ipTIME Router Integration

ipTIME is the most widely used router brand in Korea. KYRA MDR is the only MDR platform in Korea that natively supports ipTIME log collection.

Note

ipTIME routers do not support standard syslog. KYRA MDR uses a Web Polling method to collect logs from the router’s admin page.

Prerequisites

• ipTIME router (latest firmware recommended)
• KYRA MDR account (FREE tier or above)
• KYRA Collector installed on the same network as the router

Integration Steps

Step 1: Verify Collector Installation

The Collector must be on the same network as the ipTIME router.

# Check Collector status
kyra-collector status

# Expected output
# Status: RUNNING
# Gateway: connected (gRPC/mTLS)
# Uptime: 3d 14h 22m

Step 2: Add ipTIME in KYRA Console

1. Open KYRA Console and go to Settings > Integrations
2. Click Add Integration and select ipTIME Router
3. Enter the connection details:

Field	Value	Description
IP Address	192.168.0.1	ipTIME admin page address
Admin ID	admin	Router admin username
Admin Password	****	Router admin password (stored encrypted)
Polling Interval	5 min	Log collection frequency (1 min to 30 min)

4. Click Test Connection, then Save

Step 3: Verify the Integration

Go to Console > Dashboard and confirm that ipTIME logs appear. Logs typically show up after the first polling cycle (5 minutes by default).

Collected Log Types

Log Type	Contents	Security Use
System Log	Boot, config changes, firmware updates	Unauthorized config change detection
Security Log	Login attempts, blocked connections	Brute force detection
NAT Log	Internal to external connections	C2 beaconing, data exfiltration
DHCP Log	IP assignments	Rogue device detection
VPN Log	VPN connect/disconnect	Abnormal remote access

Threat Detection

KYRA MDR automatically detects:

• Admin brute force: Consecutive login failures trigger an alert
• Config tampering: Port forwarding added or DNS changed triggers an alert
• Suspicious outbound: Internal IP communicating with known-bad IPs
• New device: Unregistered MAC address connected triggers an alert
• Firmware change: Potential malicious firmware replacement

Security Hardening Checklist

Before connecting to KYRA MDR, secure your ipTIME router:

• Change the default admin password (admin/admin)
• Update firmware to the latest version
• Disable remote management (block external admin access)
• Use WPA3 or WPA2 (never WEP/WPA)
• Disable UPnP (block automatic port forwarding)
• Enable SSID hiding if possible
• Enable MAC address filtering

Troubleshooting

Logs not appearing

1. Verify the Collector is on the same network as the ipTIME router
2. Check that admin credentials are correct
3. Verify the ipTIME admin page is accessible from the Collector’s IP
4. Check the polling interval setting

# Test connectivity from the Collector host
curl -s http://192.168.0.1 | head -5

Authentication error

• ipTIME may lock admin access after repeated failures
• Wait 5 minutes and retry
• Reset the admin password via the ipTIME hardware reset button if needed

FAQ

Q: Does KYRA MDR change any ipTIME settings? A: No. KYRA MDR operates in read-only mode and only collects logs. It does not modify any router settings.

Q: Can I connect multiple ipTIME routers? A: Yes. Register each router’s IP address separately in the integrations settings.

Q: Does this affect network performance? A: No. Web polling uses lightweight HTTP requests that have no measurable impact on network performance.