Unusual behavior Asus RT-N56U Stock

[CaesarI]

Running: 3.0.0.4.376_3879 (latest non-beta AsusWRT)

So it started a week ago. The router was on, modem on, no internet. Tried to log-in to the router to check the logs, no luck, Tried this several different ways as I wanted to check the log, no luck. Restarted router. No luck. Did a reset on the router (reset to defaults), and went (by default) to the "set up your router" page. Set it up, then same deal, no internet, and no access to router. Rinse and repeat a few times. Suspected perhaps something more was at work and did another reset and put the router in a metal can with the lid shut (connected wired). Quickly disabled all wireless and proceeded to re-install configs, set up secure on wi-fi and hesitantly tried with just 2.4GHz enabled. This worked.

All was well for about a week. Returned from a trip and internet down again. *could* log in to router. Checked log. Log says WAN DHCP was not working for the last 8 hours. Attempted unplug, and plug-into modem, no luck. Attempted disable enable WAN interface. no luck. Restarted modem. No luck. Restarted router and all is well again.

Possibilities in order of likelihood:
1. Router is dying, something physical.
2. Local neighbor kid is playing script kiddie on the Wi-Fi.
3. AsusWRT for the RT-N56U has another vulnerability and I'm the victim today.

Anyone else experience this?

-Morgan

 

[wouterv]

Make sure you applied the following:

1. Wireless Authentication Method = WPA2-Personal
2. WPA Encryption = AES
3. Set a STRONG WPA Pre-Shared key
4. Set a non default LAN IP address, e.g. 192.168.67.1
   
5. Enable UPnP = No
   
6. Set a STRONG router login password
   
7. Enable WEB Access from WAN = No

If all above is true, it is highly unlikely that someone can hack your router, unless someone has physical access to the router and can perform a hard reset and configure the router.

Scan your computers for malware, it may be that the issue is there.

In addition you may check the below services:

• Media Server
• Samba share
• FTP share
• AiCloud
• VPN

If none of the above is enabled, your local network is assumed highly secure.

 

[CaesarI]

Thanks,

Problem has not re-occured so far.
At the time of the odd behavior I was following 1,2,5,6,7. And all of the media-server, Samba/FTP share, AI Cloud and VPN options were disabled.
During the troubleshooting above I upgraded the WPA PSK (was using an 8 digit pin)
I will modify the LAN IP address scheme although I don't see much benefit there.

I will take a look at the end-nodes again.

-Morgan

 

[wouterv]

Did you scan your computers for malware?
The purpose of the non default router IP address is based on possible malware on a computer that detects router GUI access at 192.168.1.1 and re-use your login account for undesired actions.

 

[CaesarI]

Computers scanned for Malware nothing came up. Ran both the AV and Malwarebytes scans. Have not run into a similar issue yet.