Disable local domain for admin login?

[SMS786]

Is it possible to disable the admin login page to be accessible by accessing http://router.asus.com ? I always login using the custom IP address I set for my admin page..

I ask because of the well documented security issues posed by easy access due to local domains..

 

[Jack Yaz]

Is it possible to disable the admin login page to be accessible by accessing http://router.asus.com ? I always login using the custom IP address I set for my admin page..

I ask because of the well documented security issues posed by easy access due to local domains..

You can probably use a dnsmasq.postconf script to strip the relevant entries from the hosts file in /etc

Not sure of the top of my head which file it is but hopefully this is enough to go on for now!

EDIT: I do not know if this will break other router features relying on the hostname

 

[SMS786]

You can probably use a dnsmasq.postconf script to strip the relevant entries from the hosts file in /etc

Not sure of the top of my head which file it is but hopefully this is enough to go on for now!

EDIT: I do not know if this will break other router features relying on the hostname

Thanks. The thought had crossed my mind to use dnsmasq, but seemed more of a "scorched earth" solution. Was wondering if there was an option in the webui that I was overlooking. Seems not.

 

[Adamm]

You would have to edit the hosts file (via the postconf scripts) and remove the entry accordingly.

admin@RT-AC86U-2EE8:/tmp/etc# cat hosts
127.0.0.1 localhost.localdomain localhost
192.168.1.1 router.asus.com
192.168.1.1 www.asusnetwork.net
192.168.1.1 www.asusrouter.com
192.168.1.1 RT-AC86U-2EE8. RT-AC86U-2EE8

 

[kfp]

But there is no point in removing the entry, since this will only resolve on your local network. This won’t work remotely.

What attack scenario is this supposed to prevent? Someone already having a foothold in your LAN? First thing they might try is router.asus.com, second would be 192.168.1.1.

 

[Jack Yaz]

But there is no point in removing the entry, since this will only resolve on your local network. This won’t work remotely.

What attack scenario is this supposed to prevent? Someone already having a foothold in your LAN? First thing they might try is router.asus.com, second would be 192.168.1.1.

If they're on the LAN all they need do is check the gateway being assigned to the NIC ;-)

No guessing needed.

 

[agilani]

But there is no point in removing the entry, since this will only resolve on your local network. This won’t work remotely.

What attack scenario is this supposed to prevent? Someone already having a foothold in your LAN? First thing they might try is router.asus.com, second would be 192.168.1.1.

its harder to try cross site scripting with an ip address?

 

[kfp]

its harder to try cross site scripting with an ip address?

I guess saying removing the entry “has no point” is a bit strong. It does make XSS a bit harder.

Very slight inconvenience IMO, I’d bet more than 90% of router.asus.com resolves to 192.168.1.1

 

[SMS786]

You would have to edit the hosts file (via the postconf scripts) and remove the entry accordingly.

admin@RT-AC86U-2EE8:/tmp/etc# cat hosts
127.0.0.1 localhost.localdomain localhost
192.168.1.1 router.asus.com
192.168.1.1 www.asusnetwork.net
192.168.1.1 www.asusrouter.com
192.168.1.1 RT-AC86U-2EE8. RT-AC86U-2EE8

Thanks!

I guess saying removing the entry “has no point” is a bit strong. It does make XSS a bit harder.

Very slight inconvenience IMO, I’d bet more than 90% of router.asus.com resolves to 192.168.1.1

For what's it worth, when I enter "router.asus.com" it resolves to my custom IP admin page address. ¯\_(ツ)_/¯

 

[kfp]

For what's it worth, when I enter "router.asus.com" it resolves to my custom IP admin page address. ¯\_(ツ)_/¯

On the same subnet?