Menu
What's new
By:
Filters Better Search

Safety of a second hand asus router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Dfects

Dfects

Occasional Visitor
I recently purchased a second hand RT-AC3200 router for a bargain price off ebay (well under half of a new one). After purchasing I instantly started to consider how safe it is running a router when I don't know its history or that of the seller. I've connected it to a raspberry pi that is isolated, flashed the latest merlin and have reinitialised to make sure its all wiped. All seems to be running well. Should that be safe? Not sure if I'm being over paranoid?
 
Dfects said:
I recently purchased a second hand RT-AC3200 router for a bargain price off ebay (well under half of a new one). After purchasing I instantly started to consider how safe it is running a router when I don't know its history or that of the seller. I've connected it to a raspberry pi that is isolated, flashed the latest merlin and have reinitialised to make sure its all wiped. All seems to be running well. Should that be safe? Not sure if I'm being over paranoid?
Click to expand...

Safety is measurable using Nessus, or your favorite vulnerability scanner. You will be surprised at thesecurity holes in your installation. Good luck!
 
Thanks, I'll give that a go :)

I was more concerned if the router could of been tampered with in some way that an nvram/firmware flash wouldn't remove, although a scan could identify something.
 
Last edited:
initialize it , it should be good after that
 
Remember to reformat the JFFS partition (even though it might appear empty), I'm not sure whether a factory default reset does that or not.
 
Last edited:
Initialize in Asus firmware will do a good job. I couldn't find any piece not reset by that function.
It's a good idea even if router comes from a "reliable" store. And even that can't entirely calm a paranoid mind like mine...I do regularly look for weird processes on all my boxes, to the best of my knowledge...
 
CrystalLattice said:
no router is "safe" until you've run nessus, not grc, & closed all the holes! you're just hangin it out in the wind
Click to expand...

Free for 7 days or $2200/year... not a very attractive solution solution for the home user.

OE
 
OzarkEdge said:
Free for 7 days or $2200/year... not a very attractive solution solution for the home user.

OE
Click to expand...
what snb has randomly assembled here is the most negative group of people. i get it free, if you don't, then google 'top ten sec.vul.scanrs.' & pick another free one. odds r u cant close all sec. holes!
 
Last edited:
ColinTaylor said:
"Nessus Home" is free and has enough for home users.
Click to expand...

Thanks, I looked their site over and did not find that! I still can't find it without your hint.

OE
 
Yep I have the free one installed and have done a few scans of my current rt-ac66u setup via local ips. I should probably start another thread for this, but is there a way to do an external scan with nessus? I've only tried via a VPN so far and the host is never listed when using my wan ip, but it may require an external ip. I might be misunderstanding its intended use, or may actually have to be on a physically external net. I've not had time to properly read up on it so far so if anyone can help with a quick answer that'd be grand :)
 
nessus home: https://www.tenable.com/products/nessus-home there r others also that r good. if using openwrt, do regular home router security tips., search special openwrt security tips, run scanner, close holes when possible none of this will help you if hiding from the authorities. the Airport was not on the CIA list.
 
Last edited:
Dfects said:
but is there a way to do an external scan with nessus?
Click to expand...
I don't think so. You'd have to scan it from outside your local network somehow, maybe from an installation on a VPS. That's not allowed with the free licence so you'd have to buy one of the other options.
 
ColinTaylor said:
I don't think so. You'd have to scan it from outside your local network somehow, maybe from an installation on a VPS. That's not allowed with the free licence so you'd have to buy one of the other options.
Click to expand...
Don't connect the WAN interface to your ISP device. Manually assign an IP address to the WAN interface of the router. Configure a client to connect directly to the WAN interface as though it is on the internet. Run your scan.
 
You must log in or register to reply here.

Similar threads

Nirvash
Second hand seller has sold a lot of routers. Is there a chance they have been hacked in some way?
Replies
5
Views
871
tgl
T
R
Isolating LAN from clients behind second router
Replies
6
Views
609
glens
G
B
WAN Port IP Addresses appear on router
Replies
4
Views
532
drinkingbird
drinkingbird
J
Need a multi-AP system that (primarily) works
2 3
Replies
43
Views
2K
coxhaus
C
C
Attempting to design an ASUS Mesh Network purposely using a double NAT? Good or bad idea?
Replies
7
Views
632
Tech9
Tech9

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 832 (members: 29, guests: 803)
Top