Release [Fork] Asuswrt-Merlin 374 LTS release 49E4

[RagnarOkay]

It worked. Not sure why but I just enabled/disabled jffs partition and ssh so I can save my settings. After setting them back it accepted the firmware.

I had the same problem on my N66, but thought it might be because I was upgrading from a beta build. Disabling JFFS and rebooting worked for me as well.

 

[acale75]

Since the last update, I see a lot of 'dnsmasq [867]: possible DNS rebind attack detected: ads.admarvel.com' in the log of my AC68 router. Is there any way to find out which device is causing this attack?

 

[ColinTaylor]

Since the last update, I see a lot of 'dnsmasq [867]: possible DNS rebind attack detected: ads.admarvel.com' in the log of my AC68 router. Is there any way to find out which device is causing this attack?

It's probably not an "attack" and I doubt it has anything specifically to do with updating the firmware. Not unless you previously had Enable DNS Rebind protection set to No and now it's set to Yes.

You could manually enable query logging for dnsmasq but your log will be flooded with entries. So unless the rebind messages appear at a predictable time you probably don't want to leave that running all the time.

 

[dave14305]

Since the last update, I see a lot of 'dnsmasq [867]: possible DNS rebind attack detected: ads.admarvel.com' in the log of my AC68 router. Is there any way to find out which device is causing this attack?

Are you using an ad-blocking DNS provider? That would also trigger such messages.

 

[acale75]

It's probably not an "attack" and I doubt it has anything specifically to do with updating the firmware. Not unless you previously had Enable DNS Rebind protection set to No and now it's set to Yes.

You could manually enable query logging for dnsmasq but your log will be flooded with entries. So unless the rebind messages appear at a predictable time you probably don't want to leave that running all the time.

I have always DNS Rebind protection on and i think you are right. I think this have nothing to do with the new firmware from John. I am just curious which device is causing this attack

 

[acale75]

Are you using an ad-blocking DNS provider? That would also trigger such messages.

Mmm, i recently started using 1.1.1.2 from Cloudflare. Maybe that's the cause of the rebind attack. I'll temporarily switch the dns to 9.9.9.9

 

[dave14305]

Mmm, i recently started using 1.1.1.2 from Cloudflare. Maybe that's the cause of the rebind attack. I'll temporarily switch the dns to 9.9.9.9

Yes, if they block domains by returning 0.0.0.0, dnsmasq flags that IP as a rebind attack. You can always disable rebind protection.

 

[ColinTaylor]

Mmm, i recently started using 1.1.1.2 from Cloudflare. Maybe that's the cause of the rebind attack. I'll temporarily switch the dns to 9.9.9.9

Yes, if they block domains by returning 0.0.0.0, dnsmasq flags that IP as a rebind attack. You can always disable rebind protection.

Yes this seems to be the cause.

C:\Users\Colin>nslookup ads.admarvel.com 1.1.1.2
Server:  UnKnown
Address:  1.1.1.2

Non-authoritative answer:
Name:    ads.admarvel.com
Addresses:  ::
          0.0.0.0


C:\Users\Colin>nslookup ads.admarvel.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    ads.admarvel.com
Addresses:  52.0.132.133
          34.225.111.248
          3.222.146.194
          52.70.57.183

 

[acale75]

Ooh, ok, thanks you very much guys. I don't really want to switch off rebind protection. But why is only ads.admarvel.com blocked?
Anyway I'll stick with Quad9 I think.
Again, thanks a lot both of you

 

[dave14305]

But why is only ads.admarvel.com blocked?

Cloudflare must consider it a site that serves malware, since that is the function of 1.1.1.2.

 

[acale75]

Cloudflare must consider it a site that serves malware, since that is the function of 1.1.1.2.

Yes, i guess so. Thanks Dave

 

[InkyRag]

I am not able to reach the updates on onedrive. Anyone else?

 

[ColinTaylor]

I am not able to reach the updates on onedrive. Anyone else?

Works for me.

 

[puna]

I have a N66U running Merlin 380.70. If I upgrade to this, do I need to reset all my settings to default?

If possible I'd rather not because it is at a remote location that I don't have free access to.

I am only concerned about security issues, such as Fragattacks.

If not, I may just try to figure out a way to disable the WiFi radio completely because it doesn't really need that. I'm just using it as a makeshift edge router.

Thanks

 

[L&LD]

Full reset to factory defaults after flashing to the firmware you want is required.

 

[ColinTaylor]

If not, I may just try to figure out a way to disable the WiFi radio completely because it doesn't really need that. I'm just using it as a makeshift edge router.

Just turn off each radio in the GUI.

As for frag attacks, John's firmware doesn't contain any patches for that at the moment as Asus haven't released any patched source code. Even when they do it may not be available or applicable to the N66U as the N66U is officially EOL and the latest source code is from 2019.

 

[genestar]

I have an old RT-N66U with the merlin 380.70 firmware (the last available). I'd like to install this 374 LTS, but I have some doubt; I know that I must do a "factory reset" after the installation of the new one (using the firmware restoration tool or the CFE Mini-Web Server). My question: there is a simple way to restore the configuration from the 380.70? Can I make a simple backup of the router settings and the jffs partition before the flash and then a restore after installing the 374 LTS?... or maybe I've to use the nvram utility?... I've a certain number of settings (Manual assigned IP's, port forwarding, openvpn server, ...) and it would be long to manual set all of these.

 

[ColinTaylor]

@genestar You shouldn't restore the router's "Save settings" file, although restoring a JFFS backup should be OK.

You could try using the old NVRAM utility here although I wouldn't recommend that either as too much has changed since that was written. I suggest that you preserve your manually assigned IP's and port forwarding rules as follows and set up everything else (especially the VPN) manually.

nvram get dhcp_staticlist > dhcp_staticlist.txt
nvram get vts_rulelist > vts_rulelist.txt

Save these files in a safe place and restore them after a factory reset with:

nvram set dhcp_staticlist="$(cat dhcplist.txt)"
nvram set vts_rulelist="$(cat vts_rulelist.txt)"
nvram commit

 

[genestar]

@genestar You shouldn't restore the router's "Save settings" file, although restoring a JFFS backup should be OK.

You could try using the old NVRAM utility here although I wouldn't recommend that either as too much has changed since that was written. I suggest that you preserve your manually assigned IP's and port forwarding rules as follows and set up everything else (especially the VPN) manually.

nvram get dhcp_staticlist > dhcp_staticlist.txt
nvram get vts_rulelist > vts_rulelist.txt

Save these files in a safe place and restore them after a factory reset with:

nvram set dhcp_staticlist="$(cat dhcplist.txt)"
nvram set vts_rulelist="$(cat vts_rulelist.txt)"
nvram commit

Thank you Colin; than the "safest method" is to re-setup all the configuration manually :-(

 

[itpp20]

You may not like the time it takes but here I have screen shotted every page in a word document, if needed you will have all settings for a manual restore.
Very specific entries can be pasted underneath a screenshot for easy cut&paste.