Can the default asus.com url at login be avoided?

[128bit]

i'm sure this has been discussed, so excuse me for missing out. i would prefer to use a dotted decimal ip to log in to my ac86u. keep in mind, my router has been reconfigured to use a different ip other than the default 192.168.50.1 or whatever that default that comes with the ac86u.

whenever i do use my address or even the default for that matter, it appears to be redirected to "http://router.asus.com/Main_Login.asp." of concern, 1) can my passwords, etc be seen at asus.com? and 2) can the redirect be totally eliminated? no asus ddns has been configured.

 

[RMerlin]

Nothing leaves your LAN. router.asus.com resolves to the IP address of your router, it never goes into the Internet.

 

[128bit]

weird, but i trust u.

thanks, much

 

[Yota]

If you use Merlin firmware, you can eliminate access to asus.com with custom scripts.

/jffs/scripts/dnsmasq.postconf

#!/bin/sh
sed -i "\\~router.asus.com~d" "/tmp/ｅｔｃ/hosts"
sed -i "\\~www.asusnetwork.net~d" "/tmp/ｅｔｃ/hosts"
sed -i "\\~www.asusrouter.com~d" "/tmp/ｅｔｃ/hosts"

This forum has a error, you cannot post the correct "etc". please replace it with the correct one before you use.
And DON'T FORGET to disable SSH, it will only bring you more security risks.


For stock firmware, you can also use this script, but you need some hacking means to make the script run after each boot.

Nothing leaves your LAN. router.asus.com resolves to the IP address of your router, it never goes into the Internet.

And this is a security weakness, a security consultant once said:

Access to the web interface of a router is typically done via IP address. But dealing with IP addresses may well be too much for non-techies. Thus, to make things easier (almost always a security issue in the making) for people, some router companies offer fixed names. This lets someone on the LAN get into the router with http://something.easy rather than http://1.2.3.4. Netgear uses www.routerlogin.com and www.routerlogin.net. TP-LINK uses tplinklogin.net, Asus uses router.asus.com, Netis uses netis.cc, Edimax uses edimax.setup, Amped Wireless uses setup.ampedwireless.com, Linksys uses myrouter.local and linksyssmartwifi.com. According to RouterCheck.com (the page is both undated and un-credited) this is a security weakness. Even if you follow the advice offered on this site, and elsewhere, to use a non-standard local subnet (such as 10.11.12.x) bad guys can still find your router (most likely via CSRF in a malicious web page) using these aliases. In addition, none of the router vendor documentation indicates that any of these names support HTTPS, which should always be used when logging in to a router.

 

[ColinTaylor]

If you use Merlin firmware, you can eliminate access to asus.com with custom scripts.

By doing this you have just made your security worse because now those internal names will be resolved by an external DNS server potentially sending your traffic to an external site.

And this is a security weakness, a security consultant once said:

This is unrelated to the OP's name resolution question. If the OP enables HTTPS then he can log into his router using that if he chooses to.

 

[Yota]

By doing this you have just made your security worse because now those internal names will be resolved by an external DNS server potentially sending your traffic to an external site.

This is unrelated to the OP's name resolution question. If the OP enables HTTPS then he can log into his router using that if he chooses to.

If you use HTTPS and delete redirects, virtually no data will be sent to external sites, except for DNS resolution requests. but you can add the following code to your script to prevent it from happening.
/jffs/scripts/dnsmasq.postconf

#!/bin/sh
CONFIG=$1
sed -i "\\~router.asus.com~d" "/tmp/ｅｔｃ/hosts"
sed -i "\\~www.asusnetwork.net~d" "/tmp/ｅｔｃ/hosts"
sed -i "\\~www.asusrouter.com~d" "/tmp/ｅｔｃ/hosts"
echo 'address=/router.asus.com/0.0.0.0' >> $CONFIG
echo 'address=/www.asusnetwork.net/0.0.0.0' >> $CONFIG
echo 'address=/www.asusrouter.com/0.0.0.0' >> $CONFIG

Don't forget to fix the "etc" error.
And DON'T FORGET to disable SSH, it will only bring you more security risks.


I have used similar code for two years, no any problem, and actually many security consultants recommend this. like this:

Things we don’t like
Local names for routers

Some vendors try to make life easier for their customers by allowing access to a local router with a name such as “mylocal.com” instead of the more prevalent local IP address such as 192.168.0.1. While this seems like a nice feature, it actually is a bit of security risk.

The risk that it poses is that it allows an attacker to easily find a router on a local network without any other information. A good habit to get into is to move your router to a non-standard IP address (such as 192.168.0.99 – yeah, you can do that).By doing this, you can hide the router from hackers and gain a bit of safety.

But… if the router supports a local name, there’s nowhere to hide. That’s why we don’t like this “feature”.

 

[OzarkEdge]

If you use Merlin firmware, you can eliminate access to asus.com with custom scripts.
...
I have used similar code for two years, no any problem

Pointless router hacking. I have used no such code since forever, no any problem.

OE

 

[Keith Gorham]

I am about 99% sure there is a setting to not use the redirect.

 

[RMerlin]

And this is a security weakness, a security consultant once said:

I disagree. The same information can easily be retrieved through other means.

 

[KevTech]

If you use Merlin firmware, you can eliminate access to asus.com with custom scripts.

Merlin already provides an option in the GUI to disable redirect.

 

[Yota]

I disagree. The same information can easily be retrieved through other means.

A remote attacker cannot use a browser script to get the router's local IP using other means. but it's easy to do with a known link. so, I do just protects against attacks from the Internet.

And one more thing, the hosts file contain unregistered domain (maybe the domain expired asus just forgot to renew it), like www.asusnetwork.net, which is very dangerous, anyone can register it, and then phishing attacks.
That's why I did it.

Merlin already provides an option in the GUI to disable redirect.
View attachment 22003

I agree that this is a great feature, but even if you do, you can still access it through your local domain. this does not prevent attacks from the Internet, it just does not redirect.

 

[RMerlin]

anyone can register it, and then phishing attacks.

The hosts file on your router would still have priority over any public DNS entry.

 

[Yota]

The hosts file on your router would still have priority over any public DNS entry.

Except that you have enabled the DNS filter and set it to "router", otherwise it is like the DoH is enabled by default in Firefox, or 8.8.8.8 you set manually will break all of them. so maybe it will be a good idea to remove them in the future firmware.

 

[RMerlin]

Except that you have enabled the DNS filter and set it to "router", otherwise it is like the DoH is enabled by default in Firefox, or 8.8.8.8 you set manually will break all of them. so maybe it will be a good idea to remove them in the future firmware.

Just another reason why I believe that implementing a resolver in a web browser is a bad idea.