Cannot Connect to Any Asus Website with an RT-AX86U Pro Router

[Tattz The Bear]

This issue is really wierd. I cannot connect to any Asus URL or website. It's as if my IP has been blocked by Asus.
I first noticed this when I became aware of the latest firmware update and my router did not automatically flag it and also would not conect to the Asus update server. So I thought I would manually download it but when I tried to go to the Asus website I got the dreaded DNS_PROBE_FINISHED_NXDOMAIN message.
My first suspicion was that my DNS server (I use adguard) was causing the problem so tried several different DNS servers but no change. I tried flushing ther DNS cache; No good. I uninstalled the server certificate and reverted to a LetsEncrypt one, nothing changed.
But then I noticed that if I turned on my VPN I could access the Asus website no problem but couldn't access my own router via the GUI. So I downloaded the new firmware and installed it hoping that this might fix the problem but it didn't.
I've written to both my ISP and Asus but have yet to receive a reply.
I have IPv6 activated. Could this be a cause?
Everything else seems to work fine and I can access every website on the planet apart from Asus.
Can any of you brainiacs out there suggest what is causing this or is it that Asus just don't like me?

 

[bennor]

If you haven't tried already, use the router GUI Network Tools to Ping the Asus website that is giving you the DNS_PROBE_FINISHED_NXDOMAIN message. That may help narrow down the issue to either a upstream or router configuration issue or a problem with the local network client you are using.

As a troubleshooting step, disable IPv6 on the router, then reboot the router and network client and test if the issue persists.

 

[Tattz The Bear]

Thanks for that. Yep, I tried pinging asus.com and all seems fine. No packet loss.
I even got my ISP to give me a new IP address but the problem remains.
I'll give your suggestion of disabling IPv6 a go tomorrow and will report back on the outcome.

 

[ColinTaylor]

This issue is really wierd. I cannot connect to any Asus URL or website. It's as if my IP has been blocked by Asus.

This sounds like this malware:

Manually DHCP List and Domain Name Showing Unremovable Items

I used WireGuard to connect two routers, RT-AX86U & GT-AX6600 running newest merlin firmware, and everything was working fine. However, over the past few days I noticed something strange: ．In both routers, the manual DHCP list and the domain name field started showing unusual entries that I...

www.snbforums.com

 

[SteverinoLA]

This sounds like this malware:

Manually DHCP List and Domain Name Showing Unremovable Items

I used WireGuard to connect two routers, RT-AX86U & GT-AX6600 running newest merlin firmware, and everything was working fine. However, over the past few days I noticed something strange: ．In both routers, the manual DHCP list and the domain name field started showing unusual entries that I...

www.snbforums.com

YEs, it's definitely that malware. Happened to me too and no asus.com websites is a tell-tale sign. It changes the root domain in your router to asus.com in order to prevent the automatic firmware updates from working.

Easy fix - reflash current firmware and the set factory defaults and reconfigure.

 

[Tech9]

Any observations of how this malware eventually gets in? AiCloud enabled, Access from WAN enabled, something else?

 

[Treadler]

Any observations of how this malware eventually gets in? AiCloud enabled, Access from WAN enabled, something else?

& more to the point, how does whatever this is get past the ASD (Asus Security Daemon)?

 

[Tech9]

ASD is like AiProtection in reaction time. The signature file updates about once per month. None caught recent AiCloud attacks either. What will be quite concerning is nothing exposed and it still gets in. In this case I would suspect attack to a client on the network first.

 

[Tattz The Bear]

YEs, it's definitely that malware. Happened to me too and no asus.com websites is a tell-tale sign. It changes the root domain in your router to asus.com in order to prevent the automatic firmware updates from working.

Easy fix - reflash current firmware and the set factory defaults and reconfigure.

Thanks Steve, not what I wanted to hear but at least there's a fix. Looks like I'm going to be busy this afternoon.

 

[Tattz The Bear]

I forwarded details of this to Asus and am awaiting their formal reply.

I guess the questions are;

1.0 How come Asus security is so lax that this can occur in the first place?
2.0 How many Asus users globally are now effected by this?
3.0 How do I know if personal information and data has been taken from my computers?
4.0 Why haven't Asus issued a global security advisory via media etc on this problem? (I guess share price might be a factor)
5.0 Should I ever buy Asus products again?

 

[Tech9]

1. Nothing is protected against unknown vulnerabilities.
2. Even if they have this information from user data collection it's unlikely to be shared.
3. You have no reliable way to find out. Unlikely since client devices usually have own protection.
4. Because they will not disclose any information before the issue is fixed. This is a standard practice.
5. This is your personal choice, but going with different vendor doesn't guarantee no security breaches ever.

 

[Treadler]

1. Nothing is protected against unknown vulnerabilities.
2. Even if they have this information from user data collection it's unlikely to be shared.
3. You have no reliable way to find out. Unlikely since client devices usually have own protection.
4. Because they will not disclose any information before the issue is fixed. This is a standard practice.
5. This is your personal choice, but going with different vendor doesn't guarantee no security breaches ever.

Nothing/no one is infallible.

 

[bennor]

I forwarded details of this to Asus and am awaiting their formal reply.

I guess the questions are;

1.0 How come Asus security is so lax that this can occur in the first place?
2.0 How many Asus users globally are now effected by this?
3.0 How do I know if personal information and data has been taken from my computers?
4.0 Why haven't Asus issued a global security advisory via media etc on this problem? (I guess share price might be a factor)
5.0 Should I ever buy Asus products again?

Did you ever have or were you using the AiCloud feature of the router? If so that may possibly have been the intrusion point. AiCloud has been repeatedly patched over they years by Asus due to security vulnerabilities.

Security is a multi layered approach that, in part, requires the owner of the router to ensure they are not running services, granting web facing router GUI access, or opening ports that could potentially cause their router or local network to be compromised.

Was it Asus router security that was lax or which failed, or was it the router owner opening ports or using services that exposed the router to being compromised? Or a combination of both?

There is NO WAY to know exactly how many users were affected or compromised by this malware. Asus may have a educated guess but not everyone will report their being compromised. Some may not even know their compromised and continue blissfully unaware.

As previously said, security is a multi layered approach. While your router is the first line of defense for internet intrusion, your local devices also need their own security protection (firewall, anti virus, malware prevention programs that regularly scan the device/computer). It is up to you, the end user, to practice safe surfing and ensure you have security in depth on your local network, ensure they're using strong passwords. And above all do not have unsecured WiFi networks. It is up to you to ensure you haven't enabled features like "Enable Web Access from WAN" or enable WAN SSH access or opened unneeded port forwarding. It is up to you to ensure your devices are locked down and checked regularly.

Asus has made certain security vulnerabilities pubic and instructed people to update.

ASUS Security Advisory | Latest Vulnerability Update

Stay updated with ASUS security advisories, firmware patches, and vulnerability reports. Learn how to protect your devices and report issues.

www.asus.com

Various public websites, like bleepingcomputer.com, will routinely warn readers about discovered vulnerabilities in routers.

The reality is almost any device connected to the internet can potentially have a unknown or undiscovered vulnerability that has yet to be patched and which can be exploited if discovered. No consumer router, that is connected to the internet, is immune. Pretty much all consumer grade router manufacturers have had one or more of their router models compromised by security vulnerabilities over the years. Asus is not the first to have router's compromise, nor will it be the last.