So RT-N66 is or is not vulnerable on merlin 380.70 or newest john fork? I see asus released a 382 update mid may 2018.
VPNFilter is a malware campaign, not any specific bug, therefore there is no specific firmware versions that will ‘fix’ it.
The operating mechanisms of the malware are known: is it not possible to build new firmware and configure user & network settings that will defend against the attack? If not, why?
Unfortunately detailed "operating mechanisms" are not publically known for Asus routers AFAIK. The article you linked to and the others I have seen are all using examples from an x86 infection. Our routers don't run x86 code. The article then goes on to say that it changes /etc/config/crontab. This is the standard x86 QNAP crontab, but this file doesn't exist on our routers. Even if it did alter the cron file that the router does use it still wouldn't be persistent across reboots because it's only held in RAM.
You can put in measures that would decrease the chance of getting infected, add in measures to make sure you can detect fast once infected, and measures to prevent malware from reaching out to their known C&C server IPs. You can definitely ‘defend’, just that no one can guarantee 100% that you will be immune. There is no ‘vaccine’.
I think we are in agreement here. Vaccines \ antibiotics address a limited spectrum (scope) of pathogen-variants, which regularly mutate to seemingly counter vaccines in a 'cat and mouse' game (Influenza comes to mind). I think that VPNFilter is a specific pathogen strain (maybe this is not true?): it could 'mutate' and it certainly is not the only instance in its class (APT-botnet). The semantics around the discussion is critical and challenging because internet forums are not quite the same as a face to face conversation.
It is important that the term VPNFilter be confined to a specific 'strain' so as to be narrow enough to be useful from a CVE standpoint and communicated to achieve a common understanding.
The operating mechanisms of the malware are known: is it not possible to build new firmware and configure user & network settings that will defend against the attack? If not, why?
Comfortable reply from ASUS customer service for RT-AC56U so far:That's because this is a 382 firmware, which isn't updated as frequently. Many of these CVEs were fixed weeks ago in the 384 firmware releases.
"Dear customer, thank you for contacting Asus support. Regarding your request, the RT-AC56U router is not infected with the "VPN filter" malware. At the moment there is no tool available from Asus to test routers for "VPN filter" malware. If the answer provided was not clear and exhaustive, please, before expressing its evaluations on our service, in order to improve the same, to reply to this e-mail. We take the opportunity to give you cordial greetings."Comfortable reply from ASUS customer service for RT-AC56U so far:
Gentile cliente,
la ringraziamo per avere contattato il supporto Asus.
Circa la Sua richiesta, il router RT-AC56U non è infettato dal malware "VPN filter". Al momento non è disponibile un tool da Asus per testare i routers relativamente al malware "VPN filter".
Qualora la risposta fornita non fosse stata chiara ed esaustiva La preghiamo, prima di esprimere le sue valutazioni sul nostro servizio, al fine di migliorare lo stesso, a replicare a questa e-mail.
Cogliamo l'occasione per porgere cordiali Saluti.
Customer Service Asus
Giorgio P.
Web: https://www.asus.com/it/support
Contatti : https://www.asus.com/it/support/CallUs
"Dear customer, thank you for contacting Asus support. Regarding your request, the RT-AC56U router is not infected with the "VPN filter" malware. At the moment there is no tool available from Asus to test routers for "VPN filter" malware. If the answer provided was not clear and exhaustive, please, before expressing its evaluations on our service, in order to improve the same, to reply to this e-mail. We take the opportunity to give you cordial greetings."
What I wonder about is what will be done with the companies that have a bunch of routers that are widely used but is EOL and no longer receiving updates, all while the companies take steps to prevent users from running 3rd party firmware?
If you are a company and you are running a router that's already EOL, then you're doing it wrong from the get go IMHO.
Yes I think that was his point. There's a parallel with mobile phone software (or any software for that matter). There was a failed attempt recently to force Samsung to support its phones for at least four years after they go on sale.I think @Razor512 meant the manufacturers, not a company that uses Asus routers in a business setting
If you are a company and you are running a router that's already EOL, then you're doing it wrong from the get go IMHO.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!