Multiple Asus Routers Out of Memory Problems on May 17, 2023

[purecomedy]

My own router Asus (AC68U) and another family member (with ASUS AX55) started to have internet issues yesterday. Funny thing is we have different ISPs (different areas of the city) so I was able to track it down to the fact we both had ASUS routers. As soon as I started Google search I started to find other issues with Asus routers on May 17th as well.

It finally got me to look at my log file to see tons of these errors:
May 17 12:06:41 dnsmasq-dhcp[2631]: failed to write /var/lib/misc/dnsmasq.leases: No space left on device (retry in 60s)

The usual powering down and starting the router back up was only working for a few hours for my router and 10 minutes for the AX55. It leads me to believe the log file isn't cleared from memory (which surprises me a bit).

Solution (for now): Both of the firmware versions were not up to date so on both routers was able to download and update the firmware. This seems to have bought enough space for now to avoid the router from going down.

But this leaves me with so many questions...why did this happen on multiple models on May 17th? Is it the date or is it something else?

Why can't you purge the log file directly (I've only seen evidence of doing things like a factory reset and even that doesn't always work)?

I've also seen 3rd party firmware (WRT) that's generating the same error filling up the log file? How can this be?

Is there some easy to install software that can more directly manage log files and such on the device? One thing I've done is try to turn off things like Traffic monitor and just collect less stats in general. The DHCP error though, I feel like that's fairly hard to turn off renewing those DHCP on devices. Maybe this leads to motivation to make things as much static IP as possible (but just silly to have to resort to this).

I'm nowhere near technical enough to know why this is happening but man this is just brutal. Can I expect this will be fixed in a soon to be released firmware update or will this be an ongoing issue?

EDIT: One potential solution I found a reference to is using one of the USB slots to house a hard drive where some files can be saved instead of into memory. Would need to research this further...

[YeOldeStonecat]

Seems to be a corrupted threat protection definition....here's a looooong thread from a bunch of Asus using gamers that all had the same problem across various Asus models starting yesterday...
https://rog-forum.asus.com/t5/gaming-ro ... d-p/929910

[purecomedy]

Seems to be a corrupted threat protection definition....here's a looooong thread from a bunch of Asus using gamers that all had the same problem across various Asus models starting yesterday...
https://rog-forum.asus.com/t5/gaming-ro ... d-p/929910

I agree, upon looking through Google many people are losing their minds over this. What's your sense, is this corrupted threat protection thing easily fixed? No idea if that's something that auto-updates etc.

[purecomedy]

https://www.tomsguide.com/news/asus-cyc ... orm-botnet

This says Russian hackers are to blame…I don’t believe AX55 was on the list of routers in the article but did seem to be affected.

Main question I have is do I really need a factory reset before installing the new firmware?

[YeOldeStonecat]

Not sure if it's that, that exploit is pretty old (article goes back to 2018). I would make a hunch that Asus patched it since then.
Lots of exploits will survive a reboot, so..yeah factory resetting for patching with updated (fixed) firmware is a good idea if malware/exploits are suspect.

[Philip]

I use an Asus RT-AX86S, but I don't have the auto firmware updates enabled, I prefer to wait a while and do them manually. Firmware issues are rare these days, but still.

[purecomedy]

Not sure if it's that, that exploit is pretty old (article goes back to 2018). I would make a hunch that Asus patched it since then.
Lots of exploits will survive a reboot, so..yeah factory resetting for patching with updated (fixed) firmware is a good idea if malware/exploits are suspect.

Seems more recent than that, article is from May 18, 2023 https://www.tomsguide.com/news/asus-cyclops-blink-sandworm-botnet

[YeOldeStonecat]

I only see March 18, 2022...but referring to most of it happening a bit before that. Just a little resurgance of it recently for those who never updated firmware.