Menu
What's new
By:
Filters Better Search

New Threats to Asus Routers, few details.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

L&LD

L&LD

Part of the Furniture
Always interesting to hear about these events. There didn't seem to be any explicit mention of the means of gaining access to SOHO routers, but they did imply http and ssh via the internet. The recent issue with asd may suggest that ASUS has been aware of the issue and was attempting to harden their routers. I suspect that Merlin knows a bit, but perhaps can't say anything.
 
So is there anything we can do at a local level?
 
keefrto said:
So is there anything we can do at a local level?
Click to expand...

Set a strong username and password, and disable all web access (SSH and HTTP/HTTPS). Make sure you have the latest firmware. If you suspect there is any chance you may have been infected (i.e. you had web access enabled), hard factory reset the router (hold WPS button while booting on most models, but you can look up the process for your model) and configure by hand, not from a backup. This is about all you can do, it may not be 100% guarantee but is good practice regardless.

In fact it would be best to factory reset, configure just enough to get in, upgrade firmware, factory reset again, and then configure everything by hand.

The hard factory reset formats the jffs partition. where holding the reset button does not, so you want to do the hard version as JFFS is where malware gets stored. If you are running merlin, you can be extra sure by doing all of the above but be fore reconfiguring after the second reset, check off "format jffs at next boot" and reboot. Then reconfigure. So you're formatting JFFS twice just to be extra sure.

If you don't have reason to believe you've been exposed to anything you can just make sure all WAN access is disabled and you have a strong password.
 
drinkingbird said:
Set a strong username and password, and disable all web access (SSH and HTTP/HTTPS). Make sure you have the latest firmware. If you suspect there is any chance you may have been infected (i.e. you had web access enabled), hard factory reset the router (hold WPS button while booting on most models, but you can look up the process for your model) and configure by hand, not from a backup. This is about all you can do, it may not be 100% guarantee but is good practice regardless.

In fact it would be best to factory reset, configure just enough to get in, upgrade firmware, factory reset again, and then configure everything by hand.

The hard factory reset formats the jffs partition. where holding the reset button does not, so you want to do the hard version as JFFS is where malware gets stored. If you are running merlin, you can be extra sure by doing all of the above but be fore reconfiguring after the second reset, check off "format jffs at next boot" and reboot. Then reconfigure. So you're formatting JFFS twice just to be extra sure.

If you don't have reason to believe you've been exposed to anything you can just make sure all WAN access is disabled and you have a strong password.
Click to expand...
Hi and thank you. When you say disable wan access?
 
keefrto said:
Hi and thank you. When you say disable wan access?
Click to expand...

He means don't open SSH or HTTP/HTTPS to the internet. There is an option to allow this in the "System" tab of the Administration section of the firmware. ASUS uses the term "WAN" (wide area network) for internet.
 
keefrto said:
Hi and thank you. When you say disable wan access?
Click to expand...
1685207037602.png

I believe it should be disabled [No] by default.
 
Last edited:
Yup that's what i have already. #phew
 
maxbraketorque said:
He means don't open SSH or HTTP/HTTPS to the internet. There is an option to allow this in the "System" tab of the Administration section of the firmware. ASUS uses the term "WAN" (wide area network) for internet.
Click to expand...

Wasn't there a thing where if folks use the mobile App it would enable HTTP/HTTPS on the WAN interface?
 
sfx2000 said:
Wasn't there a thing where if folks use the mobile App it would enable HTTP/HTTPS on the WAN interface?
Click to expand...

Yes. It asks if you want remote access. Asus is pretty confident opening access to WAN is okay. Millions of users have it enabled, I guess.
 
So my local configuration shows both, then the https Lan port with a number then below that enable wan acess yes, are we good or no? I do have the mobile app. Under enable ssh I have Lan only
 
What am I missing then?
 
I ditched the wan access which the app needed to work as the protection scanner said it was a risk. Happier
 
keefrto said:
I ditched the wan access which the app needed to work as the protection scanner said it was a risk. Happier
Click to expand...
I recommend everyone to the settings on their routers (there is also information about WAN access and app).

Router Security

Router Security Home Page
routersecurity.org routersecurity.org
 
keefrto said:
So my local configuration shows both, then the https Lan port with a number then below that enable wan acess yes, are we good or no? I do have the mobile app. Under enable ssh I have Lan only
Click to expand...

In a post right above you said it was set to "no"?
 
You must log in or register to reply here.

Similar threads

L&LD
Now, it's Cisco's turn (at least for its older hardware).
Replies
7
Views
1K
coxhaus
C
D
[Ars] Kremlin-backed hackers are infecting Ubiquity EdgeRouters
Replies
8
Views
1K
RMerlin
RMerlin
P
News Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack
Replies
15
Views
2K
sfx2000
sfx2000
TeaDragon
Flax Typhoon malware affecting ASUS RT-*/GT-*/ZenWifi ???
Replies
8
Views
867
jerry6
jerry6
F
Release ASUS ZenWiFi XD4 Firmware version 3.0.0.4.388_25041 (2024/09/05)
Replies
4
Views
1K
aardbeix15
A
Similar threads
Thread starter Title Forum Replies Date
C ASUS Security Issues General Network Security 4
T 6000 Asus routers in 72 hours!!! General Network Security 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 611 (members: 23, guests: 588)
Top