ASUS RT-N66U Firmware version 3.0.0.4.382.51641

[wouterv]

ASUS RT-N66U Firmware version 3.0.0.4.382.51641
- Fix a DDoS vulnerability.

https://www.asus.com/Networking/RTN66U/HelpDesk_BIOS/

 

[o-l-a-v]

More than seven years of firmware updates is pretty legit. It was first available for sale in january 2012.

 

[wouterv]

More than seven years of firmware updates is pretty legit. It was first available for sale in january 2012.

That makes Asus number one for me.
Look at the WRT54GL, latest firmware is dated back from 2016.
Similar I ran into for the E4200 which firmware updates ended in 2014, that was very short after the introduction.

 

[Barkhaven]

I am still running the last supported Merlin version 380.70 on my RT-N66U. Is there any reason I should not switch back to the Asus firmware since they are still releasing updates 1.5 years after Merlin stopped? Thanks!

 

[Andy1932]

I am still running the last supported Merlin version 380.70 on my RT-N66U. Is there any reason I should not switch back to the Asus firmware since they are still releasing updates 1.5 years after Merlin stopped? Thanks!

Personally, I’d go with johns fork of Merlin.
https://www.snbforums.com/threads/fork-asuswrt-merlin-374-43-lts-releases-v39e3.18914/

 

[Barkhaven]

Personally, I’d go with johns fork of Merlin.
https://www.snbforums.com/threads/fork-asuswrt-merlin-374-43-lts-releases-v39e3.18914/

Thanks very much. I'll take a look.

 

[NoSubstitute]

Thanks very much. I'll take a look.

John hasn't updated that since April 17.

 

[NoSubstitute]

Personally, I’d go with johns fork of Merlin.
https://www.snbforums.com/threads/fork-asuswrt-merlin-374-43-lts-releases-v39e3.18914/

John hasn't updated that since April 17.

(replied to the wrong post before)

 

[wouterv]

Honestly I advise when the RT-N66U is your main router to upgrade to the latest stock firmware to have security issues fixed.

 

[Grisu]

And which must have security fix since then did you find in stock firmware not fixed in John's fork long time before?

 

[NoSubstitute]

And which must have security fix since then did you find in stock firmware not fixed in John's fork long time before?

Well, that is pretty much what I want to know, since the few words "Fixed a DDoS vulnerability" doesn't really tell me if this was fixed in MerlinWRT years ago, or if it's already included in john's V39E3?

 

[Grisu]

Are you really afraid of DDoS on a home router? Its nothing more than in worst case you cant access your internet and have to reboot or wait till its over.
Even if not implemented in John's or Merlin's it has been functional the last 10 years and will the same the next.

This same question some time ago not even has been answered as too meaningless: https://www.snbforums.com/threads/fixed-a-ddos-vulnerability.59200/

 

[NoSubstitute]

Thanks for the link.
Also answered my question whether @RMerlin had given any feedback on the matter.
I see that Asus themselves have released three updates during 2019.
Guess it's time to say goodbye to MerlinWRT on my N66U.

 

[Grisu]

somehow you misread my intention, I would stay on Merlin and John, those Asus updates are only minor for better feeling and some fixes has been in Merlin long before Asus implemented them especially for older models.

 

[RMerlin]

Well, that is pretty much what I want to know, since the few words "Fixed a DDoS vulnerability" doesn't really tell me if this was fixed in MerlinWRT years ago, or if it's already included in john's V39E3?

Neither of our firmware are vulnerable to this specific issue.

 

[Deleted member 66500]

So, what is the consensus folks ? I'm blissfully happily still running Merlin's 380.70, but occasionally suffer from bouts of panic of being exposed to a vulnerability. Should I update to Asus' versions through 2019, or stay with Merlin ?

 

[L&LD]

@wrink, if you're just using it without any features or scripts enabled, it is tempting to just let it ride.

But an RT-AC66U_B1 on RMerlin's latest would do wonders for security and performance too if that is important in your use case (and provided/possible ISP speeds).