Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Networking

After Two Days, Asus Fixed Router-Freezing Glitch (arstechnica.com) 40

An anonymous reader shared ths report from Ars Technica: On Wednesday, Asus router users around the world took to the Internet to report that their devices suddenly froze up for no apparent reason and then, upon rebooting repeatedly, stopped working every few minutes as device memory became exhausted.

Two days later, the Taiwan-based hardware maker has finally answered the calls for help. The mass outage, the company said, was the result of "an error in the configuration of our server settings file." After fixing the glitch, most users needed to only reboot their devices. In the event that didn't fix the problem, the company's support team advised users to save their current configuration settings and perform a factory reset. The company also apologized...

Asus still hasn't provided details about the configuration error. Various users have offered explanations online that appear to be correct. "On the 16th, Asus pushed a corrupted definition file for ASD, a built-in security daemon present in a wide range of their routers," one person wrote. "As routers automatically updated and fetched the corrupted definition file, they started running out of filesystem space and memory and crashing."

This discussion has been archived. No new comments can be posted.

After Two Days, Asus Fixed Router-Freezing Glitch

Comments Filter:
  • There's zero reason to be running stock firmware on those routers if they're compatible with Asuswrt-Merlin

    https://www.asuswrt-merlin.net... [asuswrt-merlin.net]

  • by quonset ( 4839537 ) on Saturday May 20, 2023 @12:42PM (#63537449)

    Why would a company think they have any right to push an update to a router someone has purchased? Once someone buys the product, the company has no right to do anything to the prodcut without the person's permission.

    On top of which, didn't they bother to do any testing? Or are they using end users as their test bed to save some money by not having a QA division?

    • Why would a company think they have any right to push an update to a router someone has purchased?

      Probably because the person had not disabled automatic updates. Sad but true, some combination of modern software complexity and the urge to be first to market means that products with software in them need to be updated.

      • Why would a company think they have any right to push an update to a router someone has purchased?

        Probably because the person had not disabled automatic updates.

        Several users in one of TFAs mentioned that they had Auto-Update disabled, and experienced the problem anyway, but also that, according to the logs, their systems checked for an update before the problem started. Don't know why that would cause this problem...

        • Several users in one of TFAs mentioned that they had Auto-Update disabled, and experienced the problem anyway, but also that, according to the logs, their systems checked for an update before the problem started.

          Bummer. Smug mode on, I don't buy routers I can't reflash to something sensible.

          Don't know why that would cause this problem...

          According to TFA they botched an update. Pity they don't test, I guess.

          • Don't know why that would cause this problem...

            According to TFA they botched an update. Pity they don't test, I guess.

            I meant if Auto-Update was, in fact, disabled, as the users noted, why would simply auto-checking for an update cause this problem. Possible reasons? (a) Some sort of (botched) updated was performed anyway; (b) something was downloaded during the check and caused an issue (that persisted over reboots) ...

            • (c) the check was logged but the update wasn't

              (d) some combination of the above

              No matter the cause, it's time to get some third party firmware.

        • My Asus Router froze. My auto-update was almost certainly off.

          Factory reset worked, and I did update the firmware afterwards and the old was was quite old.

          I am a bit ambivalent about auto-update and companies pushing security updates. 99% of router users just want the thing to work and be safe.

    • I'd lay money on the configuration update being fine but a bug in the daemon meant it went haywire with what should have been a valid value.

    • Why would a company think they have any right to push an update to a router someone has purchased?

      Because there is a mentality that has become common among businesses -- we still own and control the product that you bought.

      On top of which, didn't they bother to do any testing?

      QA costs money, and that cuts into the company's profits which then cuts into the bonus that the CEO gets for hitting the right profit numbers.

    • Re:Why? (Score:5, Insightful)

      by rsmith-mac ( 639075 ) on Saturday May 20, 2023 @02:46PM (#63537727)

      Why would a company think they have any right to push an update to a router someone has purchased? Once someone buys the product, the company has no right to do anything to the prodcut without the person's permission.

      • 1) Because providing ongoing security definitions is unequivocally a good thing. There are millions of Asus routers out there, most of whom are owned by clueless users who just want the thing to work - and conversely, who would never notice if their router was being used as part of a botnet or had been hijacked to snoop on them.
      • 2) Because Asus got its ass handed to it by the FTC [ftc.gov] in 2015 for not providing security updates. As a consequence of not providing sufficient security for their products in the past, they've been required to operate a security program for the past 8 years, with another 12 years to go.

      Bear in mind that Asus isn't even alone in this. The closest analogue, Apple's XProtect, similarly runs entirely in the background and is regularly downloading updates to keep apprised of the latest malware. Microsoft of course has Windows Defender, but they also distribute their monthly Malicious Software Removal Tool (even to OSes that no longer qualify for security updates).

      Routers are the internet-facing box in most consumer networks. They are the first (and sometimes only) line of protection between a hostile Internet and a whole bunch of poorly supported hardware on the other side - sometimes including the router itself. So it is critical that these millions upon millions of tiny Linux boxen are not left to be abused by malware.

    • Why would a company think they have any right to push an update to a router someone has purchased?

      Probably an unknown but critical security flaw and they thought the could get away with it. I have a fairly old model Asus mesh system and the fix as I understand was to a Trend Net AiProtection integration - various different things no user ought to want like blacklisting of bad sites, etc. I had this off and I would have thought that would be enough but it still crashed the router and took a complete reset of it and all nodes to fix.

  • From one of TFA:

    [one user] Looking back at when the router locked up initially overnight, it seems like it tried to look for a firmware update automatically around 4am, (which is strange because I have auto updates turned off), then started spamming the 'NBUF alloc failed' message:

    [another user] Everything was good with this router and I haven't touched any settings but same as OP, last night I had a failed FW update (I also have auto-update disabled) and then since then I get the same NBUF failed to allocate leading to out of memory error.

    Okay, I get automatically *checking* for a FW update, even if Auto Update itself is disabled, but why would that initiate a problem -- unless some update actually happened, or something was actually downloaded and consumed RAM? I'd flag either as undesirable. Also I probably would NOT want auto update enabled on my router, especially if a botched update blocked access to the WAN -- what if I was away when it happened? I still have things running that need access...

    • by Anonymous Coward

      Okay, I get automatically *checking* for a FW update, even if Auto Update itself is disabled, but why would that initiate a problem -- unless some update actually happened, or something was actually downloaded and consumed RAM? I'd flag either as undesirable. Also I probably would NOT want auto update enabled on my router, especially if a botched update blocked access to the WAN -- what if I was away when it happened? I still have things running that need access...

      It is highly likely that "auto update firmware" and "auto update security pattern definitions" are different settings.

      It's also likely there isn't a specific setting worded as "auto updates for security definitions"
      When you enable using the published IP blacklists, there's really no way this could work without either locally caching or live checking those published blacklists.

      Checking online blacklists "live" is a really bad idea for performance reasons. That's why nearly all of them use DNS and thus DNS T

  • I was looking around to replace my aging vdsl router with something new (WiFi 6 etc) and it seemed the consensus was that at up to the $200-$300 price point I was looking at, Asus had the best offerings.
    Well, pushing ANYTHING on my router without me asking is definitely an instant fail on my list. I guess back to the drawing board...

  • by gweihir ( 88907 )

    Two days ago all 3 of my dumb Zyxel switches in one subnet needed a power-cycle to start to work again. That has never happened before and they are several years old. They are behind a firewall but can theoretically get out into the Internet. There are also two Win10 PCs on that subnet. Another subnet with only Linux systems and one of the same switches had no issues. To the best of my knowledge, I have no ASUS crap in the affected network except the mainboard of one of those Win10 machines (everything else

  • I had to reboot my Asus router to get it working again and wasn't sure what had happened - until now. I thought maybe its lifetime was nearing the end.

    • Same here. Spent halfmor in parking one of my Mikrotiks between Asus and Internet to see what is happening

  • It has been known for many a year that ASUS routers are total garbage unsuitable for any purpose -- they were designed so.

    This merely confirms that knowledge.

  • ... followed by "What do the logs show"?

    "failed to write /var/lib/misc/dnsmasq.leases: no space left on device"

    A quick search and consider me somewhat alarmed that I didn't disable auto-update - I'm sure I did.
    That's usually the _first_ thing I do with any modern router I buy, for the exact reason we see in this story.

    As for a reboot - did nothing, but updating the firmware did.

    Still happy with the router though - I've got two RT-AC86U's meshed, to provide a connection to my summerhouse office in the garden

  • Overall, the taxes for cars in the US are super low compared to some European countries.

    For example, a Ford Bronco would cost more than $5000 to register it in Belgium https://www.moniteurautomobile.be/conseils-financiers/tmc-bruxelles-et-wallonie/taxe-mise-en-circulation-bruxelles-wallonie.html [moniteurautomobile.be]

    You're not paying anything like that in Texas. The funds raised could go towards the roads in infrastructure. Someone has to pay for the roads, so it might as well be people who won't be paying fuel taxes.

Trap full -- please empty.

Working...