After Two Days, Asus Fixed Router-Freezing Glitch - Slashdot
source link: https://tech.slashdot.org/story/23/05/20/0445211/after-two-days-asus-fixed-router-freezing-glitch
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
After Two Days, Asus Fixed Router-Freezing Glitch
Follow Slashdot stories on Twitter
binspamdupenotthebestofftopicslownewsdaystalestupid freshfunnyinsightfulinterestingmaybe offtopicflamebaittrollredundantoverrated insightfulinterestinginformativefunnyunderrated descriptive typodupeerror
Sign up for the Slashdot newsletter! or check out the new Slashdot job board to browse remote jobs or jobs in your area
After Two Days, Asus Fixed Router-Freezing Glitch (arstechnica.com) 35
Posted by EditorDavid
on Saturday May 20, 2023 @01:34PM from the repairing-routers dept.Two days later, the Taiwan-based hardware maker has finally answered the calls for help. The mass outage, the company said, was the result of "an error in the configuration of our server settings file." After fixing the glitch, most users needed to only reboot their devices. In the event that didn't fix the problem, the company's support team advised users to save their current configuration settings and perform a factory reset. The company also apologized...
Asus still hasn't provided details about the configuration error. Various users have offered explanations online that appear to be correct. "On the 16th, Asus pushed a corrupted definition file for ASD, a built-in security daemon present in a wide range of their routers," one person wrote. "As routers automatically updated and fetched the corrupted definition file, they started running out of filesystem space and memory and crashing."
-
›
There's zero reason to be running stock firmware on those routers if they're compatible with Asuswrt-Merlin
https://www.asuswrt-merlin.net... [asuswrt-merlin.net]
-
Merlin still includes the asd daemon.
-
FreshTomato does NOT...
-
-
The annoying thing is newer models of Asus routers that were formerly easy to flash with a custom firmware now refuse to do so from the admin page. You have to do the tftp recovery process and upload your firmware then. Annoying shit.
-
OR FreshTomato.. I've seen both Merlin and FreshTomato and I find FreshTomato the best of the two.
-
-
Why would a company think they have any right to push an update to a router someone has purchased? Once someone buys the product, the company has no right to do anything to the prodcut without the person's permission.
On top of which, didn't they bother to do any testing? Or are they using end users as their test bed to save some money by not having a QA division?
-
Probably because the person had not disabled automatic updates. Sad but true, some combination of modern software complexity and the urge to be first to market means that products with software in them need to be updated.
-
Several users in one of TFAs mentioned that they had Auto-Update disabled, and experienced the problem anyway, but also that, according to the logs, their systems checked for an update before the problem started. Don't know why that would cause this problem...
-
Bummer. Smug mode on, I don't buy routers I can't reflash to something sensible.
According to TFA they botched an update. Pity they don't test, I guess.
-
I meant if Auto-Update was, in fact, disabled, as the users noted, why would simply auto-checking for an update cause this problem. Possible reasons? (a) Some sort of (botched) updated was performed anyway; (b) something was downloaded during the check and caused an issue (that persisted over reboots)...
-
(c) the check was logged but the update wasn't
(d) some combination of the above
No matter the cause, it's time to get some third party firmware.
-
-
-
My Asus Router froze. My auto-update was almost certainly off.
Factory reset worked, and I did update the firmware afterwards and the old was was quite old.
I am a bit ambivalent about auto-update and companies pushing security updates. 99% of router users just want the thing to work and be safe.
-
-
-
I'd lay money on the configuration update being fine but a bug in the daemon meant it went haywire with what should have been a valid value.
-
Conspiracy theory: this was a botched test of their ability to intentionally brick routers located in wrong countries.
-
-
Because there is a mentality that has become common among businesses -- we still own and control the product that you bought.
QA costs money, and that cuts into the company's profits which then cuts into the bonus that the CEO gets for hitting the right profit numbers.
-
by rsmith-mac ( 639075 ) on Saturday May 20, 2023 @03:46PM (#63537727)
Why would a company think they have any right to push an update to a router someone has purchased? Once someone buys the product, the company has no right to do anything to the prodcut without the person's permission.
- 1) Because providing ongoing security definitions is unequivocally a good thing. There are millions of Asus routers out there, most of whom are owned by clueless users who just want the thing to work - and conversely, who would never notice if their router was being used as part of a botnet or had been hijacked to snoop on them.
- 2) Because Asus got its ass handed to it by the FTC [ftc.gov] in 2015 for not providing security updates. As a consequence of not providing sufficient security for their products in the past, they've been required to operate a security program for the past 8 years, with another 12 years to go.
Bear in mind that Asus isn't even alone in this. The closest analogue, Apple's XProtect, similarly runs entirely in the background and is regularly downloading updates to keep apprised of the latest malware. Microsoft of course has Windows Defender, but they also distribute their monthly Malicious Software Removal Tool (even to OSes that no longer qualify for security updates).
Routers are the internet-facing box in most consumer networks. They are the first (and sometimes only) line of protection between a hostile Internet and a whole bunch of poorly supported hardware on the other side - sometimes including the router itself. So it is critical that these millions upon millions of tiny Linux boxen are not left to be abused by malware.
-
Probably an unknown but critical security flaw and they thought the could get away with it. I have a fairly old model Asus mesh system and the fix as I understand was to a Trend Net AiProtection integration - various different things no user ought to want like blacklisting of bad sites, etc. I had this off and I would have thought that would be enough but it still crashed the router and took a complete reset of it and all nodes to fix.
-
-
From one of TFA:
Okay, I get automatically *checking* for a FW update, even if Auto Update itself is disabled, but why would that initiate a problem -- unless some update actually happened, or something was actually downloaded and consumed RAM? I'd flag either as undesirable. Also I probably would NOT want auto update enabled on my router, especially if a botched update blocked access to the WAN -- what if I was away when it happened? I still have things running that need access...
-
It is highly likely that "auto update firmware" and "auto update security pattern definitions" are different settings.
It's also likely there isn't a specific setting worded as "auto updates for security definitions"
When you enable using the published IP blacklists, there's really no way this could work without either locally caching or live checking those published blacklists.Checking online blacklists "live" is a really bad idea for performance reasons. That's why nearly all of them use DNS and thus DNS T
-
-
I was looking around to replace my aging vdsl router with something new (WiFi 6 etc) and it seemed the consensus was that at up to the $200-$300 price point I was looking at, Asus had the best offerings.
Well, pushing ANYTHING on my router without me asking is definitely an instant fail on my list. I guess back to the drawing board...-
If you're up for a bit of work on the front end PFSense + Ubiquiti AP has been excellent for me and very stable once it was installed.
-
-
Two days ago all 3 of my dumb Zyxel switches in one subnet needed a power-cycle to start to work again. That has never happened before and they are several years old. They are behind a firewall but can theoretically get out into the Internet. There are also two Win10 PCs on that subnet. Another subnet with only Linux systems and one of the same switches had no issues. To the best of my knowledge, I have no ASUS crap in the affected network except the mainboard of one of those Win10 machines (everything else
-
Where do you buy the load of tinfoil for your hats?
-
-
I was affected by this. It was not a firmware update that caused this. The router regularly downloads some list of blocked IPs, because they are known to spread malware or control botnets, etc. And this file was corrupted, and caused a log file to fill the router memory in 10 minutes. After that for example dnsmasq and other services stopped working because "no space left on device".
https://www.snbforums.com/thre... [snbforums.com]
-
Why is this downvoted?
-
Probably some no-honor, no-integrity moderator but-hurt because of something else the poster said. At least the posting itself is clearly informative and should be upvoted, not down.
-
It wasn't downvoted (and has now been upvoted to zero). The poster starts with negative karma because his history consists mainly of one-liners and observations like:
-
-
-
I had to reboot my Asus router to get it working again and wasn't sure what had happened - until now. I thought maybe its lifetime was nearing the end.
-
Same here. Spent halfmor in parking one of my Mikrotiks between Asus and Internet to see what is happening
-
-
It has been known for many a year that ASUS routers are total garbage unsuitable for any purpose -- they were designed so.
This merely confirms that knowledge.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK