What's new

Release [Fork] Asuswrt-Merlin 374 LTS release 49E4

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
It worked. Not sure why but I just enabled/disabled jffs partition and ssh so I can save my settings. After setting them back it accepted the firmware.
I had the same problem on my N66, but thought it might be because I was upgrading from a beta build. Disabling JFFS and rebooting worked for me as well.
 
Since the last update, I see a lot of 'dnsmasq [867]: possible DNS rebind attack detected: ads.admarvel.com' in the log of my AC68 router. Is there any way to find out which device is causing this attack?
 
Since the last update, I see a lot of 'dnsmasq [867]: possible DNS rebind attack detected: ads.admarvel.com' in the log of my AC68 router. Is there any way to find out which device is causing this attack?
It's probably not an "attack" and I doubt it has anything specifically to do with updating the firmware. Not unless you previously had Enable DNS Rebind protection set to No and now it's set to Yes.

You could manually enable query logging for dnsmasq but your log will be flooded with entries. So unless the rebind messages appear at a predictable time you probably don't want to leave that running all the time.
 
It's probably not an "attack" and I doubt it has anything specifically to do with updating the firmware. Not unless you previously had Enable DNS Rebind protection set to No and now it's set to Yes.

You could manually enable query logging for dnsmasq but your log will be flooded with entries. So unless the rebind messages appear at a predictable time you probably don't want to leave that running all the time.
I have always DNS Rebind protection on and i think you are right. I think this have nothing to do with the new firmware from John. I am just curious which device is causing this attack
 
Last edited:
Are you using an ad-blocking DNS provider? That would also trigger such messages.
Mmm, i recently started using 1.1.1.2 from Cloudflare. Maybe that's the cause of the rebind attack. I'll temporarily switch the dns to 9.9.9.9
 
Mmm, i recently started using 1.1.1.2 from Cloudflare. Maybe that's the cause of the rebind attack. I'll temporarily switch the dns to 9.9.9.9
Yes, if they block domains by returning 0.0.0.0, dnsmasq flags that IP as a rebind attack. You can always disable rebind protection.
 
Mmm, i recently started using 1.1.1.2 from Cloudflare. Maybe that's the cause of the rebind attack. I'll temporarily switch the dns to 9.9.9.9
Yes, if they block domains by returning 0.0.0.0, dnsmasq flags that IP as a rebind attack. You can always disable rebind protection.
Yes this seems to be the cause.
Code:
C:\Users\Colin>nslookup ads.admarvel.com 1.1.1.2
Server:  UnKnown
Address:  1.1.1.2

Non-authoritative answer:
Name:    ads.admarvel.com
Addresses:  ::
          0.0.0.0


C:\Users\Colin>nslookup ads.admarvel.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    ads.admarvel.com
Addresses:  52.0.132.133
          34.225.111.248
          3.222.146.194
          52.70.57.183
 
Ooh, ok, thanks you very much guys. I don't really want to switch off rebind protection. But why is only ads.admarvel.com blocked?
Anyway I'll stick with Quad9 I think.
Again, thanks a lot both of you
 
I have a N66U running Merlin 380.70. If I upgrade to this, do I need to reset all my settings to default?

If possible I'd rather not because it is at a remote location that I don't have free access to.

I am only concerned about security issues, such as Fragattacks.

If not, I may just try to figure out a way to disable the WiFi radio completely because it doesn't really need that. I'm just using it as a makeshift edge router.

Thanks
 
Full reset to factory defaults after flashing to the firmware you want is required.
 
If not, I may just try to figure out a way to disable the WiFi radio completely because it doesn't really need that. I'm just using it as a makeshift edge router.
Just turn off each radio in the GUI.

As for frag attacks, John's firmware doesn't contain any patches for that at the moment as Asus haven't released any patched source code. Even when they do it may not be available or applicable to the N66U as the N66U is officially EOL and the latest source code is from 2019.
 
I have an old RT-N66U with the merlin 380.70 firmware (the last available). I'd like to install this 374 LTS, but I have some doubt; I know that I must do a "factory reset" after the installation of the new one (using the firmware restoration tool or the CFE Mini-Web Server). My question: there is a simple way to restore the configuration from the 380.70? Can I make a simple backup of the router settings and the jffs partition before the flash and then a restore after installing the 374 LTS?... or maybe I've to use the nvram utility?... I've a certain number of settings (Manual assigned IP's, port forwarding, openvpn server, ...) and it would be long to manual set all of these.
 
@genestar You shouldn't restore the router's "Save settings" file, although restoring a JFFS backup should be OK.

You could try using the old NVRAM utility here although I wouldn't recommend that either as too much has changed since that was written. I suggest that you preserve your manually assigned IP's and port forwarding rules as follows and set up everything else (especially the VPN) manually.
Code:
nvram get dhcp_staticlist > dhcp_staticlist.txt
nvram get vts_rulelist > vts_rulelist.txt
Save these files in a safe place and restore them after a factory reset with:
Code:
nvram set dhcp_staticlist="$(cat dhcplist.txt)"
nvram set vts_rulelist="$(cat vts_rulelist.txt)"
nvram commit
 
@genestar You shouldn't restore the router's "Save settings" file, although restoring a JFFS backup should be OK.

You could try using the old NVRAM utility here although I wouldn't recommend that either as too much has changed since that was written. I suggest that you preserve your manually assigned IP's and port forwarding rules as follows and set up everything else (especially the VPN) manually.
Code:
nvram get dhcp_staticlist > dhcp_staticlist.txt
nvram get vts_rulelist > vts_rulelist.txt
Save these files in a safe place and restore them after a factory reset with:
Code:
nvram set dhcp_staticlist="$(cat dhcplist.txt)"
nvram set vts_rulelist="$(cat vts_rulelist.txt)"
nvram commit

Thank you Colin; than the "safest method" is to re-setup all the configuration manually :-(
 
You may not like the time it takes but here I have screen shotted every page in a word document, if needed you will have all settings for a manual restore.
Very specific entries can be pasted underneath a screenshot for easy cut&paste.
 
Status
Not open for further replies.

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top