What's new

YazFi mystery SSID keeps appearing and disappearing and changing

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

As one of your steps have you tried doing the reset from within the GUI and checking off "initialize variables".

The other option is to do an "NVRAM Erase" from the CLI, then load the latest Asus or Merlin firmware, using recovery method and the restore tool if needed.

It certainly looks like you may have had some malware on that router at some point and factory reset isn't clearing all the leftover stuff, probably because it isn't using standard NVRAM variables.

I would start with just a very basic config after all the resets and see if any of the VLAN or wifi variables get recreated.
my setup is very basic, it's just a home router with guest wifi enabled, no mesh, it's bridge mode to the DSL modem
I've only ever had Merlin scripts on it

my feeling is the it's restoring from a nvram backup, where are they kept and how can I delete those?
 
As one of your steps have you tried doing the reset from within the GUI and checking off "initialize variables".

The other option is to do an "NVRAM Erase" from the CLI, then load the latest Asus or Merlin firmware, using recovery method and the restore tool if needed.

It certainly looks like you may have had some malware on that router at some point and factory reset isn't clearing all the leftover stuff, probably because it isn't using standard NVRAM variables.

I would start with just a very basic config after all the resets and see if any of the VLAN or wifi variables get recreated.
hi

I've just done the nvram erase and rebooted

it's come up as new, however looking at the log it's after the NVRAM mirror scan where it says it found a backup that I've noticed it's already got the VLAN rules coming through

that's why I'm thinking it's done a restore from that mirror and maybe that is where all the settings are coming from actually before I even log in when I attach to the Wi-Fi as it's default name it's given me the same IP address I had before and I did a forget Wi-Fi and reset network settings on the client as well
 
it's come up as new, however looking at the log it's after the NVRAM mirror scan where it says it found a backup that I've noticed it's already got the VLAN rules coming through
Reboot and post the syslog. Almost feels like your firmware is compromised. Sounds creepy.
 
if it's in my router then it's probably in the DSL modem too, that's an ac68u, I'll have a look at the nvram in that

What firmware is running on that? If it is 384.x or earlier there are many known vulnerabilities there. Not sure if the DSL-xxx even got 386 code, in which case the only thing you can do is totally disable all WAN access and ensure you have a strong username and password. Of course do that after resetting and reloading a known good firmware image. But if your ISP controls that router/modem, you may have limited options.

It almost seems like something is corrupted on your router though, the resets are not formatting/resetting all options. I didn't spend a long time in the log but it seems there are some errors related to file system etc.

There was another post in here about someone who had to manually format and rebuild the UBIFS file system to get it out of read only mode, wonder if yours is experiencing something similar.
 
What firmware is running on that? If it is 384.x or earlier there are many known vulnerabilities there. Not sure if the DSL-xxx even got 386 code, in which case the only thing you can do is totally disable all WAN access and ensure you have a strong username and password. Of course do that after resetting and reloading a known good firmware image. But if your ISP controls that router/modem, you may have limited options.

It almost seems like something is corrupted on your router though, the resets are not formatting/resetting all options. I didn't spend a long time in the log but it seems there are some errors related to file system etc.

There was another post in here about someone who had to manually format and rebuild the UBIFS file system to get it out of read only mode, wonder if yours is experiencing something similar.
hi

it's got this one 3.0.0.4.386_50117 the dsl-ac68u

I'll search for the ubifs thread, thanks for the tip
 
What firmware is running on that? If it is 384.x or earlier there are many known vulnerabilities there. Not sure if the DSL-xxx even got 386 code, in which case the only thing you can do is totally disable all WAN access and ensure you have a strong username and password. Of course do that after resetting and reloading a known good firmware image. But if your ISP controls that router/modem, you may have limited options.

It almost seems like something is corrupted on your router though, the resets are not formatting/resetting all options. I didn't spend a long time in the log but it seems there are some errors related to file system etc.

There was another post in here about someone who had to manually format and rebuild the UBIFS file system to get it out of read only mode, wonder if yours is experiencing something similar.
I think I found the thread but it was about the jffs being read only

this is what mine looks like

cat /proc/mounts
/dev/root / squashfs ro,relatime 0 0
devtmpfs /dev devtmpfs rw,relatime,size=255988k,nr_inodes=63997,mode=755 0 0
proc /proc proc rw,relatime 0 0
tmpfs /var tmpfs rw,relatime 0 0
tmpfs /tmp/mnt tmpfs rw,relatime,size=16k,mode=755 0 0
sysfs /sys sysfs rw,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
devpts /dev/pts devpts rw,relatime,mode=600 0 0
ubi1:data /data ubifs rw,relatime 0 0
tmpfs /tmp/mnt tmpfs rw,relatime,size=16k,mode=755 0 0
tmpfs /tmp tmpfs rw,relatime 0 0
/dev/mtdblock9 /jffs jffs2 rw,noatime 0 0
 
@randomised The "NVRAM_MIRROR SCAN" messages appear to be normal for your model (and a few other's). I don't believe they're connected to the Wi-Fi issue.

Your jffs is fine so you're not experiencing the problem in the other thread.

There are a few posts around these forums that also coincidently included the wl0.4 interface, so it's not unique to you.
 
hi
@randomised The "NVRAM_MIRROR SCAN" messages appear to be normal for your model (and a few other's). I don't believe they're connected to the Wi-Fi issue.

Your jffs is fine so you're not experiencing the problem in the other thread.

There are a few posts around these forums that also coincidently included the wl0.4 interface, so it's not unique to you.
hi

I just had a look at the DSL modem and it's got some of the rules for vlans than the router gets that I don't know where it comes from,

this is directly after a factory reset

wgn_brif_rulelist=<br1>192.168.101.1/24><br2>192.168.102.1/24
subnet_rulelist=<192.168.101.1>255.255.255.0>1>192.168.101.2>192.168.101.254>86400>>>>>>1><192.168.102.1>255.255.255.0>1>192.168.102.2>192.168.102.254>86400>>>>>>1>
url_rulelist=
url_sched=000000
vlan_pvid_list=
vlan_rulelist=<1>501>0>0>FFFF>0002>0000>192.168.101.1/24>1>0>1><1>502>0>0>FFFF>0000>0002>192.168.102.1/24>1>0>1>
 
hi

hi

I just had a look at the DSL modem and it's got some of the rules for vlans than the router gets that I don't know where it comes from,

this is directly after a factory reset

wgn_brif_rulelist=<br1>192.168.101.1/24><br2>192.168.102.1/24
subnet_rulelist=<192.168.101.1>255.255.255.0>1>192.168.101.2>192.168.101.254>86400>>>>>>1><192.168.102.1>255.255.255.0>1>192.168.102.2>192.168.102.254>86400>>>>>>1>
url_rulelist=
url_sched=000000
vlan_pvid_list=
vlan_rulelist=<1>501>0>0>FFFF>0002>0000>192.168.101.1/24>1>0>1><1>502>0>0>FFFF>0000>0002>192.168.102.1/24>1>0>1>
Those are all normal default settings.
 
hi

hi

I just had a look at the DSL modem and it's got some of the rules for vlans than the router gets that I don't know where it comes from,

this is directly after a factory reset

wgn_brif_rulelist=<br1>192.168.101.1/24><br2>192.168.102.1/24
subnet_rulelist=<192.168.101.1>255.255.255.0>1>192.168.101.2>192.168.101.254>86400>>>>>>1><192.168.102.1>255.255.255.0>1>192.168.102.2>192.168.102.254>86400>>>>>>1>
url_rulelist=
url_sched=000000
vlan_pvid_list=
vlan_rulelist=<1>501>0>0>FFFF>0002>0000>192.168.101.1/24>1>0>1><1>502>0>0>FFFF>0000>0002>192.168.102.1/24>1>0>1>

Yeah those come from 386 and 388 code base, related to guest network 1, even if not enabled there will be some default NVRAM variables related to them. You should probably see those on your other router too.
 
@randomised The "NVRAM_MIRROR SCAN" messages appear to be normal for your model (and a few other's). I don't believe they're connected to the Wi-Fi issue.

Your jffs is fine so you're not experiencing the problem in the other thread.

There are a few posts around these forums that also coincidently included the wl0.4 interface, so it's not unique to you.
hi Colin,

I did a search and couldn't find anything related to my mystery ssid,

I'd like to find out where it's coming from if you can help that would be great
 
hi Colin,

I did a search and couldn't find anything related to my mystery ssid,

I'd like to find out where it's coming from if you can help that would be great

Do you have other Asus routers in the area? It has been found that when two asus routers see each other they often create a backhaul interface which you have no control over. I believe that is only when you run one in AP/Repeater mode and the other in router mode, and should theoretically only happen when you actually connect the AP/Repeater to the main router successfully, but not positive on that. Maybe someone knows your password and is using an Asus repeater? Or possibly the fact that it is appearing and disappearing means they see each other but aren't connected, but keep trying to connect.

It seems to be a part of Aimesh, so that when you go in and click to configure Aimesh, it has already discovered others and is ready to go.

May not be your issue, just a thought.
 
It seems to be a part of Aimesh, so that when you go in and click to configure Aimesh, it has already discovered others and is ready to go.

May not be your issue, just a thought.

Not a bad thought - but I would hope that AiMesh would be smarter than that - the security implications would be considerable, and I would think that Asus would be aware of those...
 
Not a bad thought - but I would hope that AiMesh would be smarter than that - the security implications would be considerable, and I would think that Asus would be aware of those...

I thought it was crazy too until I saw the outputs someone posted in another thread here, any Asus AP in repeater mode causes a new interface to get created on the main Asus router which bypasses all guest network restrictions even if just repeating a guest network. Another brand repeater does not cause it. So it is doing something on the assumption that you're going to be doing Aimesh. Thinking something similar could be happening here, seeing something in the area and starting the process or something.
 
So it is doing something on the assumption that you're going to be doing Aimesh. Thinking something similar could be happening here, seeing something in the area and starting the process or something.

yeah, there's odd behavior on some of the builds with regards to Guest Networks, and AIMesh adds another layer to that...

I'm almost at the point of unplug everything, reset to factory, and see what happens with a single Router/AP with no guest WIFi - that would get one back to a known/good baseline to start from...
 
yeah, there's odd behavior on some of the builds with regards to Guest Networks, and AIMesh adds another layer to that...

I'm almost at the point of unplug everything, reset to factory, and see what happens with a single Router/AP with no guest WIFi - that would get one back to a known/good baseline to start from...

OP tried that, it comes back almost instantly. So either there are some NVRAM variables not getting cleared (log seems to claim something is being restored but that may just be normal logs and not related), there is malware somehow still on there, or it is aimesh doing its weirdness with some nearby AP it is sensing.

Wondering if manually formatting and rebuilding the UBIFS like another person here did would get rid of any remnants that may be causing this. Risky proposition though.
 
Wondering if manually formatting and rebuilding the UBIFS like another person here did would get rid of any remnants that may be causing this. Risky proposition though.
This is not the same situation as that other thread. His router doesn't use UBIFS for the jffs partition, and there's nothing to suggest any of the partitions are corrupted. There are no obvious red flags in his log. My guess (and it's only a guess) is that this is intended behaviour, perhaps linked to AiMesh or Alexa/IFTTT.

We really need someone else with the same router to check whether they have the same thing. It's likely that most people wouldn't even be aware that this was happening unless they looked for it.
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top