Release [Fork] Asuswrt-Merlin 374 LTS release 49E4

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

RagnarOkay

New Around Here
It worked. Not sure why but I just enabled/disabled jffs partition and ssh so I can save my settings. After setting them back it accepted the firmware.
I had the same problem on my N66, but thought it might be because I was upgrading from a beta build. Disabling JFFS and rebooting worked for me as well.
 

acale75

Occasional Visitor
Since the last update, I see a lot of 'dnsmasq [867]: possible DNS rebind attack detected: ads.admarvel.com' in the log of my AC68 router. Is there any way to find out which device is causing this attack?
 

ColinTaylor

Part of the Furniture
Since the last update, I see a lot of 'dnsmasq [867]: possible DNS rebind attack detected: ads.admarvel.com' in the log of my AC68 router. Is there any way to find out which device is causing this attack?
It's probably not an "attack" and I doubt it has anything specifically to do with updating the firmware. Not unless you previously had Enable DNS Rebind protection set to No and now it's set to Yes.

You could manually enable query logging for dnsmasq but your log will be flooded with entries. So unless the rebind messages appear at a predictable time you probably don't want to leave that running all the time.
 

dave14305

Part of the Furniture
Since the last update, I see a lot of 'dnsmasq [867]: possible DNS rebind attack detected: ads.admarvel.com' in the log of my AC68 router. Is there any way to find out which device is causing this attack?
Are you using an ad-blocking DNS provider? That would also trigger such messages.
 

acale75

Occasional Visitor
It's probably not an "attack" and I doubt it has anything specifically to do with updating the firmware. Not unless you previously had Enable DNS Rebind protection set to No and now it's set to Yes.

You could manually enable query logging for dnsmasq but your log will be flooded with entries. So unless the rebind messages appear at a predictable time you probably don't want to leave that running all the time.
I have always DNS Rebind protection on and i think you are right. I think this have nothing to do with the new firmware from John. I am just curious which device is causing this attack
 
Last edited:

acale75

Occasional Visitor
Are you using an ad-blocking DNS provider? That would also trigger such messages.
Mmm, i recently started using 1.1.1.2 from Cloudflare. Maybe that's the cause of the rebind attack. I'll temporarily switch the dns to 9.9.9.9
 

dave14305

Part of the Furniture
Mmm, i recently started using 1.1.1.2 from Cloudflare. Maybe that's the cause of the rebind attack. I'll temporarily switch the dns to 9.9.9.9
Yes, if they block domains by returning 0.0.0.0, dnsmasq flags that IP as a rebind attack. You can always disable rebind protection.
 

ColinTaylor

Part of the Furniture
Mmm, i recently started using 1.1.1.2 from Cloudflare. Maybe that's the cause of the rebind attack. I'll temporarily switch the dns to 9.9.9.9
Yes, if they block domains by returning 0.0.0.0, dnsmasq flags that IP as a rebind attack. You can always disable rebind protection.
Yes this seems to be the cause.
Code:
C:\Users\Colin>nslookup ads.admarvel.com 1.1.1.2
Server:  UnKnown
Address:  1.1.1.2

Non-authoritative answer:
Name:    ads.admarvel.com
Addresses:  ::
          0.0.0.0


C:\Users\Colin>nslookup ads.admarvel.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    ads.admarvel.com
Addresses:  52.0.132.133
          34.225.111.248
          3.222.146.194
          52.70.57.183
 

acale75

Occasional Visitor
Ooh, ok, thanks you very much guys. I don't really want to switch off rebind protection. But why is only ads.admarvel.com blocked?
Anyway I'll stick with Quad9 I think.
Again, thanks a lot both of you
 

puna

New Around Here
I have a N66U running Merlin 380.70. If I upgrade to this, do I need to reset all my settings to default?

If possible I'd rather not because it is at a remote location that I don't have free access to.

I am only concerned about security issues, such as Fragattacks.

If not, I may just try to figure out a way to disable the WiFi radio completely because it doesn't really need that. I'm just using it as a makeshift edge router.

Thanks
 

L&LD

Part of the Furniture
Full reset to factory defaults after flashing to the firmware you want is required.
 

ColinTaylor

Part of the Furniture
If not, I may just try to figure out a way to disable the WiFi radio completely because it doesn't really need that. I'm just using it as a makeshift edge router.
Just turn off each radio in the GUI.

As for frag attacks, John's firmware doesn't contain any patches for that at the moment as Asus haven't released any patched source code. Even when they do it may not be available or applicable to the N66U as the N66U is officially EOL and the latest source code is from 2019.
 

genestar

New Around Here
I have an old RT-N66U with the merlin 380.70 firmware (the last available). I'd like to install this 374 LTS, but I have some doubt; I know that I must do a "factory reset" after the installation of the new one (using the firmware restoration tool or the CFE Mini-Web Server). My question: there is a simple way to restore the configuration from the 380.70? Can I make a simple backup of the router settings and the jffs partition before the flash and then a restore after installing the 374 LTS?... or maybe I've to use the nvram utility?... I've a certain number of settings (Manual assigned IP's, port forwarding, openvpn server, ...) and it would be long to manual set all of these.
 

ColinTaylor

Part of the Furniture
@genestar You shouldn't restore the router's "Save settings" file, although restoring a JFFS backup should be OK.

You could try using the old NVRAM utility here although I wouldn't recommend that either as too much has changed since that was written. I suggest that you preserve your manually assigned IP's and port forwarding rules as follows and set up everything else (especially the VPN) manually.
Code:
nvram get dhcp_staticlist > dhcp_staticlist.txt
nvram get vts_rulelist > vts_rulelist.txt
Save these files in a safe place and restore them after a factory reset with:
Code:
nvram set dhcp_staticlist="$(cat dhcplist.txt)"
nvram set vts_rulelist="$(cat vts_rulelist.txt)"
nvram commit
 

genestar

New Around Here
@genestar You shouldn't restore the router's "Save settings" file, although restoring a JFFS backup should be OK.

You could try using the old NVRAM utility here although I wouldn't recommend that either as too much has changed since that was written. I suggest that you preserve your manually assigned IP's and port forwarding rules as follows and set up everything else (especially the VPN) manually.
Code:
nvram get dhcp_staticlist > dhcp_staticlist.txt
nvram get vts_rulelist > vts_rulelist.txt
Save these files in a safe place and restore them after a factory reset with:
Code:
nvram set dhcp_staticlist="$(cat dhcplist.txt)"
nvram set vts_rulelist="$(cat vts_rulelist.txt)"
nvram commit

Thank you Colin; than the "safest method" is to re-setup all the configuration manually :-(
 

itpp20

Regular Contributor
You may not like the time it takes but here I have screen shotted every page in a word document, if needed you will have all settings for a manual restore.
Very specific entries can be pasted underneath a screenshot for easy cut&paste.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top