The issue I am facing:
I am not sure I can trust routers with factory firmware that is not open source.
I have a 4G AC86U Asus router, which I first acquired for the 4G fallback feature, but now would like to use for DDoS protection.
The problem: I don't know how secure the original firmware is.
For the moment I suspect backdoor management exist, given the the fact that the un tampered router has changed DNS behavior multiple times, with my personal DNS resolver and server on the LAN (running Pi hole + unbound) being able to access the internet all the times, while all other clients being alternately blocked out or working. This has happened in the following circumstances:
- without me doing any changes in the router settings & without any visible changes in GUI that I could observe;
- Without anyone having physical access to my router (I am the only person who has the key to my apartment + I have 24/7 CCTV running)
- With the WiFi of the router set to accept a single non existent MAC address and a 40 mixed characters password (as I was not using the WiFi, but it is not possible to disable it from the router’s settings)
- The router was indeed assigned a public IP address (dynamic one), but WAN management was disabled
- For LAN management, router user name set was as a second password (nonstandard) + the password was 30 mixed characters, the router password was not changed;
- I would assume the router was not hacked into, but rather accessed with knowledge provided by the manufacturer themselves and I also assume the DNS poisoning was done with the help of the ISP (please read my diary to understand this assumption: www.ovidiuteleche.ro);
- It is possible that the DNS was poisoned somehow because my Ubuntu desktop updates stopped working normally immediately after I had these issues;
I would need to use this router because it offers DDoS protection that I cannot easily find as an open source service, plus I invested a considerable amount of money into it.
My questions are:
- Is there any security measure I could take if I decide to continue using this router? Perhaps in the form of automated continuous monitoring of the network traffic?
- From my experience it would seem that Pi hole + unbound was vulnerable to this attack. Would just setting OpenDNS (or Google DNS) IP addresses in the router’s DNS server settings be a safe choice?
- Do you think there is any slim chance to either force ASUS to open source their firmware or release a clean open source alternative to the firmware? In that purpose I could be spreading this info online to create pubic pressure on the manufacturer.
Details about my system:
4G AC86U Asus router
Pi-hole with unbound running on a local Raspberry Pi 4B
What I have changed since installing Pi-hole:
I didn't change anything since the original configuration that was perfectly functional. DNS behaiour on my LAN has changed "by itself" multiple times.