Lack of basic hardening features in routers, Merlin affected?

[merlin_user123]

A lot of home routers fail to meet modern(and old) safety safeguards, including Asus. Does this also affect Merlin firmware? And, if so, can it be fixed?
https://cyber-itl.org/2018/12/07/a-look-at-home-routers-and-linux-mips.html

 

[skeal]

A lot of home routers fail to meet modern(and old) safety safeguards, including Asus. Does this also affect Merlin firmware? And, if so, can it be fixed?
https://cyber-itl.org/2018/12/07/a-look-at-home-routers-and-linux-mips.html

When they refer to Asus they usually refer to the mipsel versions, in these circumstances. Asus dropped support for them this year.

 

[skeal]

They are however supported by @john9527 Fork a merlin derivative. It's amazing and far better than what would otherwise be offered for these out of date models.

 

[ColinTaylor]

A lot of home routers fail to meet modern(and old) safety safeguards, including Asus. Does this also affect Merlin firmware? And, if so, can it be fixed?
https://cyber-itl.org/2018/12/07/a-look-at-home-routers-and-linux-mips.html

There's an existing post about this here.

 

[slobodan]

You could go with DD-WRT, they use pretty modern kernels, so they will surely fix it (if not already fixed).

 

[merlin_user123]

When they refer to Asus they usually refer to the mipsel versions, in these circumstances. Asus dropped support for them this year.

4 ARM models(AC3200, AC68, AC86, AC88) are analyzed in this paper.

There's an existing post about this here.

Thanks, I missed it because it's not in this subforum. I still would like a more specific reply though from @RMerlin if he can do anything about it on the routers supported by Asuswrt-Merlin.

 

[jerry6]

I noticed it now uses 138 mb of Ram where it used to use 64 mb of ram , never saw it above that in the past with 384.6 , now it is always at 138 mb , is there a reason for this , i hve not dded anything to thr router,plus the temps went up a bit , CPU used to be at 52C now at 63C , same room temp as before room temp 66 F
Wondering why the indreased ram and rise in temp , no other fw upgrades caused this in the past , w
One more thing on admin page system cannot make any changes as apply button does not workwanted to change port and to https , connot get it to work , oh well no big deal .
Thanks again for the great FW

 

[jerry6]

WRONG THREAD , SORRY OCIFFER

 

[cmkelley]

4 ARM models(AC3200, AC68, AC86, AC88) are analyzed in this paper.


Thanks, I missed it because it's not in this subforum. I still would like a more specific reply though from @RMerlin if he can do anything about it on the routers supported by Asuswrt-Merlin.

And he addressed it here. It's largely a limitation of the hardware, the authors of the papers admit as much in the second paper. They appear to be largely ignorant of the fact that one can't simply upgrade to a newer kernel, and that backporting security fixes may not be possible due to other missing structures in the older kernels. Merlin updates the components that he can, but more and more of the firmware is closed source binary blobs that he can do nothing about.

If you want a reasonably secure system, don't expose any open ports to the WLAN. I only have an OpenVPN port open and so far that's been secure. If you want enterprise-quality security where threats may be inside or outside your network, then you need to pay for enterprise-quality hardware and the software support that goes with it. There is no way a consumer-grade router is going to be able to protect against internal threats, the margins are too thin to support the kind of development staff that would require.

Don't forget, @RMerlin is one guy doing this as a hobby in his spare time, for the enjoyment and whatever few dollars people throw at him through his donations link. I'm continually amazed at the quality and quantity of his firmware releases.

 

[AndreiV]

Don't forget, @RMerlin is one guy doing this as a hobby in his spare time, for the enjoyment and whatever few dollars people throw at him through his donations link. I'm continually amazed at the quality and quantity of his firmware releases.

The guy must be a saint , or has something amazing growing in the garden.

How he runs a business, produces this firmware , gives endless support and yet still gets rudeness and grief thrown at him without going crazy is beyond me.

 

[st3v3n]

AndreiV, To topping off a good year; if you're making a motion to elevate @Merlin to sainthood, here's a second from me; now we have to vote

I'm fairly the pay doesn't get any better unless you're still alive and work in Rome If not for his and John's efforts, Asus would have been in the tank by now. Happy New Year.

 

[merlin_user123]

And he addressed it here.
It's largely a limitation of the hardware, the authors of the papers admit as much in the second paper.

He said that the majority of the problems are bugs and limitations of the platform, that was not specific to Asus routers and whether Asuswrt-Merlin is also affected.
Regarding the second paper, its about the specific bug with MIPS hardware, they don't mention ARM hardware in the second paper

They appear to be largely ignorant of the fact that one can't simply upgrade to a newer kernel, and that backporting security fixes may not be possible due to other missing structures in the older kernels. Merlin updates the components that he can, but more and more of the firmware is closed source binary blobs that he can do nothing about.

Thanks, that is more specific information. Afaik, though apart from the MIPS bug, a newer kernel is not necessary, it has more to do with options chosen during compilation.

Don't forget, @RMerlin is one guy doing this as a hobby in his spare time, for the enjoyment and whatever few dollars people throw at him through his donations link. I'm continually amazed at the quality and quantity of his firmware releases.

And I'm really grateful to him for all the hours he put into this project. I'm not complaining, just asking a question.