Asus DDNS: Unauthorized Registration Request

[cdikland]

I have been using the ASUS DDNS service (myname.asuscomm.com) for as long as I can remember without issue. Recently I noticed a yellow exclamation mark next to my ASUS DDNS name on the "General/Network Map" page. Clicking on the mark shows the following error. "unauthorized registration request". I checked the setting on page "Advanced Settings/AN/DDNS" and get the same error if I try to (re) apply the settings.

I checked my log file and noticed the following entries for DDNS

Nov 6 05:44:37 ddns update: ez-ipupdate: starting...
Nov 6 05:44:37 ddns update: connected to nwsrv-ns1.asus.com (103.10.4.108) on port 80.
Nov 6 05:44:40 ddns update: Asus update entry:: return: HTTP/1.1 401 |Authorization failed^M Date: Fri, 06 Nov 2015 10:44:37 GMT^M Server: Apache/2.4.9 (Unix) PHP/5.5.14 OpenSSL/1.0.1h^M X-Powered-By: PHP/5.5.14^M Content-Length: 0^M Content-Type: text/html^M ^M
Nov 6 05:44:40 ddns update: retval= 2, ddns_return_code (,401)
Nov 6 05:44:40 ddns update: asusddns_update: 2


I tested my hostname using the link http://iplookup.asus.com/nslookup.php provide under the DDNS tab and everything works fine. So why am I getting this warning and what can I do to remove it?


Setup: RT-AC68U with Merlin FW 378.56_2

 

[sfx2000]

Nov 6 05:44:40 ddns update: Asus update entry:: return: HTTP/1.1 401 |Authorization failed^M Date: Fri, 06 Nov 2015 10:44:37 GMT^M Server: Apache/2.4.9 (Unix) PHP/5.5.14 OpenSSL/1.0.1h^M X-Powered-By: PHP/5.5.14^M Content-Length: 0^M Content-Type: text/html^M ^M

Someone with connections to Asus should advise them to disable server signature in the apache httpd config... basic security.

Add the following two lines at the end of Apache config file..

ServerSignature Off
ServerTokens Prod
​

And then remove the PHP version... in php.ini, add/modify the following line and again, kick the server...

expose_php = Off​

 

[sfx2000]

They need to fix this sooner than later, esp. as this is a normative source for dynamic hostnames - clever hacker could have a lot of fun with this, evil hacker could co-opt things for malware payloads or dns redirection..

$ curl -v nwsrv-ns1.asus.com
* Rebuilt URL to: nwsrv-ns1.asus.com/
* Trying 103.10.4.108...
* Connected to nwsrv-ns1.asus.com (103.10.4.108) port 80 (#0)
> GET / HTTP/1.1
> Host: nwsrv-ns1.asus.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Fri, 06 Nov 2015 15:44:19 GMT
< Server: Apache/2.4.9 (Unix) PHP/5.5.14 OpenSSL/1.0.1h
< X-Powered-By: PHP/5.5.14
< Location: http://event.asus.com/2012/nw/aicloud/index.htm
< Content-Length: 0
< Content-Type: text/html
<
* Connection #0 to host nwsrv-ns1.asus.com left intact​

 

[kvic]

They need to fix this sooner than later, esp. as this is a normative source for dynamic hostnames - clever hacker could have a lot of fun with this, evil hacker could co-opt things for malware payloads or dns redirection..

In that case, you'd better send Asus an email, and delete details in your posts. lol

 

[kvic]

I have been using the ASUS DDNS service (myname.asuscomm.com) for as long as I can remember without issue. Recently I noticed a yellow exclamation mark next to my ASUS DDNS name on the "General/Network Map" page. Clicking on the mark shows the following error. "unauthorized registration request". I checked the setting on page "Advanced Settings/AN/DDNS" and get the same error if I try to (re) apply the settings.

Did you change your WAN connection lately? What do you get if you run the following

ez-ipupdate -S dyndns -i eth0 -a <your public ip> -h <your ddns> -A 2 -s nwsrv-ns1.asus.com

 

[Puppa]

Ouch! Doesn't someone at SNB or maybe Eric have an ASUS contact to get them to fix this pronto? Seeing this is not very comforting...

 

[RMerlin]

Ouch! Doesn't someone at SNB or maybe Eric have an ASUS contact to get them to fix this pronto? Seeing this is not very comforting...

To be blunt, I'm not paid to monitor Asus's web servers. If their sysadmins don't have the basic know-how to properly harden a web server, nobody's paying me to work as their security consultant...

 

[sfx2000]

To be blunt, I'm not paid to monitor Asus's web servers. If their sysadmins don't have the basic know-how to properly harden a web server, nobody's paying me to work as their security consultant...

Exactly...

Anybody using the service - the Asus DDNS, can send over a courtesy email perhaps..

 

[cdikland]

Did you change your WAN connection lately? What do you get if you run the following

ez-ipupdate -S dyndns -i eth0 -a <your public ip> -h <your ddns> -A 2 -s nwsrv-ns1.asus.com

Error=Invalid Hostname

 

[cdikland]

I contacted ASUS Support and their (all too typical) answer was: Factory Reset.. . Result: It worked

 

[Puppa]

Too bad that factory reset won't fix their security issues. Depending on what you use their ddns for, it could be time to look for a more secure alternative. Definitely do not use a common password between their DDNS and something else that is important to you (good rule anyway).

 

[Steklorez]

It is better not to use the DDNS of the ASUS.
Very often it is broken.
I can advise my experience:
dnsomatic -> DLinkDDNS and\or afraid.org and\or any from his list.
It is safer and more reliable working for me.

 

[Edouard]

In my case this happen because I block Asia in my Firewall, So I use iptables to let pass the specefic IP:

iptables -A INPUT -p tcp -s 103.10.4.108 -j ACCEPT