Asus Router hack that survives flashing

[masterman]

long story short i have a lot of symptoms that my dsl router is hacked and mitm attack is in progress
how to check for firmware modification ?
tried every resetting procedure and clean install of windows multiple times

the hack seem to be in router and surviving the update / flash

dsl -n10 c1

 

[NoLight]

That router hasn't been supported since 2015.... running that old of gear is like driving around town with a megaphone telling everyone your address, that you have no doors or other security, and a list of all the things they might want to steal. If you have DSL I would suggest getting a used ISP supported modem, and a separate router.

 

[Crimliar]

It might be worthwhile explaining what it is you are seeing that makes you think the router is hacked (just using Quad 9 makes some think they are seeing an MITM attack). In addition to it being a device that won't have seen a security patch for nearly a decade, it could be a different device on your network or even a component failure in the router.
*xDSL devices don't last forever, their very nature tends to see them failing earlier than many similar devices.

 

[masterman]

That router hasn't been supported since 2015.... running that old of gear is like driving around town with a megaphone telling everyone your address, that you have no doors or other security, and a list of all the things they might want to steal. If you have DSL I would suggest getting a used ISP supported modem, and a separate router.

i had this problem on 2 diffrent routers a long while ago
Dlink routers that had malware that didn't get wiped with update or flash

symtoms of those dlink routers are inbound network attack detected by security software
and also a lot of network redirect

It might be worthwhile explaining what it is you are seeing that makes you think the router is hacked (just using Quad 9 makes some think they are seeing an MITM attack). In addition to it being a device that won't have seen a security patch for nearly a decade, it could be a different device on your network or even a component failure in the router.
*xDSL devices don't last forever, their very nature tends to see them failing earlier than many similar devices.

even if the router hasn't been patched the malware or hack should be erradicated when the firmware get flashed
but since the firmware image get handeld by software on the same router malware could add it self to the new image before it get flashed



anyway is there a way to do some forensic analysis on that router
such as getting the current running firmware image or something

another question
because most of the router models here in the market is outdated
is there a way to use another firmware image such as tomato or openwrt on that router

 

[Crimliar]

If problems are detected after the router has been flashed and shortly after your WAN IP has been changed, then it's usual that the attack vector is not the router (though old firmware may be allowing an attack to pass through), but more likely a compromised device on your network. Be aware that one of the most common means to compromise a network is social engineering. So it's not uncommon that dodgily sourced software downloaded to protect a network is actually an attack vector. Running legit anti-virus (MS Defender will do) on attached devices will usually do.
*As someone who used to have to regularly reset and restore someone's PC because they were downloading trojan-infected software.