What's new

New Threats to Asus Routers, few details.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

L&LD

Part of the Furniture
Always interesting to hear about these events. There didn't seem to be any explicit mention of the means of gaining access to SOHO routers, but they did imply http and ssh via the internet. The recent issue with asd may suggest that ASUS has been aware of the issue and was attempting to harden their routers. I suspect that Merlin knows a bit, but perhaps can't say anything.
 
So is there anything we can do at a local level?
 
So is there anything we can do at a local level?

Set a strong username and password, and disable all web access (SSH and HTTP/HTTPS). Make sure you have the latest firmware. If you suspect there is any chance you may have been infected (i.e. you had web access enabled), hard factory reset the router (hold WPS button while booting on most models, but you can look up the process for your model) and configure by hand, not from a backup. This is about all you can do, it may not be 100% guarantee but is good practice regardless.

In fact it would be best to factory reset, configure just enough to get in, upgrade firmware, factory reset again, and then configure everything by hand.

The hard factory reset formats the jffs partition. where holding the reset button does not, so you want to do the hard version as JFFS is where malware gets stored. If you are running merlin, you can be extra sure by doing all of the above but be fore reconfiguring after the second reset, check off "format jffs at next boot" and reboot. Then reconfigure. So you're formatting JFFS twice just to be extra sure.

If you don't have reason to believe you've been exposed to anything you can just make sure all WAN access is disabled and you have a strong password.
 
Set a strong username and password, and disable all web access (SSH and HTTP/HTTPS). Make sure you have the latest firmware. If you suspect there is any chance you may have been infected (i.e. you had web access enabled), hard factory reset the router (hold WPS button while booting on most models, but you can look up the process for your model) and configure by hand, not from a backup. This is about all you can do, it may not be 100% guarantee but is good practice regardless.

In fact it would be best to factory reset, configure just enough to get in, upgrade firmware, factory reset again, and then configure everything by hand.

The hard factory reset formats the jffs partition. where holding the reset button does not, so you want to do the hard version as JFFS is where malware gets stored. If you are running merlin, you can be extra sure by doing all of the above but be fore reconfiguring after the second reset, check off "format jffs at next boot" and reboot. Then reconfigure. So you're formatting JFFS twice just to be extra sure.

If you don't have reason to believe you've been exposed to anything you can just make sure all WAN access is disabled and you have a strong password.
Hi and thank you. When you say disable wan access?
 
Hi and thank you. When you say disable wan access?

He means don't open SSH or HTTP/HTTPS to the internet. There is an option to allow this in the "System" tab of the Administration section of the firmware. ASUS uses the term "WAN" (wide area network) for internet.
 
Hi and thank you. When you say disable wan access?
1685207037602.png

I believe it should be disabled [No] by default.
 
Last edited:
Yup that's what i have already. #phew
 
He means don't open SSH or HTTP/HTTPS to the internet. There is an option to allow this in the "System" tab of the Administration section of the firmware. ASUS uses the term "WAN" (wide area network) for internet.

Wasn't there a thing where if folks use the mobile App it would enable HTTP/HTTPS on the WAN interface?
 
Wasn't there a thing where if folks use the mobile App it would enable HTTP/HTTPS on the WAN interface?

Yes. It asks if you want remote access. Asus is pretty confident opening access to WAN is okay. Millions of users have it enabled, I guess.
 
So my local configuration shows both, then the https Lan port with a number then below that enable wan acess yes, are we good or no? I do have the mobile app. Under enable ssh I have Lan only
 
What am I missing then?
 
I ditched the wan access which the app needed to work as the protection scanner said it was a risk. Happier
 
I ditched the wan access which the app needed to work as the protection scanner said it was a risk. Happier
I recommend everyone to the settings on their routers (there is also information about WAN access and app).
 
So my local configuration shows both, then the https Lan port with a number then below that enable wan acess yes, are we good or no? I do have the mobile app. Under enable ssh I have Lan only

In a post right above you said it was set to "no"?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top