Sunday, July 20, 2014

ASUS RT-AC87U / RT-AC87R first look

I've spent some time digging around the software on a few ASUS wireless router models this year, after finding a flaw that prevented the routers from recognizing new firmware was available in February. Along the way I found a modest bug in which the routers revealed the administrator password in clear text anytime the administrator was logged in (which was essentially always, since the routers did not automatically log you out). This week I had the privilege of exploring a pre-release unit of the brand new RT-AC87U, which uses multiple bands and multiple antennae to achieve what ASUS dubs “AC2400.” I'll write more in a few days, but here are my first impressions.

The specs:

Quantenna 4×4 MU-MIMO chipset with 4 antennae.
Maximum single-client throughput of 1733 MBPS*
Maximum combined throughput of 2333 MBPS
4 gigabit Ethernet ports
1 gigabit Ethernet WAN port
1 USB 2.0 port (rear)
1 USB 3.0 port (front) (both support up to 2TB drives)
Adaptive QoS**
250MB RAM
Dual core ARM Cortex A9 processor @ 2000 “BogoMIPS” (likely 1000 MHz, though the actual spec was not disclosed)
“AiProtection with Trend Micro” ***
List price: $279.99

* You’ll only get this theoretical maximum throughput if you have a MU-MIMO client … which at present do not exist, save for another MU-MIMO router.

** The Adaptive QoS is a serious step up from the rudimentary QoS available on earlier models. A minor gripe though is that the new bandwidth monitor only shows throughput on the WAN port - you can't see traffic flow within your own LAN.

*** This looks like a step up from earlier firewall settings, now with built-in malicious site blocking and infected client detection/isolation, as well as parental controls with time scheduling and web / app filtering.

Initial observations

  • The AC87U runs warm. Out of the box, it is very hot. Update to the first OTA firmware update (3.0.0.4.376.1779) though, and it's considerably cooler, though still noticeably warmer than my old AC66U.
  • The GUI is far faster than the AC66U. ASUS has done quite the job optimizing the administrative user interface.
  • I've not done serious performance testing yet, but some basic tests with consumer-grade 802.11n devices show a marked speed increase over the AC66U. a 4GB video file that takes on average 12 minutes to transfer from the AC66U (equating to a throughput rate of about 45 MBit/second), transfers in about 7 minutes on the AC87U (for a transfer rate of about 75 MBit/second). That's a far cry from the 1,733 MBit/second theoretical maximum rate with a MU-MIMO client, but I'll take it.
  • The default wireless encryption is WPA2-AES, the strongest form currently available for most users (without setting up RADIUS infrastructure, which is beyond most home users). This is a good thing.
  • The setup wizard prompts you to change the admin password, and to set a strong password. This is a good thing.
  • The antennae tend not to stay put, but ASUS tells me the retail model has a slightly different antenna design that is more sturdy.
  • The front USB port is covered by an awkward rubber faceplate. Some may like it ... I don't.
  • With the GUI set to English, the "AiProtection" tab to enable built-in security features needs some work. The instructions and explanations are written in very poor English. ASUS assures me this will be fixed quickly.
That's all for now. I'll post an update later this week, and look more deeply into the security the router provides (as well as the security of the firmware itself).



Update 26-July: Today ASUS released firmware version 3.0.0.4.376.2044. This includes GUI fixes (including the aforementioned AiProtection verbiage), a few minor bug fixes, and some minor performance improvements. Coming in the next week or two are two more firmware revisions, one to improve wireless performance and range, and one that should noticeably improve I/O performance on the USB ports.





Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at) securityforrealpeople.com, or hit me up on Twitter at @dnlongen

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.