Hi. My computer got possibly compromised yesterday so today I reinstalled Windows 10 from scratch. I also checked my modem's system logs and found something interesting related to the hosts file on the modem so I decided to take a look at it through SSH and this is how it looks:
I obviously did a full factory reset twice, yet the hosts file stays the same. All google finds for those addresses is https://github.com/smx-smx/asuswrt-rt/blob/master/apps/public/rc/wanduck.c which I think indicates it could be just hardcoded in the firmware. I still want to be completely sure, any ideas how to make sure I'm safe? The ntp domains apparently don't exist at all, now I just manually edited those out from the hosts file and reloaded dnsmasq.
Also looking at the system logs dnsmasq seems to restart every 10 minutes with the same message: https://pastebin.com/hk2zCaQw
I got Asus DSL-N66U with firmware version 9.1.2.3_783 which is an official beta provided by ASUS.
Code:
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.1.1 router.asus.com
192.168.1.1 www.asusnetwork.net
192.168.121.70 ntp01.mvp.tivibu.com.tr
192.168.121.71 ntp02.mvp.tivibu.com.trI obviously did a full factory reset twice, yet the hosts file stays the same. All google finds for those addresses is https://github.com/smx-smx/asuswrt-rt/blob/master/apps/public/rc/wanduck.c which I think indicates it could be just hardcoded in the firmware. I still want to be completely sure, any ideas how to make sure I'm safe? The ntp domains apparently don't exist at all, now I just manually edited those out from the hosts file and reloaded dnsmasq.
Also looking at the system logs dnsmasq seems to restart every 10 minutes with the same message: https://pastebin.com/hk2zCaQw
I got Asus DSL-N66U with firmware version 9.1.2.3_783 which is an official beta provided by ASUS.
Last edited:
