Asus Auto Update Experiences

[ATLga]

I manually rolled back 40451 to 81992 on my AC86U and it auto-updated back to 40451. It's actually the first time I can remember my AC86U ever auto updating. Before installing 40451, I sat on 81992 and 82072 for quite a while without either updating. Something changed recently for me in terms of auto update.

81992 is when the current spate of auto updating started. I suspect if you had rolled back to the last firmware which was Aug 2020 you wouldn't have auto updated to 40451. I know I've rolled back to the Aug fw a couple of times the last week and have not seen it auto update at all; ac86u.

 

[ablatt]

Are you saying that 81992 (July 2020) had auto-update enabled but 82072 (August 2020) didn't? From what I remember when I had 81992 back in July it didn't auto update to 82072 and I had to update it manually.

 

[ATLga]

Are you saying that 81992 (July 2020) had auto-update enabled but 82072 (August 2020) didn't? From what I remember when I had 81992 back in July it didn't auto update to 82072 and I had to update it manually.

Start at page 1 of this thread and you’ll see what I’ve said

 

[semigator]

If you block the firmware check does it prevent the autoupdate? I successfully ran this at boot in the past on my RT-AC86U when I didn't want the router to check for new versions. It just adds a line to /etc/host s to have the router send the lookup to localhost instead of the Asus server:

(delete the space between /etc/host and s - the forum won't let me post without modfying)

echo "127.0.0.1 dlcdnets.asus.com nw-dlcdnet.asus.com" >> /etc/host s

 

[RMerlin]

If you block the firmware check does it prevent the autoupdate? I successfully ran this at boot in the past on my RT-AC86U when I didn't want the router to check for new versions. It just adds a line to /etc/host s to have the router send the lookup to localhost instead of the Asus server:

(delete the space between /etc/host and s - the forum won't let me post without modfying)

echo "127.0.0.1 dlcdnets.asus.com nw-dlcdnet.asus.com" >> /etc/host s

Doing that will interfere with a number of things, not just firmware updates.

 

[semigator]

Doing that will interfere with a number of things, not just firmware updates.

I successfully used this method for about a year to prevent the web interface and iOS app from nagging me to update the firmware on my RT-AC86U. The reason I didn't update past a certain level was process crashes on new versions past that point. ASUS finally updated the stock firmware in a way that no longer crashed the process. I did not experience other things breaking. I use most features, including AiProtection with Trend Micro.

 

[RMerlin]

I successfully used this method for about a year to prevent the web interface and iOS app from nagging me to update the firmware on my RT-AC86U. The reason I didn't update past a certain level was process crashes on new versions past that point. ASUS finally updated the stock firmware in a way that no longer crashed the process. I did not experience other things breaking. I use most features, including AiProtection with Trend Micro.

A number of recent features rely on downloading databases located on their servers to work properly. For instance, the OUI lookup (what allows the client list to associate a MAC address with a manufacturer) need to be able to download the data file from their server. They also recently started storing the DST database on their server so they could update it more easily. There are a few more of these.

 

[semigator]

A number of recent features rely on downloading databases located on their servers to work properly. For instance, the OUI lookup (what allows the client list to associate a MAC address with a manufacturer) need to be able to download the data file from their server. They also recently started storing the DST database on their server so they could update it more easily. There are a few more of these.

Good to know - I don't recall having an issue with OUI lookup, but maybe the device manufacturers were already cached with the MAC addresses on my network before I ran the line of code. I personally don't want to block the auto upgrade now since my device is working well and I often manually upgrade the day a new version is released. If I do have problems again, I would like the ability to prevent auto upgrades. Do you know if these two DNS names would interfere with the services you reference: dlcdnets.asus.com nw-dlcdnet.asus.com? Based on my research I thought they were just for downloading the firmware. I know dlcdnets.asus.com is where the web download link points.

 

[RMerlin]

Do you know if these two DNS names would interfere with the services you reference: dlcdnets.asus.com nw-dlcdnet.asus.com?

Just a partial list of impacted services, at the webui level:

merlin@ubuntu-dev:~/amng/release/src/router/www$ grep nw-dlcdnet.asus.com * -s
Advanced_System_Content.asp:$.getJSON("http://nw-dlcdnet.asus.com/plugin/js/tz_db.json", function(data){tz_table = data;})
Advanced_WAN_Content.asp:    $.getJSON("http://nw-dlcdnet.asus.com/plugin/js/dns_db.json",
AiProtection_IntrusionPreventionSystem.asp:    var url = 'http://nw-dlcdnet.asus.com/trend/' + id + "?q=" + keyword/*8keywordMappingTable[catId]*/;
AiProtection_IntrusionPreventionSystem_m.asp:    var url = 'http://nw-dlcdnet.asus.com/trend/' + id + "?q=" + keyword/*8keywordMappingTable[catId]*/;
client_function.js:        $.getJSON("http://nw-dlcdnet.asus.com/plugin/js/ouiDB.json", function(data){
client_function.js:            $.getJSON("http://nw-dlcdnet.asus.com/plugin/js/ouiDB.json", function(data){
GameProfile.asp:        url: 'http://nw-dlcdnet.asus.com/plugin/js/gameProfile.json',
index.asp:    $.getJSON("http://nw-dlcdnet.asus.com/plugin/js/ouiDB.json", function(data){
Main_GameServer_Content.asp:    $.getJSON("https://nw-dlcdnet.asus.com/plugin/js/gameList.json", function(data){
tm_eula.htm:        $("#tm_eula_url").attr("href", "http://nw-dlcdnet.asus.com/trend/tm_privacy");
tm_eula.htm:        $("#tm_disclosure_url").attr("href", "http://nw-dlcdnet.asus.com/trend/tm_pdcd");

There are a couple others within the firmware code itself.

 

[Yota]

If you block the firmware check does it prevent the autoupdate? I successfully ran this at boot in the past on my RT-AC86U when I didn't want the router to check for new versions. It just adds a line to /etc/host s to have the router send the lookup to localhost instead of the Asus server:

(delete the space between /etc/host and s - the forum won't let me post without modfying)

echo "127.0.0.1 dlcdnets.asus.com nw-dlcdnet.asus.com" >> /etc/host s

Send them an email telling them that you want a control switch maybe a better solution.

 

[KMBak]

Hi. I found this thread. I have RT-AC88U router. One of the recent update make stupid log texting every few seconds - non stop!

Nov 17 13:12:48 kernel: portsLinkStaus=0
Nov 17 13:12:52 kernel: portsLinkStaus=0
Nov 17 13:12:56 kernel: portsLinkStaus=0
Nov 17 13:13:00 kernel: portsLinkStaus=0
Nov 17 13:13:04 kernel: portsLinkStaus=0
Nov 17 13:13:08 kernel: portsLinkStaus=0
Nov 17 13:13:12 kernel: portsLinkStaus=0
Nov 17 13:13:16 kernel: portsLinkStaus=0
Nov 17 13:13:20 kernel: portsLinkStaus=0
Nov 17 13:13:24 kernel: portsLinkStaus=0
Nov 17 13:13:28 kernel: portsLinkStaus=0
Nov 17 13:13:32 kernel: portsLinkStaus=0
Nov 17 13:13:36 kernel: portsLinkStaus=0
Nov 17 13:13:40 kernel: portsLinkStaus=0
Nov 17 13:13:44 kernel: portsLinkStaus=0
Nov 17 13:13:48 kernel: portsLinkStaus=0
Nov 17 13:13:52 kernel: portsLinkStaus=0
Nov 17 13:13:56 kernel: portsLinkStaus=0
Nov 17 13:14:00 kernel: portsLinkStaus=0
Nov 17 13:14:04 kernel: portsLinkStaus=0
Nov 17 13:14:08 kernel: portsLinkStaus=0
Nov 17 13:14:12 kernel: portsLinkStaus=0
Nov 17 13:14:16 kernel: portsLinkStaus=0
Nov 17 13:14:20 kernel: portsLinkStaus=0
Nov 17 13:14:24 kernel: portsLinkStaus=0
Nov 17 13:14:28 kernel: portsLinkStaus=0
Nov 17 13:14:32 kernel: portsLinkStaus=0
Nov 17 13:14:36 kernel: portsLinkStaus=0
Nov 17 13:14:40 kernel: portsLinkStaus=0
Nov 17 13:14:44 kernel: portsLinkStaus=0
Nov 17 13:14:48 kernel: portsLinkStaus=0
Nov 17 13:14:52 kernel: portsLinkStaus=0
Nov 17 13:14:56 kernel: portsLinkStaus=0
Nov 17 13:15:00 kernel: portsLinkStaus=0
Nov 17 13:15:04 kernel: portsLinkStaus=0
Nov 17 13:15:08 kernel: portsLinkStaus=0
Nov 17 13:15:12 kernel: portsLinkStaus=0
Nov 17 13:15:16 kernel: portsLinkStaus=0
Nov 17 13:15:20 kernel: portsLinkStaus=0
Nov 17 13:15:24 kernel: portsLinkStaus=0
Nov 17 13:15:28 kernel: portsLinkStaus=0
Nov 17 13:15:32 kernel: portsLinkStaus=0
Nov 17 13:15:36 kernel: portsLinkStaus=0
Nov 17 13:15:40 kernel: portsLinkStaus=0

I found its common issue so I roll back to firmware thats is free of this bug (RT-AC88U_3.0.0.4_385_20490 form april 2020).
And the fun part. Guess what - this sucker auto updated to latested firmware with bug at night. I can find how to disable that stupid option. Also on latest firware pages loads slower (I think its becasue that log textin bug - CPU need some power for this logging).

I don't want my router AUTO UPDATE. I also use HTTPS login - so after update certificate have to be updated too, The funny thing is that the auto update wansn't work in april, so it lools that it wansn't a part of firmware. In spite of roll back it auto updated! :-( So the option is not in firmware?!?!?!

 

[wouterv]

With RT-AC68U firmware 3.0.0.4.386.43129 the Auto Firmware Upgrade option got introduced:

If set to ON you get this:

Basically I think Auto upgrade is the only right way for consumer products, but only if the Auto upgrade always works very reliable.

 

[bbunge]

With RT-AC68U firmware 3.0.0.4.386.43129 the Auto Firmware Upgrade option got introduced:

If set to ON you get this:

Basically I think Auto upgrade is the only right way for consumer products, but only if the Auto upgrade always works very reliable.

Thought I read somewhere the FCC mandated that routers auto upgrade automatically. This Asus choice of auto upgrade would not be in line with the ruling if it is so.

 

[Hazel]

Thought I read somewhere the FCC mandated that routers auto upgrade automatically. This Asus choice of auto upgrade would not be in line with the ruling if it is so.

Source?

 

[dosborne]

Having autoupdate on by default is a great way to handle the people who otherwise would never apply security updates. But, for those who DO know what they are doing, IMO, the MUSt be an override. I know I said this before, but worth repeating, there are many sites (gov, secure, etc) where it can take months to approve a change such as a FW update and autoupdate is strictly prohibited.

 

[Objects in Space]

Having autoupdate on by default is a great way to handle the people who otherwise would never apply security updates. But, for those who DO know what they are doing, IMO, the MUSt be an override. I know I said this before, but worth repeating, there are many sites (gov, secure, etc) where it can take months to approve a change such as a FW update and autoupdate is strictly prohibited.

On my ASUS AC68U, the Auto Firmware Upgrade is default to off. Even if the default was set to on, the power users and administrators will know where and how to turn the Auto Firmware Upgrade setting to off in order to meet any change process restrictions imposed by their company.

EDIT: It would be better if ASUS prompted the initial Auto Firmware Upgrade enable/disable setting during the router setup process.

 

[wouterv]

It is at least a feature that is worth to mention in the firmware release notes.

 

[Davemul]

Hi, does the xt8 have an option to disable auto updates? I have all my units on an older stable firmware and is like them to stay that way
Cheers

 

[shama_001]

Hi, does the xt8 have an option to disable auto updates? I have all my units on an older stable firmware and is like them to stay that way
Cheers

Yes. Administration>Firmware upgrade>Auto Firmware Upgrade
OFF by default on my system

 

[ForkWNY]

Seems that most (if not all) ASUS routers have an option to disable auto-update, and I haven't noticed ASUS enabling auto-update by default in any of their firmware updates, that's after factory resetting post-update. I do think it's a useful feature for a majority of the user base who are not savvy and rarely if ever login to their routers' admin UI's. It seems like whenever I'm visiting family or friends I'm updating their router firmwares for them...it's not uncommon to find users running the firmware that came preinstalled on their devices 2-5 years ago when they purchased them. Considering how many random botnet attacks (brute force login attempts, etc.) I see on a daily basis (it's the case for nearly anyone using port forwarding/DMZ's for web servers or those running any sort of server application), I'm never amazed to read reports of end user services going down or PII being exfiltrated from home networks due to compromise.