ASUS RT-AC68U Firmware version 3.0.0.4.378.4376

ncnetbuilder said:

Merlin, the steps I typically follow when applying a new firmware to ac68u are as follow:

1. Power off
2. Power on holding the WDS button until the power led begins flashing
3. Release the WDS button and let the router boot up
4. Apply the new firmware and do the minimum in the wizard once it boots up
5. Repeat steps 2 and 3
6. Manually reapply my settings in the gui (lan subnet, vpn, dns servers, etc)
7. Reboot one final time after new settings in place (prob optional)

Is this correct?

Click to expand...

You mean the WPS (wi-fi protected setup) button on the side of the router or the reset button on the back on the router? The WPS button doesn't set the router back to factory defaults.

If you mean the reset button, there is no reason to flash the router twice.

Does the NVRAM get cleared when performing a "Factory Reset/Restore" from the router log-in gui page???

Yeah, my bad meant the WPS button. Powering off, holding that button down while powering on, and continue holding the button for 15-30 secs (i wait until the power led begins to alternate on/off) seems to be a common way to factory reset these routers based on a few posts. I didn't do an exhaustive search, but here's an example:

http://forums.smallnetbuilder.com/showpost.php?p=163749
http://forums.smallnetbuilder.com/showthread.php?t=14310
etc

Call me crazy, but after doing this i always get ip reset to 192.168.1.1, uid/pwd reset to admin, get prompted with the initial setup screen, etc so it *seems* to do a full reset.

Hi,
So far, so good. The new firmware are installed on my AC68U. Adaptive QoS are enable with Apps analysis, Web History seems to work good. UPnP are good and no NAT Loopback issue yet. But sure i have to wait 1 or 2 more days.
I'll report back later

CiscoX said:

Hi,
So far, so good. The new firmware are installed on my AC68U. Adaptive QoS are enable with Apps analysis, Web History seems to work good. UPnP are good and no NAT Loopback issue yet. But sure i have to wait 1 or 2 more days.
I'll report back later

Click to expand...

Same here. I've loaded this new firmware on my RT-AC68P router and reconfigured it manually for the most part late last night. Been running fine without a hitch since then so far. I got my NAT loopback function back working again on this firmware too. I don't turn on nor use all the CPU wasting QOS and other fancy features for the most part for my needs, so cannot speak to that area. I do have the AIProtections all enabled though.
Let's hope it runs fine without needing any reboots for years. (I've never had to reboot my Asus routers and hope this trend continues!)

Oh, I also want to mention that the "NaN" bug is fixed on the System Status page now too. It now shows the numbers of CPU utilization percentages instead of displaying "NaN" (which stands for Not a Number).

Hmm, strange. I still have signature version 1.010, not 1.030. Is this Ok?

Solution: Press reset button for 10sec and then signature version will show 1.030.

maximvd said:

- Modified web history strings

Click to expand...

Can anyone tell me what that means? Is the strange web history screen (sorting by device, and storing only a bunch of URLs instead of a complete history) now better?

New firmware syslog showing French hack attempts?

Oh, Oh, I am seeing these syslog entries now with this new firmware...

Feb 27 11:29:46 pptp[32227]: pppd 2.4.7 started by admin, uid 0
Feb 27 11:29:46 pptp[32227]: Connect: ppp10 <--> pptp (178.16.164.115)
Feb 27 11:29:50 pptpd[32226]: CTRL: EOF or bad error reading ctrl packet length.
Feb 27 11:29:50 pptpd[32226]: CTRL: couldn't read packet header (exit)
Feb 27 11:29:50 pptpd[32226]: CTRL: CTRL read failed
Feb 27 11:29:56 pptp[32227]: Connection terminated.
Feb 27 11:29:56 pptp[32227]: Modem hangup

I looked up that ipaddress 178.16.164.115 and it comes from France. I don't have anything running on my router nor network that would try to communicate with France.
What are these syslog messages saying here? Is the router firmware trying to phone home somewhere in France or is someone in France attempting to hack into my router? Did ASUS leave a security exposure and leak in this firmware?
Merlin, would you be able to tell what those log messages mean?

Update: Just for the hell of it, I tried pinging that ipaddress and it is pingable. So then I tried to access it from a browser with http://178.16.164.115/
and guess what? It responds with an Apache Server web page with directory folders. But you cannot see anything in the folders due to no permissions.
It is a French website server. I don't know what the heck my router log shows attempting to connect to this place every 5 to 6 minutes all day starting yesterday it seems. Does anyone else see such log entries in their new firmware upgraded router? Did ASUS plant a secret phone home into this firmware and it wakes up trying to connect somewhere to steal data? I am concerned about this now.

staticfree said:

Oh, Oh, I am seeing these syslog entries now with this new firmware...

Feb 27 11:29:46 pptp[32227]: pppd 2.4.7 started by admin, uid 0
Feb 27 11:29:46 pptp[32227]: Connect: ppp10 <--> pptp (178.16.164.115)
Feb 27 11:29:50 pptpd[32226]: CTRL: EOF or bad error reading ctrl packet length.
Feb 27 11:29:50 pptpd[32226]: CTRL: couldn't read packet header (exit)
Feb 27 11:29:50 pptpd[32226]: CTRL: CTRL read failed
Feb 27 11:29:56 pptp[32227]: Connection terminated.
Feb 27 11:29:56 pptp[32227]: Modem hangup

I looked up that ipaddress 178.16.164.115 and it comes from France. I don't have anything running on my router nor network that would try to communicate with France.
What are these syslog messages saying here? Is the router firmware trying to phone home somewhere in France or is someone in France attempting to hack into my router? Did ASUS leave a security exposure and leak in this firmware?
Merlin, would you be able to tell what those log messages mean?

Click to expand...

It just means that someone out there is randomly trying IPs, looking for vulnerable PPTP servers. This is standard random background noise on the Internet in 2015. The country of origin is irrelevant, you'll get such attempts from everywhere on the planet. More tend to come from China in big part because of their large population.

Firmware version 3.0.0.4.378.4376

This is by far the best firmware to date. NAT Loop back is gone!
Wireless is rock stable on both bands. Transfer speeds from my 2 TB
HD plugged into the USB 3.0 on router is the fastest I have ever seen on both
read and write.

I tried to stress the router to crash with no avail. I streamed HD video on 7 devices at the same time. This has crashed routers in the past. Ran 1 hour no problem, not even a hiccup.

CC

cc666 said:

This is by far the best firmware to date. NAT Loop back is gone!
Wireless is rock stable on both bands. Transfer speeds from my 2 TB
HD plugged into the USB 3.0 on router is the fastest I have ever seen on both
read and write.

I tried to stress the router to crash with no avail. I streamed HD video on 7 devices at the same time. This has crashed routers in the past. Ran 1 hour no problem, not even a hiccup.

CC

Click to expand...

That's good news

Well, after 1 day and 10 hours. No problems so far. Everything is working good.

This is the signature fix

Log into router, on left click on AiProtection, then enable everything, then check the signature, after verifying its 30 then go back to the AiProtection and disable all options (if you want to) The signature will stay. DONE.

CC

Having a problem with the bandwidth monitor after this update on both IE and Chrome. The two meters and the individual device bars are not live updating like they used to. When I click on a device the two meters show a change but that change is then static until I click on another device. I do now see actual app names when I click on a device instead of just "General" and all activity on the app bars seems live.

Working alright so far. No disconnects.

working fine with one single glitch. As soon as i log in router's page my internet stops working until i refresh my internet connection.. Can anyone help me out with this problem ?

Under AiProtection, I noticed ONE or ALL the last 3 features (Malicious Website Blocking, Vulnerability Protection and Infected Device Prevention) is causing slow web page loading.

Currently I have all 3 disabled. Is this recommended?

If not, which one is the culprit for the slow loading web pages?

Poseidon said:

Under AiProtection, I noticed ONE or ALL the last 3 features (Malicious Website Blocking, Vulnerability Protection and Infected Device Prevention) is causing slow web page loading.

Currently I have all 3 disabled. Is this recommended?

If not, which one is the culprit for the slow loading web pages?

Click to expand...

same here.

Poseidon said:

Under AiProtection, I noticed ONE or ALL the last 3 features (Malicious Website Blocking, Vulnerability Protection and Infected Device Prevention) is causing slow web page loading.

Currently I have all 3 disabled. Is this recommended?

If not, which one is the culprit for the slow loading web pages?

Click to expand...

I always run with Malicious Website Blocking disabled because it is a thing that some anti virus packages do and also some operating systems do too. I am not sure how it works but I suspect that the router has to look up a data base that it may hold on your browsing history. If no info locally then it has to check with Trend Micro. If there is a lot of traffic at TM then things can get slow. If you persist with this feature then browsing may get better when the router gets a profile on you.

If unsure what to do then disable all three and wait a few days. If all OK then bring the features back one by one. Leave MWB until last.

BobD said:

I always run with Malicious Website Blocking disabled because it is a thing that some anti virus packages do and also some operating systems do too. I am not sure how it works but I suspect that the router has to look up a data base that it may hold on your browsing history. If no info locally then it has to check with Trend Micro. If there is a lot of traffic at TM then things can get slow. If you persist with this feature then browsing may get better when the router gets a profile on you.

Click to expand...

The Malicious Website blocking is very powerful, blocking between 70 to 90% of 0days out there (as some expert users have reported). Yes, it does work in the cloud and learn from all attached devices (and TrendMicro software users), getting more powerful day by day. Consider that in latest malware testing TM is consistently reach 100% detection of malware. Unless you also run TrendMicro on your PC I would not disable it. BTW, in AC87U firmware build 4376 it is fully broken (does not block anything) as AC86U share the same code I would not be surprised is also broken there...