Debating whether to update to 384
- Thread starter Johnny
- Start date
I would be updating from 380.68_4 on a RT-AC5300. Right now its stable and haven't had issues for 3 months.
Still dont know if its worth the risk of updating and having to run into stability issues. Maybe I should wait for a few more releases?
I'm thinking I'm willing to update if its a vast improvement due to codebase change or since my boot time is 3-4 mins. If the code base improves the boot time to 1 minute, thats something I'm very interested in knowing to update.
Still dont know if its worth the risk of updating and having to run into stability issues. Maybe I should wait for a few more releases?
I'm thinking I'm willing to update if its a vast improvement due to codebase change or since my boot time is 3-4 mins. If the code base improves the boot time to 1 minute, thats something I'm very interested in knowing to update.
s dr
Occasional Visitor
I'm in the same boat with a 5300 on 380.65. The main thing we would get would be fix for KRACK vulnerability.
There are several issues still being reported for 5300's in the release thread. So I'm holding off for now.
I don't like having that vulnerability but I don't have anything to steal so it's not imperative it be closed right now. If it was I would have bought a replacement router that was secure already.
There are several issues still being reported for 5300's in the release thread. So I'm holding off for now.
I don't like having that vulnerability but I don't have anything to steal so it's not imperative it be closed right now. If it was I would have bought a replacement router that was secure already.
RMerlin
Asuswrt-Merlin dev
Your router is only vulnerable to KRACK if running as a repeater or media bridge. Your clients are the ones in need of patching.
orion44
Regular Contributor
I'm an RT-AC5300 owner on the fence as well. While I can deal with the royal PITA of a one-time factory reset for the 384 codebase, I have no time budget for a stability issues. 380 has been beyond rock solid for me, but I understand if I want to cling to it, I'll be SOL for future security patches.
If its not broke I generally say no need to 'fix it'. So as long as you are getting security updates stay on 380. While moving to 384 was painless (merlin did a great job) I get the sense that Asus has not attended to a lot of things that needed fixing in the rush to get their mesh f/w to market and this finds it way into Asus-Merlin. If you enjoy what you have then stick with 380 another six - eight months and then think it over again.
s dr
Occasional Visitor
Right but it's exactly my clients I'm concerned about. Correct me if I am wrong, but I gathered the security fix in 384 will protect the unit from unpatched clients as well?
RMerlin
Asuswrt-Merlin dev
No. Your clients will require fixing, the router cannot protect them. KRACK is a client-side exploit.
s dr
Occasional Visitor
Then there is no fix. It's like accidentally giving the world a master key to every door and lock in your house house then trusting they will give it back and exchange it for a key that just opens your shed as you intended. Asking for the master key back doesn't solve the problem.
Except it's not just one house. Everyone in the world has the master key to everyone's doors.
I know people have implemented checks for the reinsertion techniques the exploit uses, but these are obviously not going to be foolproof, and are beyond the scope of your heroic efforts to implement.
This seems like a nightmare example of why closed source security protocol design is bad.
Similar threads
Similar threads
-
-
-
ASUS RT-AC68U not working after Merlin firmware update, did I brick it?- Started by dbaser
- Replies: 15
-
-
RT-AX88U creates a lot of dropbear processes after update
- Started by corgan2224
- Replies: 8
-
Solved Inadyn Fails to verify server certs after update to 388.6
- Started by astephon88
- Replies: 3
-
-
Router using wrong Certificate after update to 3004.388.6- Started by TheAccountOfTeo997
- Replies: 7
-