[Release] Asuswrt-Merlin 380.66 is now available

[RMerlin]

Fixing bugs won't make a fortune for them, but maybe it can prevent them from losing money, so that's an option not an obligation.

It's actually an obligation. Security got them into legal troubles last year, and they have mandatory security audits to perform on their code, in addition to the need for an established vulnerability management plan.

This is still irrelevant, since as I said, the Samba version they use is NOT vulnerable.

 

[Sebastien Bougie]

Hello Merlin,

Since the update and a full reset i'm getting error in the log that I never received before, maybe you can help me

May 22 03:56:53 dropbear[16649]: Login attempt for nonexistent user from 37.200.66.166:41789
May 22 04:03:00 dropbear[17676]: Login attempt for nonexistent user from 37.200.66.166:60245
May 22 04:09:04 dropbear[18695]: Login attempt for nonexistent user from 37.200.66.166:51041
May 22 04:15:11 dropbear[19712]: Login attempt for nonexistent user from 37.200.66.166:51409
May 22 04:17:16 dropbear[20132]: Login attempt for nonexistent user from 111.198.66.132:43662
May 22 04:17:16 dropbear[20132]: Login attempt for nonexistent user from 111.198.66.132:43662
May 22 04:17:17 dropbear[20132]: Login attempt for nonexistent user from 111.198.66.132:43662
May 22 04:17:18 dropbear[20132]: Login attempt for nonexistent user from 111.198.66.132:43662
May 22 04:17:18 dropbear[20132]: Login attempt for nonexistent user from 111.198.66.132:43662
May 22 04:17:19 dropbear[20132]: Login attempt for nonexistent user from 111.198.66.132:43662
May 22 04:17:19 dropbear[20132]: Login attempt for nonexistent user from 111.198.66.132:43662
May 22 04:17:20 dropbear[20132]: Login attempt for nonexistent user from 111.198.66.132:43662
May 22 04:17:20 dropbear[20132]: Login attempt for nonexistent user from 111.198.66.132:43662
May 22 04:17:21 dropbear[20132]: Login attempt for nonexistent user from 111.198.66.132:43662
May 22 04:18:04 dropbear[20225]: Login attempt for nonexistent user from 180.128.21.46:50540
May 22 04:18:04 dropbear[20225]: Login attempt for nonexistent user from 180.128.21.46:50540
May 22 04:18:05 dropbear[20225]: Login attempt for nonexistent user from 180.128.21.46:50540
May 22 04:18:05 dropbear[20225]: Login attempt for nonexistent user from 180.128.21.46:50540
May 22 04:18:06 dropbear[20225]: Login attempt for nonexistent user from 180.128.21.46:50540
May 22 04:18:07 dropbear[20225]: Login attempt for nonexistent user from 180.128.21.46:50540
May 22 04:18:07 dropbear[20225]: Login attempt for nonexistent user from 180.128.21.46:50540
May 22 04:18:08 dropbear[20225]: Login attempt for nonexistent user from 180.128.21.46:50540
May 22 04:18:09 dropbear[20225]: Login attempt for nonexistent user from 180.128.21.46:50540
May 22 04:18:09 dropbear[20225]: Login attempt for nonexistent user from 180.128.21.46:50540
May 22 04:21:15 dropbear[20819]: Login attempt for nonexistent user from 37.200.66.166:54690
May 22 04:27:21 dropbear[21915]: Login attempt for nonexistent user from 37.200.66.166:35219
May 22 04:32:29 dropbear[22766]: Login attempt for nonexistent user from 103.244.254.131:57785
May 22 04:32:31 dropbear[22768]: Login attempt for nonexistent user from 103.244.254.131:59920
May 22 04:32:33 dropbear[22769]: Login attempt for nonexistent user from 103.244.254.131:60774
May 22 04:33:52 dropbear[23020]: Login attempt for nonexistent user from 37.200.66.166:44593
May 22 04:33:53 dropbear[23020]: Login attempt for nonexistent user from 37.200.66.166:44593
May 22 04:40:31 dropbear[24127]: Login attempt for nonexistent user from 37.200.66.166:47406
May 22 04:41:59 dropbear[24382]: Login attempt for nonexistent user from 128.204.32.15:33988
May 22 04:41:59 dropbear[24382]: Login attempt for nonexistent user from 128.204.32.15:33988
May 22 04:42:00 dropbear[24382]: Login attempt for nonexistent user from 128.204.32.15:33988
May 22 04:42:00 dropbear[24382]: Login attempt for nonexistent user from 128.204.32.15:33988
May 22 04:42:01 dropbear[24382]: Login attempt for nonexistent user from 128.204.32.15:33988
May 22 04:42:01 dropbear[24382]: Login attempt for nonexistent user from 128.204.32.15:33988
May 22 04:42:02 dropbear[24382]: Login attempt for nonexistent user from 128.204.32.15:33988
May 22 04:42:02 dropbear[24382]: Login attempt for nonexistent user from 128.204.32.15:33988
May 22 04:42:02 dropbear[24382]: Login attempt for nonexistent user from 128.204.32.15:33988
May 22 04:42:03 dropbear[24382]: Login attempt for nonexistent user from 128.204.32.15:33988
May 22 04:46:37 dropbear[25154]: Login attempt for nonexistent user from 37.200.66.166:34091

Thanks alot for your help

 

[TheUntouchable]

https://otx.alienvault.com/indicator/ip/37.200.66.166/
https://otx.alienvault.com/indicator/ip/103.244.254.131/
https://otx.alienvault.com/indicator/ip/128.204.32.15/
https://otx.alienvault.com/indicator/ip/180.128.21.46/
https://otx.alienvault.com/indicator/ip/111.198.66.132/

 

[Sebastien Bougie]

https://otx.alienvault.com/indicator/ip/37.200.66.166/
https://otx.alienvault.com/indicator/ip/103.244.254.131/
https://otx.alienvault.com/indicator/ip/128.204.32.15/
https://otx.alienvault.com/indicator/ip/180.128.21.46/
https://otx.alienvault.com/indicator/ip/111.198.66.132/

how to I "stop" this

 

[TheUntouchable]

You should enable the auto banning for SSH, sadly I am not at home, so I can't search where that feature is hidden in the gui! Perhaps someone can answer you that question faster, otherwise I will do that later

 

[RMerlin]

Since the update and a full reset i'm getting error in the log that I never received before, maybe you can help me

Do you absolutely need SSH access over the Internet? If not, disable it, and limit it to your LAN.

 

[Sebastien Bougie]

Do you absolutely need SSH access over the Internet? If not, disable it, and limit it to your LAN.

When I get those error its disable....

 

[Sebastien Bougie]

You should enable the auto banning for SSH, sadly I am not at home, so I can't search where that feature is hidden in the gui! Perhaps someone can answer you that question faster, otherwise I will do that later

I didnt see this option, can you tell me where i should look for it

thanks

 

[rktechnical]

I'm upgrading through the router's setup page. No error message. The upload completes, but once the page refreshes, it still shows that I'm using the older 376.47 firmware (merlin build). I even tried resetting to factory defaults.

I found this on the wiki:
"The RT-AC68U and RT-AC56U need to be at least on firmware 378.55 (or the last 378.xxx version from Asus) before you can flash 380.xx, due to the partition size change."

So I tried installing various 378.xxx files from Asus.com -- but no matter which one I select, I'm still stuck on 376.47.

 

[TheUntouchable]

I didnt see this option, can you tell me where i should look for it

thanks

Administration-->System-->SSH Daemon-->Enable SSH Brute Force Protection

 

[fr33z0n3r]

Here:

 

[Sebastien Bougie]

Administration-->System-->SSH Daemon-->Enable SSH Brute Force Protection

Its already ON on my router

 

[TheUntouchable]

Perhaps you should install Adamm00's addon for your firewall. It will ban that ip adresses
https://github.com/Adamm00/IPSet_ASUS

 

[Blinkyz]

So I tried installing various 378.xxx files from Asus.com -- but no matter which one I select, I'm still stuck on 376.47

Try with these steps:
Remove usb devices hooked,reboot, flash with 378.55 ....reconfig minimal and flash with the latest, factory default and reconfig from scratch.
Still not working?, use this tool and method to flash with 378.55 and latest after
https://www.asus.com/support/FAQ/1030652/

 

[muzykcb]

No idea, I don't use AiCloud, and never used SmartSync either. It's all closed source.

Hello. Has anyone solved the problem sync with dropbox or webStorage. If so, please information
RT-AC68U, merlin 380.66_4

 

[rktechnical]

Try with these steps:
Remove usb devices hooked,reboot, flash with 378.55 ....reconfig minimal and flash with the latest, factory default and reconfig from scratch.
Still not working?, use this tool and method to flash with 378.55 and latest after
https://www.asus.com/support/FAQ/1030652/

Problem solved. I had to install 378.55 merlin build instead of something from Asus.com. That worked, then I was able to install latest merlin.

 

[WalkedDave]

Simply diable AiProtection and the messages will go away - nothing to do with AC87U specific issue - was discussed a lot in the forum and a small search would show you what's going on...

I have AiProtection OFF

 

[PolarBear]

This post is FYI evidence only - not sure if there is problem with my PC or RT-AC68U

There seems to be time gaps in the log ...

Installed 380.66 about 10-12 days ago, and it has been running just fine from user's point of view.
However, there are gaps in the log history

I have also seen gaps in the log file, after power cycling the router.

I always assumed that the last few log file entries are in RAM, and so are lost when the router loses power, but I don't know if this assumption is correct.

In my case, this affects an RT-AC66U with the very old 378.56_2, so the 'gaps issue' might not be anything new.

 

[AlexHK]

I just updated a remote RT-N66U to the latest 380.66_4 but after the process I was asked for a manual reboot. I guess I am out of luck now, since I can only physically access that location in about 8 weeks of time. Or is there any hope left?

(I have done this kind of remote upgrade a few times in the past - SSH to the router, access web interface via port forwarding - never was I asked for a manual reboot)

 

[Zirescu]

I just updated a remote RT-N66U to the latest 380.66_4 but after the process I was asked for a manual reboot. I guess I am out of luck now, since I can only physically access that location in about 8 weeks of time. Or is there any hope left?

(I have done this kind of remote upgrade a few times in the past - SSH to the router, access web interface via port forwarding - never was I asked for a manual reboot)

Often you'll be asked to reboot. Should be able to just access the web interface again and click the reboot button or just issue reboot from the command line.