When I use Firefox to access my Linksys WRT54GL router with DD-WRT v23SP2 firmware, I receive the following dialog box:

A user name and password are being requested by https://192.168.1.1. The site says: "xxxxxx"

Where xxxxxx is the router name and there are text boxes for the user name and password.

Konqueror displays a similar dialog box with Site: xxxxxx at 192.168.1.1.

I expect the dialog boxes but the box message bothers me. A little security through obscurity would be nice here. Why display the router name. Is there a way to prevent this?

I have remote web GUI management and ssh access disabled. Therefore anybody outside my LAN should never see this dialog box. People inside the LAN are considered trusted, but even if not, they cannot obtain access to the router web pages without a user name and password. I also can restrict access to the router web pages from only certain IP addresses within my subnet. Yet anybody inside the LAN who accesses that IP address sees the router name in the dialog box.

There are two names associated with the router. The DD-WRT firmware refers to these as router name and host name. The former is represented in nvram by router_name while the latter is represented by wan_hostname.

The latter is potentially confusing because traditionally, the host name is the name of a computer and contained in the /etc/HOSTNAME configuration file. Not so with the router as this is a name used when requested or required by the ISP. In a typical GNU/Linux box, this same "host name" can be passed to the dhcp client daemon with the -h option. Regardless, if not required or requested, then I would think spoofing with any bogus and misleading name is a good idea.

Still, these browser dialog boxes seem to provide at least some information that unprivileged users should not see. Or should they?

Comments?

Why would obscurity be nice? Never nice in my opinion. if anyone were to hit that address from the net and be challenged then the chances these days are very heavily in favour of it being a firewall / router. You want obscurity, change the hostname from "thisismyrouterandmyaddressis742evergreenterracespringfield". A hostname is only as useful as you make it. Personally my devices at home are named after Muppet characters... hardly useful information. http://en.wikipedia.org/wiki/Securit...uments_against

I think you're worried over absolutely nothing.

I agree. This can easily be changed via the "Router Name" dialog box as the OP has mentioned. If you change it to something generic like "My Router," then I don't see how you can get any viable information from it. You would get more information from an nmap scan then you would from the opening dialog box. I would be more worried about pressing the "Cancel" button and getting the default 401 page.
As long as you change the default username this message is not very significant. Also, if you are worried about someone determined to break into your router via wifi then you could disable the "Wireless GUI Access" for wireless clients. But a strong WPA/WPA2 password would limit any unnecessary outside intrusion.