address of the ISP. The MAC Addresses listed in the beginning are not any of my devices. The Modem Mac last ocet is D5, the Asus router's last ocet is 40. So, My inquiry is about the MAC Addresses at the beginning of the syslog. What is happening here?

18

“Just because you're paranoid doesn't mean they aren't after you.” ― Joseph Heller, Catch-22

On one hand, it’s nuts to log accepted traffic on an Asus router. I still don’t think we understand the technology and firmware you’re using on your devices. I don’t know if it would be normal to see the broadcast DHCP traffic of other customers on your ISP subnet, but since the destination is 255.255.255.255, it could be a possibility.

Why not give some more specifics of the issue, such as the first 3 octets of these 2 public IPs you claim to have. It’s very hard to evaluate your skill level based on the vagueness of your questions and responses.

1 Like
19

Sorry, I’m learning. I don’t consider myself paranoid, but I do know some people would like me to be.

I’m looking for the location of who is accessing my network. No device is safe in my home etc.

I’m interested in Learning but mostly safety. The extra MAC address not my devices, I need to find those people they are the reason I am not safe, cameras etc.

This would be happening without technology, I just have better proof with technology.
LoveTech, for that reason!

20

From what you've presented this far, no one is accessing your network.

If the two public IPs belong to your ISP, it would seem you have dual WAN enabled.

FYI, your 2.4 GHz and 5 GHz wireless radios have their own MAC address.

If you SSH in to the router and run arp -a, you can see what IP addresses are attached to what MAC addresses.

My device currently has 5 MAC addresses associated.

  1. WAN
  2. 2.4 GHz radio
  3. Guest/IoT network using the 2.4 GHz band
  4. 5 GHz network
  5. Guest/IoT network using the 5 GHz band

That's not counting any devices connected to the router (3 currently)...which would be 8 different MAC addresses.

However, using arp -a, and cross-referencing MACs to IPs, I can easily identify which device has which MAC and IP.

Using username "root".


BusyBox v1.33.2 (2022-02-16 20:29:10 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 21.02.2, r16495-bf0c965af0
 -----------------------------------------------------
root@OpenWrt:~# arp -a
IP address       HW type     Flags       HW address            Mask     Device
50.109.x.x       0x1         0x2         f4:cc:55:xx:xx:xx     *        eth0.2
192.168.1.x      0x1         0x2         3c:2a:f4:xx:xx:xx     *        br-lan
192.168.3.x      0x1         0x2         60:02:b4:xx:xx:xx     *        wlan1-1
192.168.2.x      0x1         0x2         48:8d:36:xx:xx:xx     *        wlan0-1
192.168.3.x      0x1         0x2         2c:59:8a:xx:xx:xx     *        wlan1-1
192.168.1.x      0x1         0x2         10:27:f5:xx:xx:xx     *        br-lan
192.168.1.x      0x1         0x2         c4:54:44:xx:xx:xx     *        br-lan
192.168.2.x      0x1         0x2         10:59:32:xx:xx:xx     *        wlan0-1
root@OpenWrt:~#
1 Like
21

A little off-topic, but since you are interested in "safety" (I think you mean "security"), it's important to understand that security is a problem of multiple points of protection.

A few considerations -

The router - strong passwords, open ports, firewall config, wifi security

The network - split between the router (WAN to LAN protection) and devices (LAN to LAN protection).

The device - strong passwords, firewall config, OS patching, AV/AM protection.

The applications - application patching, permission levels, sandboxing.

The account - Standard User or Administrator. Principle of "least privilege".

The data - Frequent disk imaging, frequent backups of volatile data between images, testing backups, storing copies offline.

A checklist prefaced with "Do I use", "Do I have", "Do I do", on the appropriate line item, makes it easy to go down that list.

22

I explained this already:

I wasn't aware that you didn't believe that the equipment at the far-end of the connection (i.e. your ISP) needs a MAC too. Others mentioned this as well. You still haven't considered the fact that all Ethernet devices need a MAC, including the device the ISP uses to connect you.

Connecting only the laptop to the modem would likely prove this. you should only see 2 MACs, the laptop and the ISP equipment. :wink:

As someone else already noted, you haven't shown anything that demonstrated someone accessed your network.

1 Like