I would have said "Buy new routers to put in front of these" - they're still perfectly good APs or AiMesh nodes for a while yet.Merlin no longer supports that model. You need to go back to ASUS official firmware which was updated for this issue.
It should be noted that not using the latest firmware will leave you vulnerable to any other exploits that are around. You need to change back to ASUS firmware or buy new routers.
Blocking is not the same as fixing. They simply made it harder for this particular malware to infect devices in the future (and the hardening method they used is something I don't plan on implementing on my end because I don't like it at a technical level). And these mitigations are in addition to the fact that the currently known strain of this malware does NOT run on firmware 386, only on older 382/384 firmware, which means none of the models that I currently support can be affected by this strain.Yes, Cyclops Blink is malware, but if Asus has released a firmware update specifically referencing it, wouldn't that also need to flow into AsusWRT-Merlin?
Fixes that aren't already rolled in will get rolled in eventually.April 1st updates seem to include fixes for:
It's currently unknown. It most likely relies on existing security exploits. Considering that this malware strain cannot run on 386_xxxx firmware (which has existed for quite some time now), it's quite possible that the targeted security holes have already been fixed as well. My personal guess would be an httpd security hole, which if not fixed yet, can be avoided by not opening WAN access to the webui anyway.Is there somewhere that explains what Cyclops Blink is deployed to Asus routers?
Isn't the wan exposed web management turned off by default, or at least when you check all up green across the board, in the security AI protection check?It's currently unknown. It most likely relies on existing security exploits. Considering that this malware strain cannot run on 386_xxxx firmware (which has existed for quite some time now), it's quite possible that the targeted security holes have already been fixed as well. My personal guess would be an httpd security hole, which if not fixed yet, can be avoided by not opening WAN access to the webui anyway.
That's why personally I'm not worried at all about Cyclops Blink. Reports also indicates that far fewer Asus routers have been compromised than Watchguard devices (and in their case, it was known to be targeted through WAN-exposed web management).
It is. But a lot of people still enabled it, sometimes unknowingly (in the past, using their mobile app would automatically enable WAN access without clearly notifying the user it was doing so).Isn't the wan exposed web management turned off by default, or at least when you check all up green across the board, in the security AI protection check?
Some users can be confused.. Let's make it clear. It's a malware which is using a vulnerability.Beside, there is nothing to fix. Cyclops Blink is a malware, not a vulnerability.
No, you just need any version of 386.x. See post #184.Addressed in 3.0.0.4.386.48260 (March 2022) but not in 3.0.0.4.386.46065 (January 2022) ?
So I'm gonna guess you need 386.48xxx or higher.
As usual, I could be wrong.
I wouldn`t trust a router with a 10 years old firmware when it comes to security.I have one of the affected, but still supported routers. Should I reinstall or switch to my old wired-only router?
How safe is an ASUS RX3041B, which had its one and only update in 2012? It's a wired-only router, so I'm thinking maybe it has fewer security holes because of it. I wish I could by a new wired-only router which is easy to set up. And when I say easy, I really mean it.
RX3041 B - Support
www.asus.com
You could go for a small fanless PC, and install something like this (which would be more user-friendly than pfsense):Which non-wireless router, with a fast dual cpu, has the easiest setup for somebody who knows very little about networking?
I don't know how he "disabled" his wifi, but I have a development Asus RT-AC66U_B1 here that runs 24/7 with the 2.4 GHz band disabled, and it has never re-enabled itself after running it like that for over a year.Yes, but then I read things like this:
I don't have the full context (because not gonna watch a 48 minutes video), but chances are, this setup could be for cases where you have a modem/router combo from your ISP, so you cannot replace the router.I watched this Youtube video and to my surprise, I understood more than nothing. But I don't understand why the router is on the WAN side. What can the router do that a physical Sophos box connected to a fiber outlet can't do?
I don't know, I don't use Sophos XG. I only briefly tested it a few years ago. You will have to check the documentation for VPN capabilities.I watched the video a second time. In this case it's probably because the Sophos XG is in a VM, so I guess there's no other way then.
Just one more question. If you want to have a VPN client/server in Sophos XG, does that mean you have to manually install OpenVPN and then manually update it, or is it part of Sophos XG and therefore updated by them?
Thread starter | Title | Forum | Replies | Date |
---|---|---|---|---|
Trend Micro exploring sale | General Network Security | 2 |
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!