Asus Finally Rolls Out a Firmware Fix for Major Router Vulnerability

9

Comments

+ Add a Comment
avatar

whiskeymcclinton

I've liked Asus router hardware, but have not been fond of their firmware.
I have always been running tomatousb shibby builds on my router, and it's rock solid. There are other security holes (like DNS rebinding attacks) in factory router firmwares that tomatousb protects against. Plus all the extra features, like custom DNS mapping by domain name, make it a must-have for me.
I'm also not a fan of running a USB hard drive off a router. The puny chips in most routers make it too slow and flakey compared to a real NAS box.

avatar

GrayWolfShaman

Hey guys, thanks for the heads up regarding this firmware update. Unfortunately, whether you go to Softpedia OR directly to Asus' website, the download called "ASUS RT-N66R Firmware version 3.0.0.4.374.4422" (which gives you the FW_RT_N66R_30043744422.zip file) ACTUALLY contains a firmware file (RT-N66U_3.0.0.4_374_4422-gc83c78f.trx) which appears to be for the RT-N66U router.

I'm not sure if it is just named wrong in the zip file, or if the wrong firmware got packed in the zip file for the RT-N66R router but I'm not going to patch my RT-N66R router until I know for sure.

Chat isn't up yet on the ASUS website - any chance you guys could get to the bottom of this and post an update?

Love the mag/site!

avatar

whiznot

The R and U models are the same router.

avatar

GrayWolfShaman

Thanks Whiznot, for your reply. My "R" model prompted me with a message "This firmware is not for your router - are you sure you want to proceed?" when I tried to upload it (which gave me pause)...can you explain this? Thanks again!

avatar

xRadeon

Well good thing I only use my RT-AC66U as an access point.
Use pfSense for my firewall/router and Nexenta for my network storage. :)

avatar

somethingelse

+1 on pfsense + freenas for storage (nexenta is based on freenas afaik...or some freebsd storage distro anyway). well, pfsense for work, roll my own gentoo router at home.

having full control of the kernel and services and being able to update each library anytime is huge advantage over any of the blackbox retail crap...a lot cheaper too and a lot more secure.

avatar

tristone

Nexenta seems to be Ubuntu on OpenSolaris kernel.

http://en.wikipedia.org/wiki/Nexenta_OS

I'm quite curious as what hardware pfsense actually runs on in the real world. In a home environment it does not feel quite economical to have a dedicated PC as router. And it would be much harder to set up and takes longer to boot.

avatar

somethingelse

@tristone

Thanks for clearing up Nexenta. I'll stick with FreeNAS which is freebsd based and has zfs support (backported from opensolaris).

As for hardware pfsense runs on...anything x86 based will work. You can run it on a regular PC, but i get small network appliances from Nexcom which work really well. They have many options, but even the cheapest Atom ones are more then enough to run pfsense and boot faster then most retail routers (which take unnecessarily long to boot sometimes). Using Gentoo at home for routing, my boot times are even faster because I have much less stuff installed then pfsense or any retail router, so there's not many services to init at boot time.

Having a virtual setup like aarcane's will work well too, but I prefer to keep router/firewall on dedicated hardware just because I tend to experiment regularly with my KVM server and sometimes it and all the VMs on it require a bounce...my wife wouldn't like it if I cut off her internet connection momentarily because of a kernel update :P

avatar

aarcane

I run my pfsense virtualized upon my VM Servers. My entire network is behind one of two virtual pfsense machines, depending on the time of day and what CARP is feeling like.

I run a wire from my modem to a smart switch. the smart switch has a vlan to which the pfSense VMs are connected, and nothing else. The pfSense VMs then are also connected to the LAN vlan, and act as the firewall and gateway.